__ __ __ __ _____ _ _ _____ _ _ _ | \/ | \ \ / / | __ \ (_) | | / ____| | | | | | \ / |_ __\ V / | |__) | __ ___ ____ _| |_ ___ | (___ | |__ ___| | | | |\/| | '__|> < | ___/ '__| \ \ / / _` | __/ _ \ \___ \| '_ \ / _ \ | | | | | | |_ / . \ | | | | | |\ V / (_| | || __/ ____) | | | | __/ | | |_| |_|_(_)_/ \_\ |_| |_| |_| \_/ \__,_|\__\___| |_____/|_| |_|\___V 2.1 if you need WebShell for Seo everyday contact me on Telegram Telegram Address : @jackleetFor_More_Tools:
# failJSON: { "time": "2013-12-23T13:12:31", "match": true , "host": "173.255.225.101" }
[Mon Dec 23 13:12:31 2013] [error] [client 173.255.225.101] ModSecurity: [file "/etc/httpd/modsecurity.d/activated_rules/modsecurity_crs_21_protocol_anomalies.conf"] [line "47"] [id "960015"] [rev "1"] [msg "Request Missing an Accept Header"] [severity "NOTICE"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_ACCEPT"] [tag "WASCTC/WASC-21"][tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_HEADERS. [hostname "www.mysite.net"] [uri "/"] [unique_id "Urf@f12qgHIAACrFOlgAAABA"]
# failJSON: { "time": "2013-12-28T09:18:05", "match": true , "host": "32.65.254.69", "desc": "additional entry (and exact one space)" }
[Sat Dec 28 09:18:05 2013] [error] [client 32.65.254.69] ModSecurity: [file "/etc/httpd/modsecurity.d/10_asl_rules.conf"] [line "635"] [id "340069"] [rev "4"] [msg "Atomicorp.com UNSUPPORTED DELAYED Rules: Web vulnerability scanner"] [severity "CRITICAL"] Access denied with code 403 (phase 2). Pattern match "(?:nessus(?:_is_probing_you_|test)|^/w00tw00t\\\\.at\\\\.)" at REQUEST_URI. [hostname "192.81.249.191"] [uri "/w00tw00t.at.blackhats.romanian.anti-sec:)"] [unique_id "4Q6RdsBR@b4AAA65LRUAAAAA"]
# failJSON: { "time": "2018-09-28T09:18:06", "match": true , "host": "192.0.2.1", "desc": "two client entries in message (gh-2247)" }
[Sat Sep 28 09:18:06 2018] [error] [client 192.0.2.1:55555] [client 192.0.2.1] ModSecurity: [file "/etc/httpd/modsecurity.d/10_asl_rules.conf"] [line "635"] [id "340069"] [rev "4"] [msg "Atomicorp.com UNSUPPORTED DELAYED Rules: Web vulnerability scanner"] [severity "CRITICAL"] Access denied with code 403 (phase 2). Pattern match "(?:nessus(?:_is_probing_you_|test)|^/w00tw00t\\\\.at\\\\.)" at REQUEST_URI. [hostname "192.81.249.191"] [uri "/w00tw00t.at.blackhats.romanian.anti-sec:)"] [unique_id "4Q6RdsBR@b4AAA65LRUAAAAA"]
# failJSON: { "time": "2020-05-09T00:35:52", "match": true , "host": "192.0.2.2", "desc": "new format - apache 2.4 and php-fpm (gh-2717)" }
[Sat May 09 00:35:52.389262 2020] [:error] [pid 22406:tid 139985298601728] [client 192.0.2.2:47762] [client 192.0.2.2] ModSecurity: Access denied with code 401 (phase 2). Operator EQ matched 1 at IP:blocked. [file "/etc/httpd/modsecurity.d/activated_rules/modsecurity_wp_login.conf"] [line "14"] [id "500000"] [msg "Ip address blocked for 15 minutes, more than 5 login attempts in 3 minutes."] [hostname "example.com"] [uri "/wp-login.php"] [unique_id "XrYlGL5IY3I@EoLOgAAAA8"], referer: https://example.com/wp-login.php
| Name | Type | Size | Permission | Actions |
|---|---|---|---|---|
| bsd | Folder | 0755 |
|
|
| 3proxy | File | 575 B | 0644 |
|
| apache-auth | File | 12.5 KB | 0644 |
|
| apache-badbots | File | 688 B | 0644 |
|
| apache-botsearch | File | 3.66 KB | 0644 |
|
| apache-fakegooglebot | File | 480 B | 0644 |
|
| apache-modsecurity | File | 2.59 KB | 0644 |
|
| apache-nohome | File | 406 B | 0644 |
|
