| 206.253.224.75 |
attackbots |
srvr2: (mod_security) mod_security (id:920350) triggered by 206.253.224.75 (DE/-/-): 1 in the last 600 secs; Ports: *; Direction: inout; Trigger: LF_MODSEC; Logs: 2020/08/28 11:08:29 [error] 377966#0: *172733 [client 206.253.224.75] ModSecurity: Access denied with code 406 (phase 2). Matched "Operator `Rx' with parameter `^[\d.:]+$' against variable `REQUEST_HEADERS:Host' [redacted] [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "718"] [id "920350"] [rev ""] [msg "Host header is a numeric IP address"] [redacted] [severity "4"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [redacted] [uri "/robots.txt"] [unique_id "159860570966.376346"] [ref "o0,14v160,14"], client: 206.253.224.75, [redacted] request: "GET /robots.txt HTTP/1.1" [redacted] |
2020-08-28 17:40:04 |
| 144.217.79.194 |
attack |
[2020-08-28 05:34:55] NOTICE[1185] chan_sip.c: Registration from '' failed for '144.217.79.194:54568' - Wrong password
[2020-08-28 05:34:55] SECURITY[1203] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2020-08-28T05:34:55.395-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="801",SessionID="0x7f10c4031b98",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/144.217.79.194/54568",Challenge="52e309d8",ReceivedChallenge="52e309d8",ReceivedHash="333e035b732e62268677873b0a8cf789"
[2020-08-28 05:34:55] NOTICE[1185] chan_sip.c: Registration from '' failed for '144.217.79.194:54569' - Wrong password
[2020-08-28 05:34:55] SECURITY[1203] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2020-08-28T05:34:55.396-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="801",SessionID="0x7f10c44fdb78",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/144.217.79.194
... |
2020-08-28 17:53:42 |