| apache-noscript | File | 2.64 KB | 0644 |
|
| apache-overflows | File | 2.7 KB | 0644 |
|
| apache-pass | File | 273 B | 0644 |
|
| apache-shellshock | File | 499 B | 0644 |
|
| assp | File | 5.09 KB | 0644 |
|
| asterisk | File | 13.64 KB | 0644 |
|
| bitwarden | File | 741 B | 0644 |
|
| centreon | File | 252 B | 0644 |
|
| counter-strike | File | 399 B | 0644 |
|
| courier-auth | File | 1.04 KB | 0644 |
|
| courier-smtp | File | 1.69 KB | 0644 |
|
| cyrus-imap | File | 2.4 KB | 0644 |
|
| directadmin | File | 835 B | 0644 |
|
| domino-smtp | File | 1.26 KB | 0644 |
|
| dovecot | File | 16.25 KB | 0644 |
|
| dropbear | File | 1.3 KB | 0644 |
|
| drupal-auth | File | 2.31 KB | 0644 |
|
| ejabberd-auth | File | 1.46 KB | 0644 |
|
| exim | File | 10.2 KB | 0644 |
|
| exim-spam | File | 3.38 KB | 0644 |
|
| freeswitch | File | 2.33 KB | 0644 |
|
| froxlor-auth | File | 354 B | 0644 |
|
| gitlab | File | 392 B | 0644 |
|
| grafana | File | 564 B | 0644 |
|
| groupoffice | File | 309 B | 0644 |
|
| gssftpd | File | 176 B | 0644 |
|
| guacamole | File | 1016 B | 0644 |
|
| haproxy-http-auth | File | 943 B | 0644 |
|
| horde | File | 567 B | 0644 |
|
| kerio | File | 3.23 KB | 0644 |
|
| lighttpd-auth | File | 1.36 KB | 0644 |
|
| mongodb-auth | File | 2 KB | 0644 |
|
| monit | File | 2.35 KB | 0644 |
|
| monitorix | File | 863 B | 0644 |
|
| mssql-auth | File | 1.26 KB | 0644 |
|
| murmur | File | 702 B | 0644 |
|
| mysqld-auth | File | 3.61 KB | 0644 |
|
| nagios | File | 226 B | 0644 |
|
| named-refused | File | 3.22 KB | 0644 |
|
| nginx-bad-request | File | 1.37 KB | 0644 |
|
| nginx-botsearch | File | 2.64 KB | 0644 |
|
| nginx-http-auth | File | 3.6 KB | 0644 |
|
| nginx-limit-req | File | 1.14 KB | 0644 |
|
| nsd | File | 648 B | 0644 |
|
| openhab | File | 692 B | 0644 |
|
| openwebmail | File | 615 B | 0644 |
|
| oracleims | File | 1.8 KB | 0644 |
|
| pam-generic | File | 2.37 KB | 0644 |
|
| perdition | File | 589 B | 0644 |
|
| php-url-fopen | File | 314 B | 0644 |
|
| phpmyadmin-syslog | File | 177 B | 0644 |
|
| portsentry | File | 341 B | 0644 |
|
| postfix | File | 15.87 KB | 0644 |
|
| proftpd | File | 2.88 KB | 0644 |
|
| pure-ftpd | File | 195 B | 0644 |
|
| qmail | File | 830 B | 0644 |
|
| recidive | File | 1.38 KB | 0644 |
|
| roundcube-auth | File | 5.42 KB | 0644 |
|
| scanlogd | File | 854 B | 0644 |
|
| screensharingd | File | 1.09 KB | 0644 |
|
| selinux-ssh | File | 3.36 KB | 0644 |
|
| sendmail-auth | File | 3.84 KB | 0644 |
|
| sendmail-reject | File | 10.83 KB | 0644 |
|
| sieve | File | 535 B | 0644 |
|
| slapd | File | 1.12 KB | 0644 |
|
| softethervpn | File | 648 B | 0644 |
|
| sogo-auth | File | 3.47 KB | 0644 |
|
| solid-pop3d | File | 1.59 KB | 0644 |
|
| squid | File | 895 B | 0644 |
|
| squirrelmail | File | 197 B | 0644 |
|
| sshd | File | 33.6 KB | 0644 |
|
| sshd-journal | File | 23.82 KB | 0644 |
|
| stunnel | File | 267 B | 0644 |
|
| suhosin | File | 1.26 KB | 0644 |
|
| tine20 | File | 520 B | 0644 |
|
| traefik-auth | File | 1.81 KB | 0644 |
|
| uwimap-auth | File | 1.51 KB | 0644 |
|
| vsftpd | File | 1.1 KB | 0644 |
|
| webmin-auth | File | 640 B | 0644 |
|
| wuftpd | File | 631 B | 0644 |
|
| xinetd-fail | File | 331 B | 0644 |
|
| znc-adminlog | File | 708 B | 0644 |
|
| zoneminder | File | 715 B | 0644 |
|
| zzz-generic-example | File | 4.15 KB | 0644 |
|
| zzz-sshd-obsolete-multiline | File | 36 B | 0644 |
|